Transition Technologies

IPv6 and IPv4 will coexist for many years, and a wide range of techniques make coexistence possible and provide an easy transition. Making the right choices and finding the best migration path is essential. There is not an easy one-size-fits-all strategy. The migration path has to be adjusted to the individual requirements of each organization and network.

The available techniques that support you in your transition are separated into three main categories:

These techniques can and likely will be used in combination. The migration to IPv6 can be done step-by-step, starting with single hosts or subnets. You can migrate your corporate network or parts of it while your ISP still runs only IPv4, or your ISP can upgrade to IPv6 while your corporate network still runs IPv4.

IPv4 to IPv6 Translation

Legacy applications are continuing to stall IPv6 global deployment. Some applications will never be ready for IPv6 (for example, SNA application in COBOL), but as long as you have not hard-coded IPv4 address in the application code-many applications and services can and will be IPv6 ready using an IPv4 to IPv6 translation method, such as SIIT IPv6.

Numerous IPv4 to IPv6 translation methods exist, all of which introduce complexity and network state and eventually lose the visibility of end clients with the potential to cause IPv6 fragmentation. These are compounded by the issues of NAT46, which we will discuss in just a moment. Let us look at one IPv4 to IPv6 translation method enabling a type of IPv6 high availability.

For additional pre-information, you may find the following helpful.

1. IPv6 RA
2. IPv6 Host Exposure
3. IPv6 Attacks
4. Technology Insight for Microsegmentation
5. ICMPv6

SIIT and protocol translation. Back to basics.

SITT (Stateless Internet Protocol/Internet Control Messaging Protocol Translation), referenced as RFC2765, is an IPv6 transition mechanism. SITT enables IPv6-only hosts to communicate with IPv4-only hosts. The translation mechanism involves a stateless mapping or bi-directional translation algorithm between IPv4 and IPv6 packet headers and between Internet Control Messaging Protocol version 4 (ICMPv4) and ICMPv6 messages. There are two common ways to design this. First, the translation process can be performed directly in the end system or a network-based device.

Benefits of SIIT IPv6:

1. Simplified Network Architecture:

SIIT IPv6 simplifies network architecture by eliminating the need for complex translation mechanisms. It allows organizations to consolidate their networks by seamlessly connecting IPv6 networks with existing IPv4 infrastructure. This simplification reduces operational costs and enhances overall network efficiency.

2. Seamless Transition:

One of the key advantages of SIIT IPv6 is its ability to facilitate a seamless transition from IPv4 to IPv6. It ensures that devices on both IPv4 and IPv6 networks can communicate with each other without any disruptions or compatibility issues. This smooth transition process is crucial in avoiding service interruptions and enabling a gradual migration to the new protocol.

3. Enhanced Security:

SIIT IPv6 provides enhanced security features compared to traditional IPv4 networks. By leveraging the security enhancements offered by IPv6, such as IPsec, SIIT helps protect data transmitted between IPv4 and IPv6 networks. This added layer of security ensures the confidentiality, integrity, and availability of information, safeguarding organizations from potential cyber threats.

4. Scalability:

As the demand for internet connectivity continues to grow exponentially, scalability becomes a critical factor. SIIT IPv6 offers a scalable solution, allowing organizations to accommodate the increasing number of devices and users on their network. With the abundance of IPv6 addresses, SIIT ensures that scalability is not a limiting factor in the future growth of internet connectivity.

Example: IPv4 to IPv6 translation method

Alexa, a subsidiary of Amazon.com, provides commercial web traffic data and states most content now runs over IPv6. However, IPv6-only mobile devices are still lagging due to Skype and other legacy applications running only over IPv4. The introduction of 464XLAT enables IPv4-Ipv6-IPv4 translations, allowing legacy applications to work over IPv6.  A better solution is to design against RFC 6052 Stateless IP/ICMP translation; stateless IPv6-to-IPv4 translation technology.

• A quick recap: Types of NAT

The following list of some different forms of NAT:

Highlighting SIIT IPv6

As stated previously, IPv4 and IPv6 will coexist for the foreseeable future. Therefore, how and when an organization migrates to IPv6 will depend on its specific situation. The SIIT (Stateless IP/ICMP Translation) algorithm translates between the IPv4 and IPv6 packet headers, including ICMP headers. Now we have a network deployment model to allow legacy IPv4-only networks to establish connections to and from IPv6-only networks, in other words, to allow connections between single-stack IPv4-only and IPv6-only networks.

