Greg Smith of Citrix discusses practical tips for implementation as well as the benefits of IPv6
On June 6, 2012, many large Internet properties and Internet service providers (ISPs) enabled support for public IPv6 addresses. What this means for the average Internet user is a higher degree of confidence that the websites they access now and in the future will continue to be available from any device, anywhere in the world as this new standard is increasingly adopted.
Participants included Microsoft, Google, Facebook, Free Telecom, AT&T, Time Warner and Comcast. Such broad-based support for IPv6 does not mean that IPv4 will be turned off. It simply signals that mainstream production deployments will support both IPv4 and IPv6 technologies.
The primary motivation to support IPv6 is the standard’s nearly unlimited space for Internet addresses. There are, however, other advantages that benefit web site operators, Internet service providers (ISPs) and Internet users. These include:
Because the IPv6 standard is not backward compatible with IPv4, the new standard will force IPv6 and IPv4 networks to co-exist for some time. However, there are multiple technologies that support the straightforward transition to public IPv6 addressing so that transparency is preserved for all users.
IPv4 ← → IPv6 Network Address Translation (NAT)
To make this IPv6 to IPv4 address transformation practical, it is best executed in a high-speed networking device so that high performance and address transparency is fully preserved. In other words, Internet users should not perceive any difference in their user experience.
Traditional network address translation (NAT) has been used for more than a decade. It is often leveraged within enterprise networks to provide Internet connectivity to multiple users with private IP addresses – while still using one or more public IP addresses. NAT functionality is broadly available in routers (even home and consumer products), and application delivery controllers (ADCs). ADCs also provide load balancing and other technologies that optimize the delivery of applications over networks.
NAT technology can also be used to provide broader accessibility to users at organizations of all sizes that need to connect to various legacy apps that they would otherwise be unable to connect to because they were designed to only support IPv4 Internet addresses.
Encapsulation technologies are those that enable one type of protocol to be transported over another. The concept of encapsulation is very common across Internet technologies. Two prime encapsulation examples found in supporting IPv6 standards are 6rd and DS-Lite.
6rd, or IPv6 Rapid Deployment as it was originally known, is a transition technology popularized by Free Telecom in France. It is a technique that enables service providers to broadly assign IPv6 addresses to their end customers, but with no requirement to upgrade their core infrastructure so that it supports IPv6 natively.
Through the use of encapsulation, 6rd enables IPv6 hosts (e.g. web sites and Internet users) to communicate with one another, even when they are separated by IPv4 networks. This is done by establishing an IPv4 tunnel. The tunnel origination point on the sender’s side of the tunnel encapsulates the IPv6 traffic within IPv4 packets, and sends it over IPv4 to the device at the remote end of the tunnel. The device on the other end of the tunnel decapsulates the packets and sends the traffic over the IPv6 network to the final destination.
For this sort of encapsulation technology to function properly, service providers must provide 6rd support both at the Customer Edge (CE) of the customer network, as well as at the ISP’s network edge – at the Border Relay (BR). 6rd gateways at both locations (CE and BR) act as encapsulators and decapsulators for tunneled IPv6 traffic across IPv4 network. Any traffic destined to cross ISP network crosses the 6rd border relay and gets routed natively to IPv6 Internet. At the same time, traffic destined for IPv6 network in the same ISP’s 6rd domain gets routed internally. 6rd tunneled traffic follows IPv4 routing as 6rd devices communicate to each other on their IPv4 addresses.
Though 6rd helps ISPs to provision IPv6 connectivity to end users, it does not allow IPv6 clients to talk with IPv4 servers. For that to work, solutions like NAT64 / SLB64 are required.
DS-Lite is a tunneling technology that encapsulates IPv4 packets, and then transports those packets over IPv6 transport network for delivery to a final IPv4 destination. DS-Lite combines IPv4-in-IPv6 tunneling with NAT (discussed above). NAT functionality performs the IPv4-IPv4 translation before sending packets to public IPv4 network.
DS-Lite enables service providers to natively allocate IPv6 addresses to new customers, while continuing to support IPv4 customers. Main functional components involved in DS-Lite are B4 (Basic Bridging BroadBand) and AFTR (Address Family Translation Router) as shown in figure below.
In a DS-Lite enabled network, devices located at the customer premise provide B4 functionality. These customer devices allocate private IPv4 addresses to hosts in customer networks. B4 connects with service provider access network using the IPv6 address allocated by service provider, and then uses this IPv6 address to establish tunnel with the AFTR device.
AFTR is usually deployed at the edge of service provider IPv6 network and terminates the tunnel created with customer B4 element. AFTR also provides IPv4-IPv4 NAT to translate customer private IPv4 address to public IPv4 address before sending packets out to the public network.
Following sequence describes the connection establishment process using DS Lite:
There are many DS-Lite benefits:
These benefits, however, come with challenges: