Ipv6 Tunneling Over Ipv4 Infrastructure
Thursday, November 19th, 2009
Mojtaba Sadeghi asked:
Section 1: Introduction
Although the Internet Protocol IPv4 was giving efficient service over than 20 years ,
but the new Internet Protocol IPv6 provides higher efficiency like having enough
level of IPs, stronger security and mobility. In fact it is good to evaluate the performance benefits that we can get from IPv6 protocol in compare to the IPv4 protocol. We can upgrade the existing IPv4 infrastructure to the next generation Internet Protocol(IPv6) and get its advantages using the transition mechanisms.
When IPv4 was designed most of networks had just few nodes, low bandwidth, high latency, and high error rates. Most common applications at that time were FTP,e-mail, and so on.In the early 1990’s, the computer industry expanded with coming the personal computers (PCs) to the market. The internet also developed and electronic businesses or e-commerce started. The market demand was the biggest factor in the Internet’s revolution. As the fast grow of the Internet was detected in the early 1990’s, it was
showing that the IPv4 address space would be finish by the end of the century. In this
regard, some mechanisms such as Network Address Translator (NAT) have extended the life of IPv4, but it was not a logical solution.Today, the market looks completely different than it was in the 1980’s. Although FTP, and e- mail are still very popular today but new applications such as video conferencing, Voice-over-IP, E-Commerce, Mobiles, and etc , have led the Internet
Engineering Task Force (IETF) to seek a new Internet Protocol, that we call it IPv6.
IPv4 and IPv6 are incompatible protocols. For this reason, transition to the new protocol cannot be expected to be painless, and will involve significant costs for service providers and customers alike. If we compare the costs of transition with the non-transition mode or using IPv4 with supporting new services, then it can help us identify the best time to start the transition process .Whenever transition begins there will be no single “flag day” on which the all-IPv4 network turns into an IPv6 network. At the Internet level, transition will be a lengthy
process, with the two protocols existing side by side for many years to come. To facilitate transition, the IETF (Internet Engineering Task Force) has set up a work group called ngtrans (Next Generation TRANSition) which specifies mechanisms for supporting interoperability between IPv4 and IPv6. In particular, the group has focused on two major problems:
•How to make IPv6 terminals communicate with IPv4 terminals.
•How to transport IPv6 over an IPv4 network so that IPv6 “islands” interconnected via the IPv4-based Internet can communicate.
This second problem, which is extremely important in the initial stage of IPv6
deployment, will be joined in the future by the reciprocal problem: how to transport
IPv4 over IPv6. However; discussion of this issue have been postponed until the presence of IPv6 reaches to a significant point on the Internet.
Work on these problems has led to the development of a set of transition mechanisms, each targeted to a particular range of uses and applications.
Section 2: IP Overview
Internet protocol is the set of techniques used by many hosts for transmitting data over
the Internet. The current version of the Internet protocol is IPv4, which provides a 32-bit address system.
Internet protocol is a “best effort” system, meaning that no packet of information sent
over it is assured to reach its destination in the same condition it was sent. Often other
protocols are used in tandem with the Internet protocol for data that for one reason or
another must have extremely high fidelity.
Every device connected to a network, be it a local area network (LAN) or the Internet,
is given an Internet protocol number. This address is used to identify the device uniquely among all other devices connected to the extended network.
2.1 : Features of IP
IP is a connectionless protocol. This means that it has no concept of a job or a session.
Each packet is treated as an entity in itself. IP is rather like a postal worker sorting
letters. He is not concerned with whether a packet is one of a batch. He simply routes
packets, one at a time, to the next location on the delivery route.
IP is also unconcerned with whether a packet reaches its eventual destination, or
whether packets arrive in the original order. There is no information in a packet to
identify it as part of a sequence or as belonging to a particular job. Consequently, IP
cannot tell if packets were lost or whether they were received out of order. IP is an
unreliable protocol. Any mechanisms for ensuring that data sent arrives correct and intact are provided by the higher- level protocols in the suite.
2.2 : IP Routing
So how does an IP packet addressed to a computer on the other side of the world find
its way to its destination? The basic mechanism is very simple.
On a LAN, every host sees every packet that is sent by every other host on that LAN.
Normally, it will only do something with that packet if it is addressed to itself, or if
the destination is a broadcast address.
A router is different. A router examines every packet, and compares the destination
address with a table of addresses that it holds in memory. If it finds an exact match, it
forwards the packet to an address associated with that entry in the table. This
associated address may be the address of another network in a point- to- point link, or
it may be the address of the next-hop router.
If the router doesn’t find a match, it runs through the table again, this time looking for
a match on just the network ID part of the address. Again, if a match is found, the
packet is sent on to the address associated with that entry.
If a match still isn’t found, the router looks to see if a default next- hop address is
present. If so, the packet is sent there. If no default address is present, the router sends
an ICMP “host unreachable” or “network unreachable” message back to the sender. If
you see this message, it usually indicates a router failure at some point in the
network.
The difficult part of a router’s job is not how it routes packets, but how it builds up its
table. In the simplest case, the router table is static: it is read in from a file at start- up.
This is adequate for simple networks. You don’t even need a dedicated piece of kit for
this, because routing functionality is built into IP.
Dynamic routing is more complicated. A router builds up its table by broadcasting
ICMP router solicitation messages, to which other routers respond. Routing protocols
are used to discover the shortest path to a location. Routes are updated periodically in
response to traffic conditions and availability of a route. However, the details of how
this all works is beyond the scope of this report.
2.3 : Future of the Internet
As we can see the Internet will have a serious problem in a few years. Due to its
amazing growth and the limitations in its design and facilities , there will be a
problem when no more free addresses are available for connecting to new hosts or
assigning to a new device. At that point, no more new web servers can be set up, no
more users can sign up for accounts at ISPs, and no more new machines can be set up to access the web or join in online games.
Several solutions have been made to solve the problem. A very popular approach is to
not assign a worldwide unique address to every user’s machine, but rather to assign
them “private” addresses, and hide several machines behind one official, globally
unique address. This technique is called “Network Address Translation” or NAT. It
has problems, as the machines hidden behind the global address can’t be addressed,
and as a result of this, opening connections to them which are used in online gaming,
peer-to-peer networking, and etc, is not possible.
A different approach to the problem of Internet addresses getting scarce is to discard
the old Internet protocol with its limited addressing capabilities, and use a new
protocol that does not have these limitations. The protocol or actually, a set of
protocols used by machines connected to form today’s Internet is known as the
TCP/IP (Transmission Control Protocol, Internet Protocol), and version 4 currently in
use has all the problems described above.
Switching to a different protocol version that does not have these problems of course
requires for a new version to be available. And actually, there is a better version.
Version 6 of the Internet Protocol (IPv6) provides future inquiries on address space,
and also addresses other features such as privacy, encryption, and better support of
mobile computing as well.
Assuming a basic understanding of how today’s IPv4 works, this report is intended
as an introduction to the IPv6 protocol. The changes in address formats and name
resolution are covered. After that, it is shown how to use IPv6 by using a simple-yet-
efficient transition mechanism called 6to4.
Section 3 : IPv6 vs IPV4
When telling people to migrate from IPv4 to IPv6, the question you usually hear is “Why?”.
There are actually a few good reasons to move to the new version:
• Bigger address space
• Support for mobile devices
• Built-in security
3.1 : Bigger address space
The bigger address space IPv6 offers is the most obvious enhancement it has over
IPv4. While today’s Internet architecture is based on 32-bit wide addresses, the new
version has 128-bit technology available for addressing. Base on the enlarged address
space, workarounds like NAT don’t have to be used anymore. This allows full, unconstrained IP connectivity for today’s IP-based machines as well as upcoming mobile devices like PDAs and cell phones all will benefit from full IP access through GPRS and UMTS.
3.2 : Mobility
When mentioning mobile devices and IP, it’s important to note that a special protocol
is needed to support mobility, and implementing this protocol that is called “Mobile
IP” is one of the requirements for every IPv6 stack. Thus, if we have IPv6 going, we
have support for roaming between different networks, with global notification when
we leave one network and enter the other one. Support for roaming is possible with
IPv4 too, but there are a number of hoops that need to be jumped in order to get things
working. With IPv6, there’s no need for this, as support for mobility was one of the
design requirements for IPv6.
3.3 : Security
Besides support for mobility, security was another requirement for the successor to
today’s Internet Protocol version. As a result, IPv6 protocol stacks are required to
include IPsec. IPsec allows authentication, encryption, and compression of IP traffic.
Except for application-level protocols like SSL or SSH, all IP traffic between two
nodes can be handled without adjusting any applications. The benefit of this is that all
applications on a machine can benefit from encryption and authentication, and that
policies can be set on a per-host (or even per-network) basis, not per application/service.
Section 4 : IPV6 Addressing
The IPV6 Addressing properties is presented in this section.
4.1: Multiple addresses
In IPv4, a host usually has one IP number per network interface or even per machine
if the IP stack supports it. Only very rare applications like web servers result in
machines having more than one IP number.
In IPv6, this is different. For each interface, there is not only a globally unique IP
address, but there are two other addresses that are of interest: The link-local address,
and the site-local address. The link-local address has a prefix of fe80::/64, and the
host bits are built from the interface’s EUI64 address. The link-local address is used
for contacting hosts and routers on the same network only, the addresses are not
visible or reachable from different subnets. If desired, there’s the choice of either
using global addresses as assigned by a provider, or using site-local addresses.[16]
Site-local addresses are assigned the network address fec0::/10, and subnets and hosts
can be addressed just as for provider-assigned networks. The only difference is that
the addresses will not be visible to outside machines, as these are on a different
network, and their site-local addresses are in a different physical net. As with the 10/8
network in IPv4, site-local addresses can be used, but don’t have to be. For IPv6, it’s
most common to have hosts assigned a local link and a global IP address. Site-local
addresses are rather uncommon today, and is no substitute for globally unique
adresses if global connectivity is required.
4.2 : Multicasting
In IP land, there are three ways to talk to a host: unicast, broadcast, and multicast. The
most common way to talk to a host is by talking to it directly using its unicast address.
In IPv4, the unicast address is the “normal” IP address assigned to a single host, with
all address bits assigned. The broadcast address used to address all hosts in the same
IP subnet has the network bits set to the network address, and all host bits set to “1″
which can be easily done using the netmask and some bit operations. Multicast addresses are used to reach a number of hosts in the same multicast group, which can be machines spread across the Internet. Machines must join multicast groups
explicitly to participate, and there are special IPv4 numbers used for multicast addresses, allocated from the 224/8 subnet. Multicast isn’t used very much in IPv4, and only few applications use it.In IPv6, unicast addresses are used the same as in IPv4, no surprise there all the
network and host bits are assigned to identify the target network and machine.
Broadcasts are no longer available in IPv6 in the way they were in IPv4, this is where multicasting comes into play. Addresses in the ff::/8 network are reserved for multicast applications, and there are two special multicast addresses that supersede the broadcast addresses from IPv4. One is the “all routers” multicast address, the others is for “all hosts”.
