IPv6 Configuration (Cont.)

Tunnel Configuration

Configuration for tunneling an IPv6 Routing Information Protocol (RIP), and an IPv6 Border Gateway Protocol (BGP) network and traffic through a pre-existing IPv4 network. This technique allows you to connect IPv6 sites over the IPv4 backbone that exists.

Overlay tunneling encapsulates IPv6 packets in IPv4 packets for delivery across an IPv4 infrastructure. This is similar to how you create a generic routing encapsulation (GRE) tunnel to transport Internetwork Packet Exchange (IPX) traffic through an IP network. At the tunnel head end, an IPv6 packet is encapsulated into IPv4 packet and sent to the remote tunnel destination. This is where the IPv4 packet header is stripped, and the original IPv6 packet is forwarded further into an IPv6 cloud.

These are the five methods of tunneling IPv6 traffic:

• Manual IPv6 tunnels
• Automatic IPv4-Compatible tunnels
• GRE
• Automatic 6to4 tunnels
• Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) Tunnels

The primary difference in these tunneling techniques is the method in which the tunnel source and destination are determined. In this document, the manual and Automatic IPv4 Compatible tunnel types are described. Refer to Implementing Tunneling for IPv6for information on other tunneling techniques and their characteristics.

Overlay tunnels reduce the maximum transmission unit (MTU) of an interface by 20 octets. This assumes that the basic IPv4 packet header does not contain optional fields. A network that uses overlay tunnels is difficult to troubleshoot. Therefore, overlay tunnels that connect isolated IPv6 networks should not be considered as a final IPv6 network architecture. The use of overlay tunnels should be considered as a transition technique toward a network that supports both the IPv4 and IPv6 protocol stacks, or just the IPv6 protocol stack.

Prerequisites

Requirements

Cisco recommends that you have knowledge of IPv6 before you attempt this configuration. Refer to Implementing IPv6 Addressing and Basic Connectivity for information on IPv6.

Components Used

The information in this document is based on Cisco 36xx series routers that run Cisco IOS^® Software Release 12.3(13).

Any hardware platform which supports Cisco IOS Software Release 12.2(2)T or 12.0(21)ST and later also supports IPv6.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: Use the Command Lookup Tool (registered customers only) to find more information on the commands used in this document.

Network Diagram

This document uses this network setup:

Configurations (Manual IPv6 Mode)

The configuration of manually configured tunnels for IPv6 is self-explanatory. It requires definite specification of the tunnel IPv4 source and the tunnel IPv4 destination. The only drawback of when you use this technique is the amount of administration you must perform when the number of tunnels grows.

This document uses these configurations for the manual IPv6 mode:

• R1-IPv6
• R2-IPv6-IPv4
• R3-IPv4
• R4-IPv4-IPv6
• R5-IPv6

R1-IPv6 (Cisco 3640 Router)

R1-ipv6#show run Building configuration... Current configuration : 916 bytes ! version 12.3 hostname R1-ipv6 ! boot system flash logging buffered 4096 debugging ! ip subnet-zero ip cef ! ! no ip domain-lookup ! ipv6 unicast-routing ! ! ! ! interface Ethernet0/0 no ip address shutdown ! interface Ethernet0/1 no ip address ipv6 address 2000:1:1:1:1:1:1:1112/112 ipv6 rip 6bone enable ! ! ip classless ! ipv6 router rip 6bone ! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 login ! ! ! end

R2-IPv6-IPv4 (Cisco 3640 Router)

R2-ipv6-ipv4#show run Building configuration... Current configuration : 1079 bytes ! version 12.3 ! hostname R2-ipv6-ipv4 ! ip subnet-zero ! ! ipv6 unicast-routing ! ! interface Tunnel0 no ip address ipv6 address 3000::1/112 ipv6 rip 6bone enable tunnel source Serial0/0 tunnel destination 192.34.1.4 tunnel mode ipv6ip !--- Configures Manual tunnel. !--- In some cases, user would require a Data License !--- in order to issue "tunnel mode ipv6ip" ! ! interface Serial0/0 ip address 192.23.1.2 255.255.255.0 clockrate 64000 ! interface FastEthernet0/1 no ip address duplex auto speed auto ipv6 address 2000:1:1:1:1:1:1:1111/112 ipv6 rip 6bone enable ! router ospf 1 log-adjacency-changes network 192.23.1.0 0.0.0.255 area 0 ! ip classless ! ipv6 router rip 6bone ! ! line con 0 line aux 0 line vty 0 4 login line vty 5 15 login ! ! end

R3-IPv4 (Cisco 2621 Router)

R3-ipv4#show run Building configuration... Current configuration : 865 bytes ! version 12.3 ! hostname R3-ipv4 ! ! memory-size iomem 15 ip subnet-zero ! ! interface Serial0/0 ip address 192.23.1.3 255.255.255.0 ! interface Serial0/1 ip address 192.34.1.3 255.255.255.0 ! router ospf 1 log-adjacency-changes network 192.23.1.0 0.0.0.255 area 0 network 192.34.1.0 0.0.0.255 area 0 ! ip classless ! line con 0 line aux 0 line vty 0 4 ! ! end

R4-IPv4-IPv6 (Cisco 3640 Router)