SIIT is helpful for:

1. For deploying IPv6-only data centers.
2. A solution to public IPv4 address exhaustion.
3. To simplify or even avoid deploying dual-stack scenarios by considering a single-stack approach.

NAT Performance Problems

The problem with IPv4 communication to IPv6 content is transit path NAT boxes. Service Providers lose control of users’ experience. Deployment usually starts with NAT, as it’s the most straightforward approach. Carrier-Grade NAT ( GCN ) is expensive and should be avoided. NAT always breaks things. It limits the number of connections per client, breaks IPv4 URL literal, and peer-to-peer applications have problems with NAT. 

• Example VoIP

When dealing with NAT traversal, which is getting packets in and out of your NAT device, it will significantly impact VoIP security, so you need to know what the issues are and how to protect your network. Customers will move to a content provider that works if the content breaks.

Problem with keeping state in networks

With NAT, an ample IPv6 address space gets mapped into a small IPv4 address space, which is done statefully. Keeping state in the network is terrible and hits performance. Devices that have to track all states and flows that cross their interfaces are susceptible to performance problems. The stateful device requires traffic to follow correct paths, and flows must traverse the same proxy device. The stateful device does not support asymmetric routing.

If one device fails and no stateful failover is configured, all sessions break and must be re-establish. We lose visibility of the IPv6 client’s source IP address. End-to-end source visibility is required for geographical traffic routing ( geolocation load balancing ), logging, etc. Also, IPv4-only web servers in the data center will only see the inside IPv4 address of the NAT46 device.

Using SIIT for Stateless NAT46

Stateless IP/ICMP Translation ( SIIT ) RFC 6052 translates between IPv6 and IPv4 packet headers without any network state or loss of the original clients’ IP address. Enabling IPv4 clients to connect to IPv6-only data centers. When the translating device receives an IPv4 datagram addressed to a destination towards the IPv6 domain, it translates the IPv4 header of the packet into an IPv6 header. The data portion of the packet is left unchanged.

SIIT mapping system

SIIT allows IPv4 clients to connect to IPv6-only content via the SIIT mapping system. It does not keep state or change/play with port numbers. Solves the problem of content providers running out of IPv4 but not for clients running out of IPv4. Clients still connect via traditional IPv4 methods.

SIIT maps 32 bits of the IPv4 address space into a /96 IPv6 prefix. I am totaling 128 bits. The prefix 64:FF9B::/96 is assigned by RFC 6052 for algorithmic mapping between address families. However, it is not globally routable. For flexibility, I would recommend assigning your own global /96 address. Hosting companies could then offer translation as a service. Every possible IPv4 address has a one-to-one mapping with an IPv6 address.

IPv6 is configured only on the back-end systems (single stack IPv6), and mapping between IPv4-mapped-IPv6 is a core network function. All the tables are held on SIIT boxes and not on the servers. So, the network team looks after the complexity.

Native external IPv6 typically connects to IPv6 servers; external IPv4 connects to IPv6 content through the SIIT mapping system.

The SIIT operation

The external user connects via traditional IPv4 mechanisms. Users perform DNS lookup for IPv4 address and send TCP SYN or HTTP GET to the destination address. SIIT device examines the destination of the received packet and determines if it has a static mapping for the matched IPv4 address. SIIT gateway will translate the address to whatever static mapping you have set. The destination web server sees the packet as a regular IPv6 address. With a bit of PHP scripting code on the server, you can extract the original IPv4 address of the client. The source address may be used for geographical routing, logging, etc.

The server and client are unaware of what is happening. The TCP and HTTP payload is end-to-end—no TCP or UDP port translation. The single element of TCP that gets touched is the TCP checksum. Ports numbers and payload do not change. If an IPv6 server needs to reach IPv4 content on v4 Internet ( example: an update service ), deploy NAT64 or HTTP proxy that uses a dual-stack outside and inside the IP address.

HTTP proxy handles IPv4 and IPv6 HTTP content, serving IPv6 and IPv4 client connections. Most people use HTTP, but if someone wants to use multicast or another specialist service, just put them on IPv4 and operate them under regular V4 terms.

SIIT IPv6 presents an innovative and practical solution for enabling seamless communication between IPv6 and IPv4 networks. Its ability to simplify network architecture, facilitate a smooth transition, enhance security, and provide scalability makes it a crucial technology in the evolving landscape of internet connectivity. As organizations embrace the benefits of SIIT IPv6, they can unlock new possibilities and ensure a seamless experience for their users in the ever-expanding digital world.