The details about IPv6 are in general the way they were proposed in the RFCs by IETF, however we chose to use Microsoft Windows 2003 as the platform to implement the tests. Due to their early stages of development, the IPv6 protocol stack in Windows 2003 still has many problems, such as fragmentation issues, no support
for IPSec, a native security feature, etc…
Microsoft has two different implementations of an IPv6 stack both for Windows NT 5.0 and Windows 2003. The older stack, known as the “Microsoft Research IPv6 Release 1.4”, works under both NT 4.0 and Win2K; the newer stack, known as the
“Microsoft IPv6 Technology Preview for Windows 2003” works under Windows 2003. Both stacks require an existing IPv4 stack to be previously installed.
Once installed, besides giving the Windows environment the support for IPv6, it
creates a whole new set of routines, such as “ping6”, “tracert6”, which are similar in
function to “ping” and “tracert”, but work with the new IPv6 stack. The good part about the IPv6 implementation that Microsoft created is that they embedded the IPv6 socket creation in the Winsock2 API. That means that they added a few more functions when you create the sockets, however, the fundamentals remained the same,
and thus a programmer that can make an IPv4 application can most likely learn how
to make a simple IPv6 application as well.
Internet Protocol version 6 is designed as an evolutionary upgrade to the Internet
Protocol (IPv4) and will, in fact, coexist with the older IPv4 for some time. IPv6 is designed to allow the Internet to grow steadily, both in terms of the number of hosts connected and the total amount of data traffic transmitted; it will have a 128 bit address looking like FFFF:FFFF:FFFF:FFFF, and it will support up to
340,282,366,920938,463,463,374,607,431,768,211,456unique addresses.in Table1 we can see the advantages of IPV6 versus IPV4 .
The IPv6 header is always present and is a fixed size of 40 bytes. The fields in the
IPv6 header are described briefly below.
The fields in the IPv6 header are:
Version – 4 bits are used to indicate the version of IP and is set to 6.
Traffic Class – Indicates the class or priority of the IPv6 packet. The size of this field
is 8 bits.The Traffic Class field provides similar functionality to the IPv4 Type of
Service field.
Flow Label – Indicates that this packet belongs to a specific sequence of packets
between a source and destination, requiring special handling by intermediate IPv6
routers. The size of this field is 20 bits. The Flow Label is used for non-default quality
of service connections, such as those needed by real- time data (voice and video). For
default router handling, the Flow Label is set to 0. There can be multiple flows between a source and destination, as distinguished by separate non-zero Flow Labels.Payload Length – Indicates the length of the IP payload. The size of this field is 16 bits. The Payload Length field includes the extension headers and the upper layer PDU. With 16 bits, an IPv6 payload of up to 65,535 bytes can be indicated. For payload lengths greater than 65,535 bytes, the Payload Length field is set to 0 and the Jumbo Payload option is used in the Hop-by-Hop Options extension header.
Next Header – Indicates either the first extension header (if present) or the protocol
in the upper layer PDU (such as TCP, UDP, or ICMPv6). The size of this field is 8
bits. When indicating an upper layer protocol above the Internet layer, the same
values used in the IPv4 Protocol field are used here.
Extension Header – Zero or more extension headers can be present and are of
varying lengths. A Next Header field in the IPv6 header indicates the next extension
header.Within each extension header is another Next Header field that indicates the
next extension header. The last extension header indicates the upper layer protocol
(such as TCP, UDP, or ICMPv6) contained within the upper layer protocol data unit.
The IPv6 header and extension headers replace the existing IPv4 IP header with options. The new extension header format allows IPv6 to be augmented to support future needs and capabilities. Unlike options in the IPv4 header, IPv6 extension headers have no maximum size and can expand to accommodate all the extension data
needed for IPv6 communication.
Hop Limit – Indicates the maximum number of links over which the IPv6 packet can
travel before being discarded. The size of this field is 8 bits. The Hop Limit is similar
to the IPv4 TTL field except that there is no historical relation to the amount of time
(in seconds) that the packet is queued at the router. When the Hop Limit equals 0, the
packet is discarded and an ICMP Time Expired message is sent to the source address.
Source Address –Stores the IPv6 address of the originating host. The size is 128 bits.
Destination Address – Stores the IPv6 address of the current destination host. The
size of this field is 128 bits. In most cases the Destination Address is set to the final
destination address.
However, if a Routing extension header is present, the Destination Address might be
set to the next router interface in the source route list.
Section 5 : Transition Mechanisms
As IPv6 is finally beginning to mature, it is evident that methods of upgrading the
Internet need to be found. One idea would be to turn off the entire Internet at 12 pm,
upgrade the network infrastructure include routers, protocol stacks, …and turn the
Internet back on at 6 am and hope everything works fine and correct.
This is unrealistic due to the fact that it would cost more money than it is imaginable,
the time would be way too short, and nothing ever works as good as it is in theory.
More gradual transition methods have evolved, ones which are likely to happen over
the course of 10 years or so. Some of the transition mechanisms are:
Dual Stack
SIIT – Stateless IP/ ICMP Translator
AIIH – Assignment of IPv4 Global Addresses to IPv6 Hosts
NAT – Protocol Translator – has scaling and DNS issues, and has single point of failure disadvantage
Tunnel Broker – dynamically gain access to tunnel servers, but has authentication and scaling issues;
6-to-4 Mechanism – dynamic stateless tunnels over IPv4 infrastructure to connect 6-to-4 domains
IPv6 in IPv4 tunneling – Allows existing infrastructure to be utilized via manually configured tunnels
o Host-Host Tunneling
o Router-Router Tunneling
o Host-Router and vice versa Tunneling
5.1 : Dual Stack:
The basic approach for permitting all communications is the so-called dual stack IP,
where each new host, server, router or other item of equipment dealing with the IP level can support both protocols. In this way, communication between IPv6 terminals
takes place directly, while an IPv4/IPv6 terminal which must communicate with an IPv4-only terminal can do so in IPv4. This approach is not particularly burdensome for hosts and servers, as it is a software upgrade which has no significant impact on the system. Nevertheless, the main drawback of this approach is the need to maintain
a multi-protocol network with a double routing infrastructure, which increases administrators’ work load. In addition, generalized use of the dual stack IP model will not be possible when address space exhaustion reaches the point that new IPv4 addresses can no longer be assigned.
To overcome these problems, several solutions for interoperation between IPv6-only networks and IPv4-only networks have been specified which permit end-to-end communication between heterogeneous terminals:
•Dual stack IP ALG devices which make it possible to perform protocol translation at the borders between non-homogeneous networks through the use of application proxies implemented on dual stack servers.
•NAT-PT (Network Address Translator – Protocol Translator) devices, which make it possible to perform address and protocol translation at the borders between non-homogeneous networks at IP level.
•The Dual Stack Transition Mechanism, or DSTM, which proposes to use the dual stack IP approach on the basis of IPv4 addresses assigned dynamically only when needed, and the use of IPv4 over IPv6 tunneling in order to cross the local IPv6 network before accessing the outer IPv4 network.
Though these transition mechanisms have the same shortcomings as the similar mechanisms proposed for interconnecting separate IPv4 networks, they provide a significant advantage for the future. Thus, while the mechanisms for IPv4 are final,and can no longer be done without, those for the transition towards IPv6 are instrumental in ensuring coexistence between IPv4 and IPv6, which should come to an end once the Internet operates entirely under IPv6.
IPv6 was delivered with migration techniques to cover every conceivable IPv4 upgrade case, but many were ultimately rejected by the technology community, and today we are left with a small set of practical approaches.
Dual stack is involve with running IPv4 and IPv6 at the same time. End nodes and routers/switches run both protocols, and if IPv6 communication is possible that is the preferred protocol.
A common dual-stack migration strategy is to make the transition from the core to the
edge. This involves enabling two TCP/IP protocol stacks on the WAN core routers,then perimeter routers and firewalls, then the server-farm routers and finally the desktop access routers. After the network supports IPv6 and IPv4 protocols, the process will enable dual protocol stacks on the servers and then the edge computer
systems.
Another approach is to use tunnels to carry one protocol inside another. These tunnels
take IPv6 packets and encapsulate them in IPv4 packets to be sent across portions of the network that haven’t yet been upgraded to IPv6.
Other techniques, such as network address translation–protocol translation (NAT-PT)
simply translate IPv6 packets into IPv4 packets. These translation techniques are more
complicated than IPv4 NAT because the protocols have different header formats.Translation techniques were intended to be used as a last resort. Using dual-stack and tunneling techniques is preferable to using NAT-PT.
It will be easier to try to run everything in a dual-stack mode first and then remove the
IPv4 protocol over time. Currently there aren’t many systems being developed for IPv6-only communications, but there are many systems that work in dual-stack mode. Microsoft’s new operating systems, for example, have a dual-layer architecture that makes for seamless operation of either protocol. Therefore, migration plans should maximize the use of dual stack and minimize the amount of tunneling. It should also
be mentioned that running dual stack is not the final state. We can’t forget that full
migration to IPv6 is the final destination.
Dual stack IPV4/IPV6
In the 1990s the network industry used the phrase “Switch where you can, route where you must.” However, over time the performance gap between routing and switching closed. For IPv6 transitions the new moniker will be “Dual stack where you can, tunnel where you must.”
5.2 : IPv6 in IPv4 tunneling:
IPv6 in IPv4 tunneling is one of the easiest transition mechanism by which two IPv6
hosts / networks can be connected with each other while running on existing IPv4 networks through establishing some special routes called tunnels. In this technique, IPv6 packets are encapsulated in IPv4 packets and then are sent over IPv4 networks like ordinary IPv4 packets through tunnels. At the end of tunnel these packets are
decapsulated to the original IPv6 packets.
The following are some important characteristics of tunneling mechanism:
When encapsulating a datagram, the TTL in the inner IP header is decremented by
only one if the tunnel is being done as part of forwarding the datagram; otherwise the
inner header TTL is not changed during encapsulation. If the resulting TTL in the
inner IP header is zero, the datagram is discarded and an ICMP Time Exceeded message is returned to the sender.
Therefore, an encapsulator will not encapsulate a datagram with TTL=0.
Encapsulation of IPv6 in IPv4:
o Utilizes IPv4 routing and properties.
o Loses special IPv6 features.
o Requires a hole in firewall to allow through protocol 41 (IP in IP).
There are two types of tunnels: manual and dynamic. Manually configured IPv6 tunneling requires configuration at both ends of the tunnel, whereas dynamic tunnels are created automatically based on the packet destination address and routing. Dynamic tunneling techniques simplify maintenance compared with statically
configured tunnels, but static tunnels make traffic information available for each
endpoint, providing extra security against injected traffic.
There are, in fact, concerns over the security of tunneling techniques. For example, with dynamic tunnels it isn’t easy to track who is communicating over the transient tunnels, and you don’t know the tunnel destination endpoint. It is a scary proposition when your routers communicate with other nonauthenticated routers. It is also
possible to send forged traffic toward a tunnel endpoint and get traffic spuriously inserted into the tunnel. Tunneling creates situations in which traffic will be encapsulated, and many firewalls won’t inspect the traffic if it is in a tunnel. Allowing IP Protocol 41 (IPv6 encapsulated in IPv4) through an IPv4 firewall is not a best
practice. This is like creating an “IPv6 permit any any all” rule through the firewall.
