6Sense: Generating New Possibilities in the New Internet.
Produced by: IPv6 Summit, Inc.

IPv6: Testing the Transition
by Bill Kine
Product Manager, Spirent Communicationss

The migration to IPv6 will be an evolutionary process. Users will not abandon their existing reliable IPv4 networks overnight; instead, a prolonged transition period can be expected. Many industry pundits (including DoD experts) predict that this period could easily last five to ten years. During this transitional stage, a whole new set of challenges will emerge. Routers, switches, servers, and sometimes even end-users' workstations will need to handle double duties - supporting both IPv4 and IPv6.

Up until now, most IPv6 testing has occurred in pristine lab environments and has focused on the fundamental conformance, performance, scalability and functional aspects of the IPv6 protocol. However, the initial deployment scenarios for IPv6 will not consist of pure IPv6 networks; they will probably be unwieldy hybrids that include both versions of IP. The next phase of IPv6 testing must address these mixed environments in order to ensure the success of the next decade of DoD networks.

Transition Methods:

There are three likely transition mechanisms for supporting concurrent IPv4 and IPv6 networks. Each of these methods can also be subdivided into several different variations, but the three macro mechanisms are sufficient for the purposes of this discussion. These transition methods include tunneling, translation, and dual-stack support.

Network Tunneling: Network tunneling solutions were designed to provide connectivity between remote IPv6 destinations over the traditional IPv4 Internet. Conversely, when IPv6 ultimately gains the upper hand on IPv4, a similar technique can be used to interconnect remote IPv4 clusters over the IPv6 Internet.

The diagram below indicates a simple tunneling solution. In this case, IPv6 "islands" are separated by the IPv4 "ocean." In order for the IPv6 workstation on the left to send data to the IPv6 workstation on the right, the information must be tunneled through the IPv4 Internet. The tunnel is constructed by the ingress router "A" which prepends an IPv4 address to the packet. The IPv4 address is that of the egress router "B;" this address is used to route the packet through the Internet. When router "B" receives the packet, it will remove the IPv4 address and deliver the original IPv6 packet to its destination.



Several philosophical differences exist within the communications industry regarding the method for establishing these tunnels (sometimes known as "6-over-4"). Manual and automatic configuration methods have been proposed; each with its own unique set of strengths and weaknesses. However, no matter how this solution is implemented, there are some obvious issues that must be considered:

  1. Tunnels do not allow IPv6 devices to access IPv4 resources and vice versa.

  2. The ingress and egress routers must support both versions of IP and be aware of the topologies of both networks.

  3. This is the most complex transitional mechanism.

  4. Tunnel scalability is unknown.

  5. Standards have not been fully defined.

Network Translation: The network translation process is much more straightforward than tunneling. This simply involves installing some sort of gateway device between the IPv6 and IPv4 networks. A gateway can be a server or router that translates IPv4 and IPv6 addresses and protocols. This process is known as Network Address Translation - Protocol Translation (NAT-PT).

The diagram below indicates a typical NAT-PT solution. In this environment, all of the IPv4 devices are accessible from the IPv6 network and vice versa. However, this means that the NAT-PT appliance becomes part of the critical path for all connections between IPv4 and IPv6. Some other considerations associated with this transitional mechanism are:

  1. NAT-PT device is a single point of failure.

  2. NAT-PT device is a potential bottleneck.

  3. Interconnecting two remote IPv6 "islands" requires traversing two NAT-PT devices.

 

Dual Stacks: The most common transitional mechanism consists of supporting dual stacks on the network devices or servers. The vast majority of transitional networks throughout the world currently employ dual stacks. This means that a router or server must support both IPv4 and IPv6. The device will check an incoming packet's protocol version and then process the packet based upon the correct stack.

On the surface, this seems like a very simple and general solution, however it commandeers substantial resources from the routers, switches or servers. In short, this is a classic case of double-duty. Some of the issues associated with dual stacks include:

  1. Servers and network devices must double their network protocol processing requirements.
    a. Could lead to throughput limitations.
    b. Could create performance problems.
    c. Configurations can be complex and problematic.

  2. IPv6 devices cannot access IPv4 resources and vice versa.

Testing the Transition: None of the current transition mechanisms provide a perfect solution. Each is accompanied by its own unique price in terms of network complexity, performance and scalability limitations and/or resource reachability issues. Every network manager must assess the impact of these issues in his/her own unique environment and applications.

Transitional networks cannot be expected to support the same level of performance as the commonly deployed IPv4 networks. The resource requirements associated with supporting both versions of the Internet Protocol is immense - perhaps twice that of sustaining a single version. Packet latency could increase dramatically and scalability could be severely reduced.

The only way to determine the impact of these issues on a particular network is to test the devices in a lab before deploying transitional mechanisms in a production network. A complete IPv4/IPv6 transitional analysis should include the following three components:

Conformance Testing: Validates a DUT's adherence to the prevailing standards or drafts. This is especially critical when using tunneling methodologies, since these standards are continuing to evolve. Conformance testing will help ensure multi-vendor interoperability.

Functional Testing: Verifies the functionality of the transitional mechanisms. This ensures that valid packets are delivered to the correct end stations. Functional testing can also assure the users that IPv4 and IPv6 will both operate concurrently in their network environment.

Performance Testing: Measures the IPv4 and IPv6 throughput, packet loss, and latency for transitional networks. Network and device scalability metrics can also be ascertained using performance testing. Performance testing is critical for evaluating users' application performance and satisfaction levels.

Summing Up: IPv6 is coming. It will be phased into the DoD networks over the next several years. During this transitional period, both versions of the Internet Protocol must be supported concurrently. The overhead associated with these dual-protocol networks can be substantial. The only way to determine the impact of this overhead and select the appropriate transitional mechanisms is to test each network's unique equipment and configuration. The success or failure of a transitional network will be directly related to the degree of testing that is conducted in advance.