IPv4-to-IPv6 Transition Strategies: Tunneling Approaches
This article, excerpted from a white paper of the same name, is being presented over three issues of 6Sense and reviews the three primary migration technologies that can be used to transition from an IPv4 network to an IPv6 network. In February's issue we talked about Dual Stack. In this issue, we'll overview Tunneling. Then, in the April issue, we will discuss Translation. Click here to download our IPv6 Toolkit, which includes the full IPv4-to-IPv6 Transition Strategies white paper in addition to webinars on IPv6 management.
When we discuss migration, we're referring to an initial state of an IPv4-only network, which IPv6 nodes and networks are added to or overlaid over time, resulting in an IPv6-only network, or, more likely, a predominantly IPv6 network with continued IPv4 support.
In general, tunneling of IPv6 packets through an IPv4 network entails prefixing each IPv6 packet with an IPv4 header (Figure 1). This enables the tunneled packet to be routed over an IPv4 routing infrastructure. The entry node of the tunnel, whether a router or host, performs the encapsulation.1 The source IPv4 address in the IPv4 header is populated with that node's IPv4 address and the destination address is that of the tunnel endpoint. The protocol field of the IPv4 header is set to 41 (decimal) indicating an encapsulated IPv6 packet. The exit node or tunnel endpoint performs decapsulation to strip off the IPv4 header and route the packet as appropriate to the ultimate destination via IPv6.
In this figure, the originating IPv6 host on the left has an IPv6 address of W (for simplicity and brevity for now). A packet2 destined for the host on the far end of the diagram with an IPv6 address of Z is sent to a router serving the subnet. This router (with an IPv4 address of B and an IPv6 address of X) receives the IPv6 packet. Configured to tunnel packets destined for the network on which host Z resides, the router encapsulates the IPv6 packet with an IPv4 header. The router uses its IPv4 address (B) as the source IPv4 address and the tunnel endpoint router (with an IPv4 address of C) as the destination address, which is depicted beneath the IPv4 network in the center of the figure. The endpoint router decapsulates the packet, stripping off the IPv4 header and routes the original IPv6 packet to its intended destination (Z).
Another tunneling scenario features an IPv6/IPv4 host capable of supporting both IPv4 and IPv6 protocols, tunneling a packet to a router, which, in turn, decapsulates the packet and routes it natively via IPv6. This flow and packet header addresses are shown in Figure 3. The tunneling mechanism is the same as in the router-to-router case, but the tunnel endpoints are different.
The router-to-host configuration, as shown in Figure 4, is also very similar to router-to-router tunneling. The originating IPv6 host on the left of the diagram sends the IPv6 packet to its local router, which routes it to a router closest to the destination. The serving router is configured to tunnel IPv6 packets over IPv4 to the host, as shown in the figure.
The final tunneling configuration is one that spans end-to-end, from host-to-host. If the routing infrastructure has not yet been upgraded to support IPv6, this tunneling configuration enables two IPv6/IPv4 hosts to communicate via a tunnel over an IPv4 network as shown in Figure 5. In this example, the communication is IPv4 from end–to-end.
Next issue of 6Sense: Translation Approaches. Click
here to download our IPv6
Toolkit, which includes the full IPv4-to-IPv6 Transition Strategies
white paper in addition to webinars on IPv6 management.
1. The tunnel encapsulator endpoint must also manage the resulting tunneled packet
size with respect to the tunnel's maximum transmission unit (MTU) or packet size, and
inform the source if the packet is too large to tunnel.