Tunnels will constantly have to be changed and monitored as your transition progresses. Tunnels will also have to be removed when the IPv6 ocean gets larger and we migrate to full IPv6. Tunnels are, therefore, just a transitional technique, and troubleshooting in an environment full of tunnels will be challenging.
Dynamic tunnel techniques don’t create tunnel interfaces that can be monitored with SNMP. Dynamic tunnel techniques such as 6 to 4 use 2002::/16 addresses, which means you will need to re-address the network twice as part of the transition to IPv6.
Many of the dynamic tunneling techniques are also unable to forward multicast traffic and can’t traverse an IPv4 NAT in the middle of the network.
If a tunnel falls entirely within a routing domain, it will be considered as plain serial
link by interior routing protocol such as RIP or OSPF. But if it lies between two routing domains it needs exterior protocols like BGP etc..
In case of congestion in the tunnel, an ICMP Source Quench message will be issued in order to inform the previous node of the congestion.
In different types of tunneling, only de/encapsulation points are varied depending on
the start and end of tunnels, however the basic idea remains the same.
IPv6 tunneling enables the iSeries server to connect to IPv6 nodes (hosts and routers) across IPv4 domains. Tunneling permits isolated IPv6 nodes or networks to communicate without changing the underlying IPv4 infrastructure. Tunneling allows IPv4 and IPv6 protocols to cooperate, and thereby provides a transitional method of
implementing IPv6 while retaining IPv4 connectivity.
A tunnel consists of two dual-stack (IPv4 and IPv6) nodes on an IPv4 network. These dual-stack nodes are capable of processing both IPv4 and IPv6 communications. One of the dual-stack nodes on the edge of the IPv6 infrastructure inserts an IPv4 header in front of (encapsulates) each IPv6 packet that arrives and sends it as though it were normal IPv4 traffic, through existing links. IPv4 routers continue to forward this traffic. On the other side of the tunnel, another dual-stack node removes the extra IP header from the IPv6 packet (decapsulates) and routes it to the ultimate destination using standard IPv6.
IPv6 tunneling runs over configured tunnel lines, which are virtual lines. Configured tunnel lines provide IPv6 communications to any node with a routable IPv4 address that supports IPv6 tunnels. These nodes may exist anywhere, that is, within the local IPv4 domain or within a remote domain.
Configured tunnel connections are point-to-point.To configure this type of tunnel
line, you must specify the local tunnel endpoint (IPv4 address), such as 124.10.10.150, and the local IPv6 address, such as 1080:0:0:0:8:800:200c:417a. We must also create an IPv6 route to enable traffic to travel through the tunnel. As we create the route, we will define one of the tunnel’s remote endpoints (IPv4
address) as the route’s next hop. We may configure an unlimited number of endpoints
for an unlimited number of tunnels.
5.2.1 : Host-to-Host Tunneling
In host to host tunneling method, encapsulation is done at source host and ecapsulation is done at destination host. So the tunnel is created in between two hosts supporting both IPv4 and IPv6 stacks. So in this way encapsulated datagrams are sent through the tunnel over the IPv4 network.
Both hosts having dual stack encapsulate the packets of IPv6 in IPv4 packets and transmit over the network as an IPv4 packet utilizing all the characteristics and routing mechanisms of IPv4. With this transition mechanism, it is possible to support IPv6 simply by upgrading the end hosts protocol stacks to IPv6 while leaving the IPv4
infrastructure unchanged.
5.2.2 : Router-to-Router Tunneling
In router to router tunneling mechanism, encapsulation is done at edge router of
originating host and decapsulation is done in the same way at edge router of destined host. The tunnel is created in between two edge routers supporting both IPv4 and IPv6 stacks. Therefore, the end hosts can support native IPv6 protocol stack while the edge routers create the tunnels and handle the encapsulation and decapsulation in order to transmit the packets over the existing IPv4 infrastructure.
The IPv6 datagrams are forwarded from host to edge routers while encapsulation takes place at the router level; similarly at the other end, the reverse process takes place. In this method, both edge routers need to support dual stacks and established a tunnel prior to transmission.
5.2.3 : Host-to-Router Tunneling
In host to router tunneling mechanism, encapsulation is done at originating host and
decapsulation is done in the same way at edge router of destined host and vice versa.
The tunnel is created in between one host and one edge router both of them supporting both IPv4 and IPv6 stacks. So in this way encapsulated datagrams are sent through the tunnel over the existing IPv4 network. The same process can happen the other way around, from one edge router to an end host.
The tunnel is therefore established between the host and the router. In this method one
dual stack supporting router and one dual stack supporting host is required.
5.3 : Overlay Tunnels for IPv6
Overlay tunneling encapsulates IPv6 packets in IPv4 packets for delivery across an
IPv4 infrastructure (a core network or the Internet).By using overlay tunnels, we can
communicate with isolated IPv6 networks without upgrading the IPv4 infrastructure
between them. Overlay tunnels can be configured between border routers or between
a border router and a host; however, both tunnel endpoints must support both the IPv4
and IPv6 protocol stacks as we can see in figure
4 . Cisco IOS IPv6 supports the
following types of overlay tunneling mechanisms:
• Manual
• Generic routing encapsulation (GRE)
• IPv4-compatible
• 6to4
• Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
Note Overlay tunnels reduce the maximum transmission unit (MTU) of an interface
by 20 octets (assuming the basic IPv4 packet header does not contain optional fields).
A network using overlay tunnels is difficult to troubleshooting. Therefore, overlay tunnels connecting isolated IPv6 networks should not be considered as a final IPv6 network architecture. The use of overlay tunnels should be considered as a transition technique toward a network that supports both the IPv4 and IPv6 protocol stacks or just the IPv6 protocol stack .
5.5 : GRE/IPv4 Tunnel Support for IPv6 Traffic
IPv6 traffic can be carried over IPv4 GRE tunnels using the standard GRE tunneling technique that is designed to provide the services necessary to implement any standard point-to-point encapsulation scheme. As in IPv6 manually configured tunnels, GRE tunnels are links between two points, with a separate tunnel for each
link. The tunnels are not tied to a specific passenger or transport protocol, but in this
case carry IPv6 as the passenger protocol with the GRE as the carrier protocol and
IPv4 or IPv6 as the transport protocol.
The primary use of GRE tunnels is for stable connections that require regular secure
communication between two edge routers or between an edge router and an end system. The edge routers and the end systems must be dual-stack implementations.
GRE has a protocol field that identifies the passenger protocol. GRE tunnels allow
Intermediate System-to-Intermediate System (IS-IS) or IPv6 to be specified as a passenger protocol, which allows both IS-IS and IPv6 traffic to run over the same tunnel. If GRE did not have a protocol field, it would be impossible to distinguish whether the tunnel was carrying IS-IS or IPv6 packets. The GRE protocol field is why
it is desirable that you tunnel IS-IS and IPv6 inside GRE.
5.6 : GRE/CLNS Tunnel Support for IPv4 and IPv6 Packets GRE tunneling of IPv4 and IPv6 packets through CLNS networks enables Cisco CLNS Tunnels (CTunnels) to interoperate with networking equipment from other vendors. The optional GRE services defined in header fields, such as checksums, keys, and sequencing, are not supported. Any packet received requesting such
services will be dropped.
5.7 : Automatic 6to4 Tunnels
An automatic 6to4 tunnel allows isolated IPv6 domains to be connected over an IPv4 network to remote IPv6 networks. The key difference between automatic 6to4 tunnels and manually configured tunnels is that the tunnel is not point-to-point; it is point-to-multipoint. In automatic 6to4 tunnels, routers are not configured in pairs because they treat the IPv4 infrastructure as a virtual nonbroadcast multiaccess (NBMA) link. The
IPv4 address embedded in the IPv6 address is used to find the other end of the automatic tunnel.
An automatic 6to4 tunnel may be configured on a border router in an isolated IPv6 network, which creates a tunnel on a per-packet basis to a border router in another IPv6 network over an IPv4 infrastructure. The tunnel destination is determined by the IPv4 address of the border router extracted from the IPv6 address that starts with the prefix 2002::/16, where the format is 2002:border-router-IPv4-address::/48. Following the embedded IPv4 address are 16 bits that can be used to number networks within the
site. The border router at each end of a 6to4 tunnel must support both the IPv4 and IPv6 protocol stacks. 6to4 tunnels are configured between border routers or between a border router and a host.
The simplest deployment scenario for 6to4 tunnels is to interconnect multiple IPv6 sites, each of which has at least one connection to a shared IPv4 network. This IPv4 network could be the global Internet or a corporate backbone. The key requirement is that each site have a globally unique IPv4 address; the Cisco IOS software uses this address to construct a globally unique 6to4/48 IPv6 prefix. As with other tunnel
mechanisms, appropriate entries in a Domain Name System (DNS) that map between hostnames and IP addresses for both IPv4 and IPv6 allow the applications to choose the required address.
5.8 : Automatic IPv4-Compatible IPv6 Tunnels
Automatic IPv4-compatible tunnels use IPv4-compatible IPv6 addresses. IPv4-compatible IPv6 addresses are IPv6 unicast addresses that have zeros in the high-order 96 bits of the address, and an IPv4 address in the low-order 32 bits. They can be written as 0:0:0:0:0:0:A.B.C.D or ::A.B.C.D, where “A.B.C.D” represents the
embedded IPv4 address.
The tunnel destination is automatically determined by the IPv4 address in the low-
order 32 bits of IPv4-compatible IPv6 addresses. The host or router at each end of an IPv4-compatible tunnel must support both the IPv4 and IPv6 protocol stacks. IPv4-compatible tunnels can be configured between border-routers or between a border-router and a host. Using IPv4-compatible tunnels is an easy method to create tunnels
for IPv6 over IPv4, but the technique does not scale for large networks.
IPv4-compatible tunnels were initially supported for IPv6, but are being deprecated. Cisco recommends that you use the IPv6 ISATAP tunneling technique.
Section 6 : IPV6 Network potential problems
6.1 : Poor IPv6 Network Performance:
Most applications on dual stack nodes will try IPv6 destinations first by default due
to the Default Address Selection mechanism. If the IPv6 connectivity to those
destinations is poor while the IPv4 connectivity is better , the IPv6 traffic experiences higher latency, lower throughput, or more lost packets than IPv4 traffic, applications will still communicate over IPv6 at the expense of network
performance. There is no information available to applications in this case to advise them to try another destination address. An example of such a situation is a node which obtains IPv4 connectivity natively through an ISP, but whose IPv6 connectivity is obtained through a configured tunnel whose other endpoint is
topologically such that most IPv6 communication is done through triangular IPv4 paths. Operational experience on the 6bone shows that IPv6 RTT’s are poor in such situations. An example of such a network is an enterprise network that has both IPv4 and IPv6 routing within the enterprise and has a firewall configured to allow some IPv4 communication,but no IPv6 ommunication.
6.2 : Security Problems in IPV6 over IPV4:
Enabling IPv6 on a host implies that the services on the host may be open to IPv6 communication. If the service itself is insecure and depends on a security policy enforced somewhere else on the network (such as in a firewall), then there is
potential for new attacks against the service.
A firewall may not be enforcing the same policy for IPv4 as for IPv6 traffic, which could be due to misconfiguration of the firewall. One possibility is that the firewall could have more relaxed policy for IPv6, perhaps by letting all IPv6 packets pass through, or by letting all IPv4 protocol packets pass through. In this scenario, the dual stack hosts within the protected network could be subject to different attacks than for IPv4.Even if a firewall has a stricter policy or identical policy for IPv6 traffic than for
IPv4 (the extreme case being that it drops all IPv6 traffic), IPv6 packets could go through the network untouched if tunneled over a transport layer. This could open the host to direct IPv6 attacks. It should be noted that IPv4 packets can also be tunneled, so this is not a new security concern for IPv6. Firewalls must be
deliberately and properly configured.
A similar problem could exist for virtual private network (VPN) software. A VPN could protect all IPv4 packets but transmit all others onto the local subnet unprotected. At least one widely used VPN behaves this way. This is problematic
on a dual stack host that has IPv6 enabled on its local network. It establishes its VPN link and attempts to communicate with destinations that resolve to both IPv4 and IPv6 addresses. The destination address selection mechanism prefers the IPv6 destination so the application sends packets to an IPv6 address. The VPN doesn’t know about IPv6, so instead of protecting the packets and sending them to the
remote end of the VPN, it passes such packets in the clear to the local network.
This is problematic for a number of reasons. The first is that if the node has a default IPv6 route, the packets will be forwarded off-link to an unknown destination.
Another is if no legitimate router is on-link and the node makes the on-link, the packets will simply be sent onto the local link to be potentially viewed by a node spoofing the destination. A third is if a rogue IPv6 router exists on-link. In that case the malicious node will simply be sent all IPv6 packets in the clear.
6.3 : Finding problems in TCP/IP using IPV6:
In this part I want to describe the techniques and tools that we can use to help identify
a problem at successive layers of the Transmission Control Protocol/Internet Protocol
(TCP/IP) protocol stack that is using an Internet Protocol version 6 (IPv6) Internet layer in Microsoft Windows XP , Windows Server 2003 or Windows Vista.
Depending on the type of problem, we might do one of the following:
-Starting from the bottom of the stack and move up.
-Starting from the top of the stack and move down.
The following sections are organized from the top of the stack and describe how to:
-Verify IPv6 connectivity
-Verify Domain Name System (DNS) name resolution for IPv6 addresses
-Verify IPv6-based TCP connections
We can also use Network Monitor to capture IPv6 traffic Although not specified in the following sections, to troubleshoot many problems with IPv6-based communications. Network Monitor is provided with Microsoft Systems Management Server and as an optional network component with Windows Server 2003. However, to correctly interpret the display of IPv6 packets in Network Monitor, we must have
detailed knowledge of the protocols included in each packet.
7.3.1 : Manage Configuration
To manually configure IPv6 addresses, use the netsh interface ipv6 set address command. In Windows Vista, we can manually configure IPv6 addresses from the properties of the Internet Protocol Version 6 (TCP/IPv6) component, available from the Network Connections folder. In most cases, we do not need to manually configure
IPv6 addresses because they are automatically assigned for hosts through IPv6 address auto-configuration.
Also to make changes to the configuration of IPv6 interfaces, we use the netsh interface ipv6 set interface command. To add the IPv6 addresses of DNS servers, use the netsh interface ipv6 add dnsserver command.
7.3.2 : Verify Reachability
To verify reachability with a local or remote destination, try the following:
“Check and flush the neighbor cache” . Similar to the Address Resolution Protocol (ARP) cache, the neighbor cache stores recently resolved link-layer addresses. To display the current contents of the neighbor cache, use the netsh interface ipv6 show neighbors command.
Section 7 : Conclusion
There are some of mechanisms for network administrators to transition their networks
from IPv4 to IPv6. The transition technologies I have presented are robust to slowly and incrementally transitioning groups of networks, as well as mixed protocol support of hosts within individual networks.
My recommendation is using tunneling IPV6 over IPV4 as much as possible to Simplify communications between IPv6 hosts.
I recommend first using tunneling to support both IPv4 and IPv6 applications, then slowly transitioning to pure IPV6 infrastructure. I believe this gradual process will support legacy systems until they are totally replaced, and this will ready the intranet for an IPv6 internet by the time of IPv4 address exhaustion.
Microsoft has more software that has no IPv6 support, but alternatives are available and everything still works on IPv4. It will take some time before everything has IPv6 support, until than both IPv6 and IPv4 can coexist together without any problems. Therefore it is advisable to implement IPv6 as much as possible,
because sooner or later the migration from IPv4 to IPv6 has to be made. Important when deciding to implement IPv6 is to plan everything very carefully. Especially when it comes to services it is important to know whether or not the services installed and configured in your situation are capable of handling IPv6.
Internet service providers may wait till there are enough IPv6 applications to deploy IPv6 networks, and application developers may wait for the IPv6 network to be deployed first. It is up to servers and application developers to take
more and more IPv6 into consideration and also all the business sectors to consider migrating to IPv6, and not waiting for others to be the firsts.
Of course, if everyone waits until the last minute, it could end up costing much
more not just to engineer the transition, but in the cost of the disruption to what has become a crucial part of our economic and social infrastructure.
As I wrote a common dual-stack migration strategy is to make the transition from the
core to the edge. This involves enabling two TCP/IP protocol stacks on the WAN core
routers, then perimeter routers and firewalls, then the server-farm routers and finally
the desktop access routers. After the network supports IPv6 and IPv4 protocols, the
process will enable dual protocol stacks on the servers and then the edge computer Systems.
In my opinion it is not difficult to implement IPv6 in an IPv4 environment and if there
are any hesitations left, this report shows that migration can go without difficulties.
The transition from IPv4 to IPv6 will be a larger task for the industry. It will affect nearly all networked applications, end-systems, frastructure systems, and network architectures.
The conversion to IPv6 has no specific timeline.
However, as noted upper, the rate of IPv4 address using is rapidly decreasing.
Section 9 : References
[1] Borella, M.; Grabelsky, D.; Lo, J.; Taniguchi, K. Realm “Specific IP Protocol Specification.” . IJCSNS International Journal of Computer Science and Network Security .http://tools.ietf.org/html/rfc3103 March 2007
[2] Sawant, A. ” IPv6 Features and Migration from IPv4.” In Bechtel Telecommunications Technical Journal, January 2004. from www.bechteltelecoms.com/docs/bttj_v2/Article8.pdf
[3] T. Chown.” Considerations for IPv6 Tunneling Solutions.”. International Journal of Foundations of Computer Science (IJFCS).April 2004.University of Southampton
[4] China Internet Information Center. “Statistical Survey Report on the Internet Development in China.”. from http://www.cnnic.net.cn/uploadfiles/pdf/2007/2/14/200607.pdf January 2007
[5] S. Daniel Park, “IPv6 Tunnel End-point Automatic Discovery Mechanism”. IJCSNS International Journal .(Sep 2004).
[6] Nevil Brownless, NeTraMet, .” Observations of IPv6 traffic on a 6to4 relay”
IJCSA, International Journal of computer science and application . http://portal.acm.org/citation.cfm?id=1052821 .(Jan 2005)
[7] Daniele Muscetta , “ Connecting to an IPv6 Tunnel Broker ” . IJCSNS International Journal . (2005)
[8] Wright, A. “ Internet Adoption Slowing But Dependence on It Continues to Grow. “. from http://www.ipsosna.com/news/pressrelease.cfm?id=3030 March 29, 2006
[9] Barlow, J. “ IPv6 HandsOn “ IJCSA, International Journal of computer science and application . December 2006
[10] Tsirtsis, G.; Srisuresh, P.” Network Address Translation Protocol Translation (NATPT).” In InternetDraft, .Retrieved December 2006 from http://tools.ietf.org/html/rfc2766
[11] Borella, M.; Montenegro, G. “Address Sharing with EndtoEnd Security. “ In the Proceedings of the Special Workshop on Intelligence at the Network Edge, December 2006 from https://www.usenix.org/publications/library/proceedings/ine2000/full_papers/borella/borella_html/rsipusenix.html
[12] Borman, D.; Deering, S.; Hinden, R. “ IPv6 Jumbograms.” . IJCSNS International Journal . December 2006 from http://tools.ietf.org/html/rfc2675
[13] Carpenter, B.; Moore, K.” Connection of IPv6 Domains via IPv4 Clouds.”
International Journal of Foundations of Computer Science (IJFCS) Decemeber 2006 .
[14] Hupprich, L.; Bumatay, M. Global Internet Population Grows an Average of Four Percent YearOverYear. Nielsen//NetRatings. March 2007 from http://phx.corporateir.net/phoenix.zhtml?c=82037&p=irolnewsArticle&ID=538993&highlight=
[15] [RFC4607] H. Holbrook and B. Cain, “Source-Specific Multicast for IP”, Cisco RFC 4607, August 2006.
[16] IPv6 Task Force, U.S. Department of Commerce.” Technical and Economic Assessment of Internet Protocol Version 6 (IPv6).” January 2006. from http://www.ntia.doc.gov/ntiahome/ntiageneral/ipv6/final/ipv6final.pdf
[17] Metz, C.; Hagino, J. “ IPv4Mapped Addresses on the Wire Considered Harmful.” International Journal of Foundations of Computer Science (IJFCS), December 2006 .
[18] Professor Peter Kirstein, Dr. Tim Chown “Why a new Internet Protocol?”, UKIPV6 Task Force Journal . (2006).
[19] Pekka Savola. CSC/FUNET, Finland .
” Observations of IPv6 Traffic on a 6to4 Relay. “IJCSA, International Journal of computer science and application. (Sep 2007).
[20] Microsoft, “ Microsoft’s Objectives for IPV6 Tunneling” http://technet.microsoft.com/en-us/library/bb726951.aspx (2007),
[21] [RFC4795] B. Aboba, D. Thaler, L. Esibov, “Link-local Multicast Name
zesolution (LLMNR)”, HongKong Computer Society journal. January 2007.
[22] Raymond A. Plzak, “ARIN Board Advises Internet Community on Migration to IPv6.” International Journal of Foundations of Computer Science (IJFCS). (May 2007)
[23] Jeroen van Nieuwenhuizen ( 2007 ). Setting up IPv6 . Project Phoenix The Legend
M. Rahman, Ph.D, Andrew Schaumberg (2007). Transitioning Networks from IPv4 to IPv6.University Plaza, Platteville, USA .
[24] IANA. “ IPv4 Address Report.” International Journal of Foundations of Computer Science (IJFCS) . (March 2007) from http://www.potaroo.net/tools/ipv4/index.html
Section 1: Introduction
Although the Internet Protocol IPv4 was giving efficient service over than 20 years ,
but the new Internet Protocol IPv6 provides higher efficiency like having enough
level of IPs, stronger security and mobility. In fact it is good to evaluate the performance benefits that we can get from IPv6 protocol in compare to the IPv4 protocol. We can upgrade the existing IPv4 infrastructure to the next generation Internet Protocol(IPv6) and get its advantages using the transition mechanisms.
When IPv4 was designed most of networks had just few nodes, low bandwidth, high latency, and high error rates. Most common applications at that time were FTP,e-mail, and so on.In the early 1990’s, the computer industry expanded with coming the personal computers (PCs) to the market. The internet also developed and electronic businesses or e-commerce started. The market demand was the biggest factor in the Internet’s revolution. As the fast grow of the Internet was detected in the early 1990’s, it was
showing that the IPv4 address space would be finish by the end of the century. In this
regard, some mechanisms such as Network Address Translator (NAT) have extended the life of IPv4, but it was not a logical solution.Today, the market looks completely different than it was in the 1980’s. Although FTP, and e- mail are still very popular today but new applications such as video conferencing, Voice-over-IP, E-Commerce, Mobiles, and etc , have led the Internet
Engineering Task Force (IETF) to seek a new Internet Protocol, that we call it IPv6.
IPv4 and IPv6 are incompatible protocols. For this reason, transition to the new protocol cannot be expected to be painless, and will involve significant costs for service providers and customers alike. If we compare the costs of transition with the non-transition mode or using IPv4 with supporting new services, then it can help us identify the best time to start the transition process .Whenever transition begins there will be no single “flag day” on which the all-IPv4 network turns into an IPv6 network. At the Internet level, transition will be a lengthy
process, with the two protocols existing side by side for many years to come. To facilitate transition, the IETF (Internet Engineering Task Force) has set up a work group called ngtrans (Next Generation TRANSition) which specifies mechanisms for supporting interoperability between IPv4 and IPv6. In particular, the group has focused on two major problems:
•How to make IPv6 terminals communicate with IPv4 terminals.
•How to transport IPv6 over an IPv4 network so that IPv6 “islands” interconnected via the IPv4-based Internet can communicate.
This second problem, which is extremely important in the initial stage of IPv6
deployment, will be joined in the future by the reciprocal problem: how to transport
IPv4 over IPv6. However; discussion of this issue have been postponed until the presence of IPv6 reaches to a significant point on the Internet.
Work on these problems has led to the development of a set of transition mechanisms, each targeted to a particular range of uses and applications.
Section 2: IP Overview
Internet protocol is the set of techniques used by many hosts for transmitting data over
the Internet. The current version of the Internet protocol is IPv4, which provides a 32-bit address system.
Internet protocol is a “best effort” system, meaning that no packet of information sent
over it is assured to reach its destination in the same condition it was sent. Often other
protocols are used in tandem with the Internet protocol for data that for one reason or
another must have extremely high fidelity.
Every device connected to a network, be it a local area network (LAN) or the Internet,
is given an Internet protocol number. This address is used to identify the device uniquely among all other devices connected to the extended network.
2.1 : Features of IP
IP is a connectionless protocol. This means that it has no concept of a job or a session.
Each packet is treated as an entity in itself. IP is rather like a postal worker sorting
letters. He is not concerned with whether a packet is one of a batch. He simply routes
packets, one at a time, to the next location on the delivery route.
IP is also unconcerned with whether a packet reaches its eventual destination, or
whether packets arrive in the original order. There is no information in a packet to
identify it as part of a sequence or as belonging to a particular job. Consequently, IP
cannot tell if packets were lost or whether they were received out of order. IP is an
unreliable protocol. Any mechanisms for ensuring that data sent arrives correct and intact are provided by the higher- level protocols in the suite.
2.2 : IP Routing
So how does an IP packet addressed to a computer on the other side of the world find
its way to its destination? The basic mechanism is very simple.
On a LAN, every host sees every packet that is sent by every other host on that LAN.
Normally, it will only do something with that packet if it is addressed to itself, or if
the destination is a broadcast address.
A router is different. A router examines every packet, and compares the destination
address with a table of addresses that it holds in memory. If it finds an exact match, it
forwards the packet to an address associated with that entry in the table. This
associated address may be the address of another network in a point- to- point link, or
it may be the address of the next-hop router.
If the router doesn’t find a match, it runs through the table again, this time looking for
a match on just the network ID part of the address. Again, if a match is found, the
packet is sent on to the address associated with that entry.
If a match still isn’t found, the router looks to see if a default next- hop address is
present. If so, the packet is sent there. If no default address is present, the router sends
an ICMP “host unreachable” or “network unreachable” message back to the sender. If
you see this message, it usually indicates a router failure at some point in the
network.
The difficult part of a router’s job is not how it routes packets, but how it builds up its
table. In the simplest case, the router table is static: it is read in from a file at start- up.
This is adequate for simple networks. You don’t even need a dedicated piece of kit for
this, because routing functionality is built into IP.
Dynamic routing is more complicated. A router builds up its table by broadcasting
ICMP router solicitation messages, to which other routers respond. Routing protocols
are used to discover the shortest path to a location. Routes are updated periodically in
response to traffic conditions and availability of a route. However, the details of how
this all works is beyond the scope of this report.
2.3 : Future of the Internet
As we can see the Internet will have a serious problem in a few years. Due to its
amazing growth and the limitations in its design and facilities , there will be a
problem when no more free addresses are available for connecting to new hosts or
assigning to a new device. At that point, no more new web servers can be set up, no
more users can sign up for accounts at ISPs, and no more new machines can be set up to access the web or join in online games.
Several solutions have been made to solve the problem. A very popular approach is to
not assign a worldwide unique address to every user’s machine, but rather to assign
them “private” addresses, and hide several machines behind one official, globally
unique address. This technique is called “Network Address Translation” or NAT. It
has problems, as the machines hidden behind the global address can’t be addressed,
and as a result of this, opening connections to them which are used in online gaming,
peer-to-peer networking, and etc, is not possible.
A different approach to the problem of Internet addresses getting scarce is to discard
the old Internet protocol with its limited addressing capabilities, and use a new
protocol that does not have these limitations. The protocol or actually, a set of
protocols used by machines connected to form today’s Internet is known as the
TCP/IP (Transmission Control Protocol, Internet Protocol), and version 4 currently in
use has all the problems described above.
Switching to a different protocol version that does not have these problems of course
requires for a new version to be available. And actually, there is a better version.
Version 6 of the Internet Protocol (IPv6) provides future inquiries on address space,
and also addresses other features such as privacy, encryption, and better support of
mobile computing as well.
Assuming a basic understanding of how today’s IPv4 works, this report is intended
as an introduction to the IPv6 protocol. The changes in address formats and name
resolution are covered. After that, it is shown how to use IPv6 by using a simple-yet-
efficient transition mechanism called 6to4.
Section 3 : IPv6 vs IPV4
When telling people to migrate from IPv4 to IPv6, the question you usually hear is “Why?”.
There are actually a few good reasons to move to the new version:
• Bigger address space
• Support for mobile devices
• Built-in security
3.1 : Bigger address space
The bigger address space IPv6 offers is the most obvious enhancement it has over
IPv4. While today’s Internet architecture is based on 32-bit wide addresses, the new
version has 128-bit technology available for addressing. Base on the enlarged address
space, workarounds like NAT don’t have to be used anymore. This allows full, unconstrained IP connectivity for today’s IP-based machines as well as upcoming mobile devices like PDAs and cell phones all will benefit from full IP access through GPRS and UMTS.
3.2 : Mobility
When mentioning mobile devices and IP, it’s important to note that a special protocol
is needed to support mobility, and implementing this protocol that is called “Mobile
IP” is one of the requirements for every IPv6 stack. Thus, if we have IPv6 going, we
have support for roaming between different networks, with global notification when
we leave one network and enter the other one. Support for roaming is possible with
IPv4 too, but there are a number of hoops that need to be jumped in order to get things
working. With IPv6, there’s no need for this, as support for mobility was one of the
design requirements for IPv6.
3.3 : Security
Besides support for mobility, security was another requirement for the successor to
today’s Internet Protocol version. As a result, IPv6 protocol stacks are required to
include IPsec. IPsec allows authentication, encryption, and compression of IP traffic.
Except for application-level protocols like SSL or SSH, all IP traffic between two
nodes can be handled without adjusting any applications. The benefit of this is that all
applications on a machine can benefit from encryption and authentication, and that
policies can be set on a per-host (or even per-network) basis, not per application/service.
Section 4 : IPV6 Addressing
The IPV6 Addressing properties is presented in this section.
4.1: Multiple addresses
In IPv4, a host usually has one IP number per network interface or even per machine
if the IP stack supports it. Only very rare applications like web servers result in
machines having more than one IP number.
In IPv6, this is different. For each interface, there is not only a globally unique IP
address, but there are two other addresses that are of interest: The link-local address,
and the site-local address. The link-local address has a prefix of fe80::/64, and the
host bits are built from the interface’s EUI64 address. The link-local address is used
for contacting hosts and routers on the same network only, the addresses are not
visible or reachable from different subnets. If desired, there’s the choice of either
using global addresses as assigned by a provider, or using site-local addresses.[16]
Site-local addresses are assigned the network address fec0::/10, and subnets and hosts
can be addressed just as for provider-assigned networks. The only difference is that
the addresses will not be visible to outside machines, as these are on a different
network, and their site-local addresses are in a different physical net. As with the 10/8
network in IPv4, site-local addresses can be used, but don’t have to be. For IPv6, it’s
most common to have hosts assigned a local link and a global IP address. Site-local
addresses are rather uncommon today, and is no substitute for globally unique
adresses if global connectivity is required.
4.2 : Multicasting
In IP land, there are three ways to talk to a host: unicast, broadcast, and multicast. The
most common way to talk to a host is by talking to it directly using its unicast address.
In IPv4, the unicast address is the “normal” IP address assigned to a single host, with
all address bits assigned. The broadcast address used to address all hosts in the same
IP subnet has the network bits set to the network address, and all host bits set to “1″
which can be easily done using the netmask and some bit operations. Multicast addresses are used to reach a number of hosts in the same multicast group, which can be machines spread across the Internet. Machines must join multicast groups
explicitly to participate, and there are special IPv4 numbers used for multicast addresses, allocated from the 224/8 subnet. Multicast isn’t used very much in IPv4, and only few applications use it.In IPv6, unicast addresses are used the same as in IPv4, no surprise there all the
network and host bits are assigned to identify the target network and machine.
Broadcasts are no longer available in IPv6 in the way they were in IPv4, this is where multicasting comes into play. Addresses in the ff::/8 network are reserved for multicast applications, and there are two special multicast addresses that supersede the broadcast addresses from IPv4. One is the “all routers” multicast address, the others is for “all hosts”.
The details about IPv6 are in general the way they were proposed in the RFCs by IETF, however we chose to use Microsoft Windows 2003 as the platform to implement the tests. Due to their early stages of development, the IPv6 protocol stack in Windows 2003 still has many problems, such as fragmentation issues, no support
for IPSec, a native security feature, etc…
Microsoft has two different implementations of an IPv6 stack both for Windows NT 5.0 and Windows 2003. The older stack, known as the “Microsoft Research IPv6 Release 1.4”, works under both NT 4.0 and Win2K; the newer stack, known as the
“Microsoft IPv6 Technology Preview for Windows 2003” works under Windows 2003. Both stacks require an existing IPv4 stack to be previously installed.
Once installed, besides giving the Windows environment the support for IPv6, it
creates a whole new set of routines, such as “ping6”, “tracert6”, which are similar in
function to “ping” and “tracert”, but work with the new IPv6 stack. The good part about the IPv6 implementation that Microsoft created is that they embedded the IPv6 socket creation in the Winsock2 API. That means that they added a few more functions when you create the sockets, however, the fundamentals remained the same,
and thus a programmer that can make an IPv4 application can most likely learn how
to make a simple IPv6 application as well.
Internet Protocol version 6 is designed as an evolutionary upgrade to the Internet
Protocol (IPv4) and will, in fact, coexist with the older IPv4 for some time. IPv6 is designed to allow the Internet to grow steadily, both in terms of the number of hosts connected and the total amount of data traffic transmitted; it will have a 128 bit address looking like FFFF:FFFF:FFFF:FFFF, and it will support up to
340,282,366,920938,463,463,374,607,431,768,211,456unique addresses.in Table1 we can see the advantages of IPV6 versus IPV4 .
The IPv6 header is always present and is a fixed size of 40 bytes. The fields in the
IPv6 header are described briefly below.
The fields in the IPv6 header are:
Version – 4 bits are used to indicate the version of IP and is set to 6.
Traffic Class – Indicates the class or priority of the IPv6 packet. The size of this field
is 8 bits.The Traffic Class field provides similar functionality to the IPv4 Type of
Service field.
Flow Label – Indicates that this packet belongs to a specific sequence of packets
between a source and destination, requiring special handling by intermediate IPv6
routers. The size of this field is 20 bits. The Flow Label is used for non-default quality
of service connections, such as those needed by real- time data (voice and video). For
default router handling, the Flow Label is set to 0. There can be multiple flows between a source and destination, as distinguished by separate non-zero Flow Labels.Payload Length – Indicates the length of the IP payload. The size of this field is 16 bits. The Payload Length field includes the extension headers and the upper layer PDU. With 16 bits, an IPv6 payload of up to 65,535 bytes can be indicated. For payload lengths greater than 65,535 bytes, the Payload Length field is set to 0 and the Jumbo Payload option is used in the Hop-by-Hop Options extension header.
Next Header – Indicates either the first extension header (if present) or the protocol
in the upper layer PDU (such as TCP, UDP, or ICMPv6). The size of this field is 8
bits. When indicating an upper layer protocol above the Internet layer, the same
values used in the IPv4 Protocol field are used here.
Extension Header – Zero or more extension headers can be present and are of
varying lengths. A Next Header field in the IPv6 header indicates the next extension
header.Within each extension header is another Next Header field that indicates the
next extension header. The last extension header indicates the upper layer protocol
(such as TCP, UDP, or ICMPv6) contained within the upper layer protocol data unit.
The IPv6 header and extension headers replace the existing IPv4 IP header with options. The new extension header format allows IPv6 to be augmented to support future needs and capabilities. Unlike options in the IPv4 header, IPv6 extension headers have no maximum size and can expand to accommodate all the extension data
needed for IPv6 communication.
Hop Limit – Indicates the maximum number of links over which the IPv6 packet can
travel before being discarded. The size of this field is 8 bits. The Hop Limit is similar
to the IPv4 TTL field except that there is no historical relation to the amount of time
(in seconds) that the packet is queued at the router. When the Hop Limit equals 0, the
packet is discarded and an ICMP Time Expired message is sent to the source address.
Source Address –Stores the IPv6 address of the originating host. The size is 128 bits.
Destination Address – Stores the IPv6 address of the current destination host. The
size of this field is 128 bits. In most cases the Destination Address is set to the final
destination address.
However, if a Routing extension header is present, the Destination Address might be
set to the next router interface in the source route list.
Section 5 : Transition Mechanisms
As IPv6 is finally beginning to mature, it is evident that methods of upgrading the
Internet need to be found. One idea would be to turn off the entire Internet at 12 pm,
upgrade the network infrastructure include routers, protocol stacks, …and turn the
Internet back on at 6 am and hope everything works fine and correct.
This is unrealistic due to the fact that it would cost more money than it is imaginable,
the time would be way too short, and nothing ever works as good as it is in theory.
More gradual transition methods have evolved, ones which are likely to happen over
the course of 10 years or so. Some of the transition mechanisms are:
Dual Stack
SIIT – Stateless IP/ ICMP Translator
AIIH – Assignment of IPv4 Global Addresses to IPv6 Hosts
NAT – Protocol Translator – has scaling and DNS issues, and has single point of failure disadvantage
Tunnel Broker – dynamically gain access to tunnel servers, but has authentication and scaling issues;
6-to-4 Mechanism – dynamic stateless tunnels over IPv4 infrastructure to connect 6-to-4 domains
IPv6 in IPv4 tunneling – Allows existing infrastructure to be utilized via manually configured tunnels
o Host-Host Tunneling
o Router-Router Tunneling
o Host-Router and vice versa Tunneling
5.1 : Dual Stack:
The basic approach for permitting all communications is the so-called dual stack IP,
where each new host, server, router or other item of equipment dealing with the IP level can support both protocols. In this way, communication between IPv6 terminals
takes place directly, while an IPv4/IPv6 terminal which must communicate with an IPv4-only terminal can do so in IPv4. This approach is not particularly burdensome for hosts and servers, as it is a software upgrade which has no significant impact on the system. Nevertheless, the main drawback of this approach is the need to maintain
a multi-protocol network with a double routing infrastructure, which increases administrators’ work load. In addition, generalized use of the dual stack IP model will not be possible when address space exhaustion reaches the point that new IPv4 addresses can no longer be assigned.
To overcome these problems, several solutions for interoperation between IPv6-only networks and IPv4-only networks have been specified which permit end-to-end communication between heterogeneous terminals:
•Dual stack IP ALG devices which make it possible to perform protocol translation at the borders between non-homogeneous networks through the use of application proxies implemented on dual stack servers.
•NAT-PT (Network Address Translator – Protocol Translator) devices, which make it possible to perform address and protocol translation at the borders between non-homogeneous networks at IP level.
•The Dual Stack Transition Mechanism, or DSTM, which proposes to use the dual stack IP approach on the basis of IPv4 addresses assigned dynamically only when needed, and the use of IPv4 over IPv6 tunneling in order to cross the local IPv6 network before accessing the outer IPv4 network.
Though these transition mechanisms have the same shortcomings as the similar mechanisms proposed for interconnecting separate IPv4 networks, they provide a significant advantage for the future. Thus, while the mechanisms for IPv4 are final,and can no longer be done without, those for the transition towards IPv6 are instrumental in ensuring coexistence between IPv4 and IPv6, which should come to an end once the Internet operates entirely under IPv6.
IPv6 was delivered with migration techniques to cover every conceivable IPv4 upgrade case, but many were ultimately rejected by the technology community, and today we are left with a small set of practical approaches.
Dual stack is involve with running IPv4 and IPv6 at the same time. End nodes and routers/switches run both protocols, and if IPv6 communication is possible that is the preferred protocol.
A common dual-stack migration strategy is to make the transition from the core to the
edge. This involves enabling two TCP/IP protocol stacks on the WAN core routers,then perimeter routers and firewalls, then the server-farm routers and finally the desktop access routers. After the network supports IPv6 and IPv4 protocols, the process will enable dual protocol stacks on the servers and then the edge computer
systems.
Another approach is to use tunnels to carry one protocol inside another. These tunnels
take IPv6 packets and encapsulate them in IPv4 packets to be sent across portions of the network that haven’t yet been upgraded to IPv6.
Other techniques, such as network address translation–protocol translation (NAT-PT)
simply translate IPv6 packets into IPv4 packets. These translation techniques are more
complicated than IPv4 NAT because the protocols have different header formats.Translation techniques were intended to be used as a last resort. Using dual-stack and tunneling techniques is preferable to using NAT-PT.
It will be easier to try to run everything in a dual-stack mode first and then remove the
IPv4 protocol over time. Currently there aren’t many systems being developed for IPv6-only communications, but there are many systems that work in dual-stack mode. Microsoft’s new operating systems, for example, have a dual-layer architecture that makes for seamless operation of either protocol. Therefore, migration plans should maximize the use of dual stack and minimize the amount of tunneling. It should also
be mentioned that running dual stack is not the final state. We can’t forget that full
migration to IPv6 is the final destination.
Dual stack IPV4/IPV6
In the 1990s the network industry used the phrase “Switch where you can, route where you must.” However, over time the performance gap between routing and switching closed. For IPv6 transitions the new moniker will be “Dual stack where you can, tunnel where you must.”
5.2 : IPv6 in IPv4 tunneling:
IPv6 in IPv4 tunneling is one of the easiest transition mechanism by which two IPv6
hosts / networks can be connected with each other while running on existing IPv4 networks through establishing some special routes called tunnels. In this technique, IPv6 packets are encapsulated in IPv4 packets and then are sent over IPv4 networks like ordinary IPv4 packets through tunnels. At the end of tunnel these packets are
decapsulated to the original IPv6 packets.
The following are some important characteristics of tunneling mechanism:
When encapsulating a datagram, the TTL in the inner IP header is decremented by
only one if the tunnel is being done as part of forwarding the datagram; otherwise the
inner header TTL is not changed during encapsulation. If the resulting TTL in the
inner IP header is zero, the datagram is discarded and an ICMP Time Exceeded message is returned to the sender.
Therefore, an encapsulator will not encapsulate a datagram with TTL=0.
Encapsulation of IPv6 in IPv4:
o Utilizes IPv4 routing and properties.
o Loses special IPv6 features.
o Requires a hole in firewall to allow through protocol 41 (IP in IP).
There are two types of tunnels: manual and dynamic. Manually configured IPv6 tunneling requires configuration at both ends of the tunnel, whereas dynamic tunnels are created automatically based on the packet destination address and routing. Dynamic tunneling techniques simplify maintenance compared with statically
configured tunnels, but static tunnels make traffic information available for each
endpoint, providing extra security against injected traffic.
There are, in fact, concerns over the security of tunneling techniques. For example, with dynamic tunnels it isn’t easy to track who is communicating over the transient tunnels, and you don’t know the tunnel destination endpoint. It is a scary proposition when your routers communicate with other nonauthenticated routers. It is also
possible to send forged traffic toward a tunnel endpoint and get traffic spuriously inserted into the tunnel. Tunneling creates situations in which traffic will be encapsulated, and many firewalls won’t inspect the traffic if it is in a tunnel. Allowing IP Protocol 41 (IPv6 encapsulated in IPv4) through an IPv4 firewall is not a best
practice. This is like creating an “IPv6 permit any any all” rule through the firewall.
Tunnels will constantly have to be changed and monitored as your transition progresses. Tunnels will also have to be removed when the IPv6 ocean gets larger and we migrate to full IPv6. Tunnels are, therefore, just a transitional technique, and troubleshooting in an environment full of tunnels will be challenging.
Dynamic tunnel techniques don’t create tunnel interfaces that can be monitored with SNMP. Dynamic tunnel techniques such as 6 to 4 use 2002::/16 addresses, which means you will need to re-address the network twice as part of the transition to IPv6.
Many of the dynamic tunneling techniques are also unable to forward multicast traffic and can’t traverse an IPv4 NAT in the middle of the network.
If a tunnel falls entirely within a routing domain, it will be considered as plain serial
link by interior routing protocol such as RIP or OSPF. But if it lies between two routing domains it needs exterior protocols like BGP etc..
In case of congestion in the tunnel, an ICMP Source Quench message will be issued in order to inform the previous node of the congestion.
In different types of tunneling, only de/encapsulation points are varied depending on
the start and end of tunnels, however the basic idea remains the same.
IPv6 tunneling enables the iSeries server to connect to IPv6 nodes (hosts and routers) across IPv4 domains. Tunneling permits isolated IPv6 nodes or networks to communicate without changing the underlying IPv4 infrastructure. Tunneling allows IPv4 and IPv6 protocols to cooperate, and thereby provides a transitional method of
implementing IPv6 while retaining IPv4 connectivity.
A tunnel consists of two dual-stack (IPv4 and IPv6) nodes on an IPv4 network. These dual-stack nodes are capable of processing both IPv4 and IPv6 communications. One of the dual-stack nodes on the edge of the IPv6 infrastructure inserts an IPv4 header in front of (encapsulates) each IPv6 packet that arrives and sends it as though it were normal IPv4 traffic, through existing links. IPv4 routers continue to forward this traffic. On the other side of the tunnel, another dual-stack node removes the extra IP header from the IPv6 packet (decapsulates) and routes it to the ultimate destination using standard IPv6.
IPv6 tunneling runs over configured tunnel lines, which are virtual lines. Configured tunnel lines provide IPv6 communications to any node with a routable IPv4 address that supports IPv6 tunnels. These nodes may exist anywhere, that is, within the local IPv4 domain or within a remote domain.
Configured tunnel connections are point-to-point.To configure this type of tunnel
line, you must specify the local tunnel endpoint (IPv4 address), such as 124.10.10.150, and the local IPv6 address, such as 1080:0:0:0:8:800:200c:417a. We must also create an IPv6 route to enable traffic to travel through the tunnel. As we create the route, we will define one of the tunnel’s remote endpoints (IPv4
address) as the route’s next hop. We may configure an unlimited number of endpoints
for an unlimited number of tunnels.
5.2.1 : Host-to-Host Tunneling
In host to host tunneling method, encapsulation is done at source host and ecapsulation is done at destination host. So the tunnel is created in between two hosts supporting both IPv4 and IPv6 stacks. So in this way encapsulated datagrams are sent through the tunnel over the IPv4 network.
Both hosts having dual stack encapsulate the packets of IPv6 in IPv4 packets and transmit over the network as an IPv4 packet utilizing all the characteristics and routing mechanisms of IPv4. With this transition mechanism, it is possible to support IPv6 simply by upgrading the end hosts protocol stacks to IPv6 while leaving the IPv4
infrastructure unchanged.
5.2.2 : Router-to-Router Tunneling
In router to router tunneling mechanism, encapsulation is done at edge router of
originating host and decapsulation is done in the same way at edge router of destined host. The tunnel is created in between two edge routers supporting both IPv4 and IPv6 stacks. Therefore, the end hosts can support native IPv6 protocol stack while the edge routers create the tunnels and handle the encapsulation and decapsulation in order to transmit the packets over the existing IPv4 infrastructure.
The IPv6 datagrams are forwarded from host to edge routers while encapsulation takes place at the router level; similarly at the other end, the reverse process takes place. In this method, both edge routers need to support dual stacks and established a tunnel prior to transmission.
5.2.3 : Host-to-Router Tunneling
In host to router tunneling mechanism, encapsulation is done at originating host and
decapsulation is done in the same way at edge router of destined host and vice versa.
The tunnel is created in between one host and one edge router both of them supporting both IPv4 and IPv6 stacks. So in this way encapsulated datagrams are sent through the tunnel over the existing IPv4 network. The same process can happen the other way around, from one edge router to an end host.
The tunnel is therefore established between the host and the router. In this method one
dual stack supporting router and one dual stack supporting host is required.
5.3 : Overlay Tunnels for IPv6
Overlay tunneling encapsulates IPv6 packets in IPv4 packets for delivery across an
IPv4 infrastructure (a core network or the Internet).By using overlay tunnels, we can
communicate with isolated IPv6 networks without upgrading the IPv4 infrastructure
between them. Overlay tunnels can be configured between border routers or between
a border router and a host; however, both tunnel endpoints must support both the IPv4
and IPv6 protocol stacks as we can see in figure
4 . Cisco IOS IPv6 supports the
following types of overlay tunneling mechanisms:
• Manual
• Generic routing encapsulation (GRE)
• IPv4-compatible
• 6to4
• Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
Note Overlay tunnels reduce the maximum transmission unit (MTU) of an interface
by 20 octets (assuming the basic IPv4 packet header does not contain optional fields).
A network using overlay tunnels is difficult to troubleshooting. Therefore, overlay tunnels connecting isolated IPv6 networks should not be considered as a final IPv6 network architecture. The use of overlay tunnels should be considered as a transition technique toward a network that supports both the IPv4 and IPv6 protocol stacks or just the IPv6 protocol stack .
5.5 : GRE/IPv4 Tunnel Support for IPv6 Traffic
IPv6 traffic can be carried over IPv4 GRE tunnels using the standard GRE tunneling technique that is designed to provide the services necessary to implement any standard point-to-point encapsulation scheme. As in IPv6 manually configured tunnels, GRE tunnels are links between two points, with a separate tunnel for each
link. The tunnels are not tied to a specific passenger or transport protocol, but in this
case carry IPv6 as the passenger protocol with the GRE as the carrier protocol and
IPv4 or IPv6 as the transport protocol.
The primary use of GRE tunnels is for stable connections that require regular secure
communication between two edge routers or between an edge router and an end system. The edge routers and the end systems must be dual-stack implementations.
GRE has a protocol field that identifies the passenger protocol. GRE tunnels allow
Intermediate System-to-Intermediate System (IS-IS) or IPv6 to be specified as a passenger protocol, which allows both IS-IS and IPv6 traffic to run over the same tunnel. If GRE did not have a protocol field, it would be impossible to distinguish whether the tunnel was carrying IS-IS or IPv6 packets. The GRE protocol field is why
it is desirable that you tunnel IS-IS and IPv6 inside GRE.
5.6 : GRE/CLNS Tunnel Support for IPv4 and IPv6 Packets GRE tunneling of IPv4 and IPv6 packets through CLNS networks enables Cisco CLNS Tunnels (CTunnels) to interoperate with networking equipment from other vendors. The optional GRE services defined in header fields, such as checksums, keys, and sequencing, are not supported. Any packet received requesting such
services will be dropped.
5.7 : Automatic 6to4 Tunnels
An automatic 6to4 tunnel allows isolated IPv6 domains to be connected over an IPv4 network to remote IPv6 networks. The key difference between automatic 6to4 tunnels and manually configured tunnels is that the tunnel is not point-to-point; it is point-to-multipoint. In automatic 6to4 tunnels, routers are not configured in pairs because they treat the IPv4 infrastructure as a virtual nonbroadcast multiaccess (NBMA) link. The
IPv4 address embedded in the IPv6 address is used to find the other end of the automatic tunnel.
An automatic 6to4 tunnel may be configured on a border router in an isolated IPv6 network, which creates a tunnel on a per-packet basis to a border router in another IPv6 network over an IPv4 infrastructure. The tunnel destination is determined by the IPv4 address of the border router extracted from the IPv6 address that starts with the prefix 2002::/16, where the format is 2002:border-router-IPv4-address::/48. Following the embedded IPv4 address are 16 bits that can be used to number networks within the
site. The border router at each end of a 6to4 tunnel must support both the IPv4 and IPv6 protocol stacks. 6to4 tunnels are configured between border routers or between a border router and a host.
The simplest deployment scenario for 6to4 tunnels is to interconnect multiple IPv6 sites, each of which has at least one connection to a shared IPv4 network. This IPv4 network could be the global Internet or a corporate backbone. The key requirement is that each site have a globally unique IPv4 address; the Cisco IOS software uses this address to construct a globally unique 6to4/48 IPv6 prefix. As with other tunnel
mechanisms, appropriate entries in a Domain Name System (DNS) that map between hostnames and IP addresses for both IPv4 and IPv6 allow the applications to choose the required address.
5.8 : Automatic IPv4-Compatible IPv6 Tunnels
Automatic IPv4-compatible tunnels use IPv4-compatible IPv6 addresses. IPv4-compatible IPv6 addresses are IPv6 unicast addresses that have zeros in the high-order 96 bits of the address, and an IPv4 address in the low-order 32 bits. They can be written as 0:0:0:0:0:0:A.B.C.D or ::A.B.C.D, where “A.B.C.D” represents the
embedded IPv4 address.
The tunnel destination is automatically determined by the IPv4 address in the low-
order 32 bits of IPv4-compatible IPv6 addresses. The host or router at each end of an IPv4-compatible tunnel must support both the IPv4 and IPv6 protocol stacks. IPv4-compatible tunnels can be configured between border-routers or between a border-router and a host. Using IPv4-compatible tunnels is an easy method to create tunnels
for IPv6 over IPv4, but the technique does not scale for large networks.
IPv4-compatible tunnels were initially supported for IPv6, but are being deprecated. Cisco recommends that you use the IPv6 ISATAP tunneling technique.
Section 6 : IPV6 Network potential problems
6.1 : Poor IPv6 Network Performance:
Most applications on dual stack nodes will try IPv6 destinations first by default due
to the Default Address Selection mechanism. If the IPv6 connectivity to those
destinations is poor while the IPv4 connectivity is better , the IPv6 traffic experiences higher latency, lower throughput, or more lost packets than IPv4 traffic, applications will still communicate over IPv6 at the expense of network
performance. There is no information available to applications in this case to advise them to try another destination address. An example of such a situation is a node which obtains IPv4 connectivity natively through an ISP, but whose IPv6 connectivity is obtained through a configured tunnel whose other endpoint is
topologically such that most IPv6 communication is done through triangular IPv4 paths. Operational experience on the 6bone shows that IPv6 RTT’s are poor in such situations. An example of such a network is an enterprise network that has both IPv4 and IPv6 routing within the enterprise and has a firewall configured to allow some IPv4 communication,but no IPv6 ommunication.
6.2 : Security Problems in IPV6 over IPV4:
Enabling IPv6 on a host implies that the services on the host may be open to IPv6 communication. If the service itself is insecure and depends on a security policy enforced somewhere else on the network (such as in a firewall), then there is
potential for new attacks against the service.
A firewall may not be enforcing the same policy for IPv4 as for IPv6 traffic, which could be due to misconfiguration of the firewall. One possibility is that the firewall could have more relaxed policy for IPv6, perhaps by letting all IPv6 packets pass through, or by letting all IPv4 protocol packets pass through. In this scenario, the dual stack hosts within the protected network could be subject to different attacks than for IPv4.Even if a firewall has a stricter policy or identical policy for IPv6 traffic than for
IPv4 (the extreme case being that it drops all IPv6 traffic), IPv6 packets could go through the network untouched if tunneled over a transport layer. This could open the host to direct IPv6 attacks. It should be noted that IPv4 packets can also be tunneled, so this is not a new security concern for IPv6. Firewalls must be
deliberately and properly configured.
A similar problem could exist for virtual private network (VPN) software. A VPN could protect all IPv4 packets but transmit all others onto the local subnet unprotected. At least one widely used VPN behaves this way. This is problematic
on a dual stack host that has IPv6 enabled on its local network. It establishes its VPN link and attempts to communicate with destinations that resolve to both IPv4 and IPv6 addresses. The destination address selection mechanism prefers the IPv6 destination so the application sends packets to an IPv6 address. The VPN doesn’t know about IPv6, so instead of protecting the packets and sending them to the
remote end of the VPN, it passes such packets in the clear to the local network.
This is problematic for a number of reasons. The first is that if the node has a default IPv6 route, the packets will be forwarded off-link to an unknown destination.
Another is if no legitimate router is on-link and the node makes the on-link, the packets will simply be sent onto the local link to be potentially viewed by a node spoofing the destination. A third is if a rogue IPv6 router exists on-link. In that case the malicious node will simply be sent all IPv6 packets in the clear.
6.3 : Finding problems in TCP/IP using IPV6:
In this part I want to describe the techniques and tools that we can use to help identify
a problem at successive layers of the Transmission Control Protocol/Internet Protocol
(TCP/IP) protocol stack that is using an Internet Protocol version 6 (IPv6) Internet layer in Microsoft Windows XP , Windows Server 2003 or Windows Vista.
Depending on the type of problem, we might do one of the following:
-Starting from the bottom of the stack and move up.
-Starting from the top of the stack and move down.
The following sections are organized from the top of the stack and describe how to:
-Verify IPv6 connectivity
-Verify Domain Name System (DNS) name resolution for IPv6 addresses
-Verify IPv6-based TCP connections
We can also use Network Monitor to capture IPv6 traffic Although not specified in the following sections, to troubleshoot many problems with IPv6-based communications. Network Monitor is provided with Microsoft Systems Management Server and as an optional network component with Windows Server 2003. However, to correctly interpret the display of IPv6 packets in Network Monitor, we must have
detailed knowledge of the protocols included in each packet.
7.3.1 : Manage Configuration
To manually configure IPv6 addresses, use the netsh interface ipv6 set address command. In Windows Vista, we can manually configure IPv6 addresses from the properties of the Internet Protocol Version 6 (TCP/IPv6) component, available from the Network Connections folder. In most cases, we do not need to manually configure
IPv6 addresses because they are automatically assigned for hosts through IPv6 address auto-configuration.
Also to make changes to the configuration of IPv6 interfaces, we use the netsh interface ipv6 set interface command. To add the IPv6 addresses of DNS servers, use the netsh interface ipv6 add dnsserver command.
7.3.2 : Verify Reachability
To verify reachability with a local or remote destination, try the following:
“Check and flush the neighbor cache” . Similar to the Address Resolution Protocol (ARP) cache, the neighbor cache stores recently resolved link-layer addresses. To display the current contents of the neighbor cache, use the netsh interface ipv6 show neighbors command.
Section 7 : Conclusion
There are some of mechanisms for network administrators to transition their networks
from IPv4 to IPv6. The transition technologies I have presented are robust to slowly and incrementally transitioning groups of networks, as well as mixed protocol support of hosts within individual networks.
My recommendation is using tunneling IPV6 over IPV4 as much as possible to Simplify communications between IPv6 hosts.
I recommend first using tunneling to support both IPv4 and IPv6 applications, then slowly transitioning to pure IPV6 infrastructure. I believe this gradual process will support legacy systems until they are totally replaced, and this will ready the intranet for an IPv6 internet by the time of IPv4 address exhaustion.
Microsoft has more software that has no IPv6 support, but alternatives are available and everything still works on IPv4. It will take some time before everything has IPv6 support, until than both IPv6 and IPv4 can coexist together without any problems. Therefore it is advisable to implement IPv6 as much as possible,
because sooner or later the migration from IPv4 to IPv6 has to be made. Important when deciding to implement IPv6 is to plan everything very carefully. Especially when it comes to services it is important to know whether or not the services installed and configured in your situation are capable of handling IPv6.
Internet service providers may wait till there are enough IPv6 applications to deploy IPv6 networks, and application developers may wait for the IPv6 network to be deployed first. It is up to servers and application developers to take
more and more IPv6 into consideration and also all the business sectors to consider migrating to IPv6, and not waiting for others to be the firsts.
Of course, if everyone waits until the last minute, it could end up costing much
more not just to engineer the transition, but in the cost of the disruption to what has become a crucial part of our economic and social infrastructure.
As I wrote a common dual-stack migration strategy is to make the transition from the
core to the edge. This involves enabling two TCP/IP protocol stacks on the WAN core
routers, then perimeter routers and firewalls, then the server-farm routers and finally
the desktop access routers. After the network supports IPv6 and IPv4 protocols, the
process will enable dual protocol stacks on the servers and then the edge computer Systems.
In my opinion it is not difficult to implement IPv6 in an IPv4 environment and if there
are any hesitations left, this report shows that migration can go without difficulties.
The transition from IPv4 to IPv6 will be a larger task for the industry. It will affect nearly all networked applications, end-systems, frastructure systems, and network architectures.
The conversion to IPv6 has no specific timeline.
However, as noted upper, the rate of IPv4 address using is rapidly decreasing.
Section 9 : References
[1] Borella, M.; Grabelsky, D.; Lo, J.; Taniguchi, K. Realm “Specific IP Protocol Specification.” . IJCSNS International Journal of Computer Science and Network Security .http://tools.ietf.org/html/rfc3103 March 2007
[2] Sawant, A. ” IPv6 Features and Migration from IPv4.” In Bechtel Telecommunications Technical Journal, January 2004. from www.bechteltelecoms.com/docs/bttj_v2/Article8.pdf
[3] T. Chown.” Considerations for IPv6 Tunneling Solutions.”. International Journal of Foundations of Computer Science (IJFCS).April 2004.University of Southampton
[4] China Internet Information Center. “Statistical Survey Report on the Internet Development in China.”. from http://www.cnnic.net.cn/uploadfiles/pdf/2007/2/14/200607.pdf January 2007
[5] S. Daniel Park, “IPv6 Tunnel End-point Automatic Discovery Mechanism”. IJCSNS International Journal .(Sep 2004).
[6] Nevil Brownless, NeTraMet, .” Observations of IPv6 traffic on a 6to4 relay”
IJCSA, International Journal of computer science and application . http://portal.acm.org/citation.cfm?id=1052821 .(Jan 2005)
[7] Daniele Muscetta , “ Connecting to an IPv6 Tunnel Broker ” . IJCSNS International Journal . (2005)
[8] Wright, A. “ Internet Adoption Slowing But Dependence on It Continues to Grow. “. from http://www.ipsosna.com/news/pressrelease.cfm?id=3030 March 29, 2006
[9] Barlow, J. “ IPv6 HandsOn “ IJCSA, International Journal of computer science and application . December 2006
[10] Tsirtsis, G.; Srisuresh, P.” Network Address Translation Protocol Translation (NATPT).” In InternetDraft, .Retrieved December 2006 from http://tools.ietf.org/html/rfc2766
[11] Borella, M.; Montenegro, G. “Address Sharing with EndtoEnd Security. “ In the Proceedings of the Special Workshop on Intelligence at the Network Edge, December 2006 from https://www.usenix.org/publications/library/proceedings/ine2000/full_papers/borella/borella_html/rsipusenix.html
[12] Borman, D.; Deering, S.; Hinden, R. “ IPv6 Jumbograms.” . IJCSNS International Journal . December 2006 from http://tools.ietf.org/html/rfc2675
[13] Carpenter, B.; Moore, K.” Connection of IPv6 Domains via IPv4 Clouds.”
International Journal of Foundations of Computer Science (IJFCS) Decemeber 2006 .
[14] Hupprich, L.; Bumatay, M. Global Internet Population Grows an Average of Four Percent YearOverYear. Nielsen//NetRatings. March 2007 from http://phx.corporateir.net/phoenix.zhtml?c=82037&p=irolnewsArticle&ID=538993&highlight=
[15] [RFC4607] H. Holbrook and B. Cain, “Source-Specific Multicast for IP”, Cisco RFC 4607, August 2006.
[16] IPv6 Task Force, U.S. Department of Commerce.” Technical and Economic Assessment of Internet Protocol Version 6 (IPv6).” January 2006. from http://www.ntia.doc.gov/ntiahome/ntiageneral/ipv6/final/ipv6final.pdf
[17] Metz, C.; Hagino, J. “ IPv4Mapped Addresses on the Wire Considered Harmful.” International Journal of Foundations of Computer Science (IJFCS), December 2006 .
[18] Professor Peter Kirstein, Dr. Tim Chown “Why a new Internet Protocol?”, UKIPV6 Task Force Journal . (2006).
[19] Pekka Savola. CSC/FUNET, Finland .
” Observations of IPv6 Traffic on a 6to4 Relay. “IJCSA, International Journal of computer science and application. (Sep 2007).
[20] Microsoft, “ Microsoft’s Objectives for IPV6 Tunneling” http://technet.microsoft.com/en-us/library/bb726951.aspx (2007),
[21] [RFC4795] B. Aboba, D. Thaler, L. Esibov, “Link-local Multicast Name
zesolution (LLMNR)”, HongKong Computer Society journal. January 2007.
[22] Raymond A. Plzak, “ARIN Board Advises Internet Community on Migration to IPv6.” International Journal of Foundations of Computer Science (IJFCS). (May 2007)
[23] Jeroen van Nieuwenhuizen ( 2007 ). Setting up IPv6 . Project Phoenix The Legend
M. Rahman, Ph.D, Andrew Schaumberg (2007). Transitioning Networks from IPv4 to IPv6.University Plaza, Platteville, USA .
[24] IANA. “ IPv4 Address Report.” International Journal of Foundations of Computer Science (IJFCS) . (March 2007) from http://www.potaroo.net/tools/ipv4/index.html