R4-ipv4-ipv6#show run Building configuration... Current configuration : 1413 bytes ! version 12.3 ! hostname R4-ipv4-ipv6 ! ! ip subnet-zero ! ! no ip domain-lookup ! ipv6 unicast-routing ! ! ! interface Tunnel0 no ip address ipv6 address 3000::2/112 ipv6 rip 6bone enable tunnel source Serial1/5 tunnel destination 192.23.1.2 tunnel mode ipv6ip !--- Configures Manual tunnel. ! ! interface Serial1/5 ip address 192.34.1.4 255.255.255.0 clockrate 64000 ! ! interface Ethernet3/0 no ip address half-duplex ipv6 address 4000:1:1:1:1:1:1:1111/112 ipv6 rip 6bone enable ! router ospf 1 log-adjacency-changes network 192.34.1.0 0.0.0.255 area 0 ! ip classless ! ipv6 router rip 6bone ! ! line con 0 line aux 0 line vty 0 4 login ! ! end

R5-IPv6 (Cisco 7500 Router)

R5-ipv6#show run Building configuration... Current configuration : 1001 bytes ! version 12.3 ! hostname R5-ipv6 ! ip subnet-zero ip cef distributed ! ! no ip domain-lookup ! ipv6 unicast-routing ! ! ! interface Ethernet1/2 no ip address ipv6 address 4000:1:1:1:1:1:1:1112/112 ipv6 rip 6bone enable ! ! ip classless ! ipv6 router rip 6bone ! ! ! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 login ! ! end

Configuratining and Routing With IPv6

To use IPv6 on your router, you must, at a minimum, enable the protocol and assign IPv6 addresses to your interfaces, like this:

Router(config)# ipv6 unicast-routing

Router(config)# interface type [slot_#/]port_#

Router(config-if)# ipv6 address ipv6_address_prefix/prefix_length [eui-64]

The ipv6 unicast-routing command globally enables IPv6 and must be the first IPv6 command executed on the router. The ipv6 address command assigns the prefix, the length, and the use of EUI-64 to assign the interface ID. Optionally, you can omit the eui-64 parameter and configure the entire IPv6 address. You can use the show ipv6 interface command to verify an interface’s configuration. Here’s an example configuration, with its verification:

Router(config)# ipv6 unicast-routing

By default, IPv6 traffic forwarding is disabled, so using this command enables it. Also, as you’ve probably guessed, IPv6 isn’t enabled by default on any interfaces either, so we have to go to each interface individually and enable it. There are a few different ways to do this, but a really easy way is to just add an address to the interface. You use the 
interface configuration command ipv6 address <ipv6prefix>/ <prefix-length > [eui-64] to get this done.

Router(config)# interface fastethernet0/0

Router(config-if)# ipv6 address 2001:1cc1:dddd:2::/64 eui-64
Router(config-if)# end

FastEthernet0/0 is administratively down, line protocol is down
Router# show ipv6 interface fastethernet0/0

[TEN]
IPv6 is enabled, link-local address is FE80::207:EFF:FE46:4070
No Virtual link-local address(es):

Joined group address(es):
Global unicast address(es):
2001:1CC1:DDDD:2:207:EFF:FE46:4070, subnet is
2001:1CC1:DDDD:2::/64 [EUI/TEN]
FF02::1

FF02::2

To set up a static DNS resolution table on the router, use the ipv6 host command; you can also specify a DNS server with the ip name-server command:

Router(config)# ipv6 host hostname [port_#] ipv6_address1 [ipv6_address2…]

Router(config)# ip name-server DNS_server_IPv6_address

The ip name-server command can be used to assign both IPv4 and IPv6 DNS servers.

Routing and IPv6

As in IPv4, routers in IPv6 find best paths to destinations based on metrics and administrative distances; and like IPv4, IPv6 routers look for the longest matching prefix in the IPv6 routing table to forward a packet to its destination. The main difference is that the IPv6 router is looking at 128 bits when making a routing decision instead of 32 bits.

RIPng

Routing Information Protocol next generation (RIPng) is actually similar to RIP for IPv4, with these characteristics:

• It's a distance vector protocol.
• The hop-count limit is 15.
• Split horizon and poison reverse are used to prevent routing loops.
• It is based on RIPv2.
• Cisco routers running 12.2(2) T and later support RIPng.

These are the enhancements in RIPng:

• An IPv6 packet is used to transport the routing update.
• The ALL-RIP routers multicast address (FF02::9) is used as the destination address in routing
• advertisements and is delivered to UDP port 521.
• Routing updates contain the IPv6 prefix of the router and the next-hop IPv6 address.

Enabling RIPng is a little bit different than enabling RIP for IPv4. First, you use the ipv6 router rip tag command to enable RIPng globally:

Router(config)# ipv6 router rip tag

This takes you into a subcommand mode, where you can change some of the global values for RIPng, such as disabling split horizon, the administrative distance, and timers. The tag is a locally significant identifier used to differentiate between multiple RIP processes running on the router. Unlike RIP for IPv6, there is no network command to include interfaces in RIPng. Instead, you must enable RIPng on a per-interface basis with the ipv6 rip tag enable command:

Router(config)# interface type [slot_#/]port_#

Router(config-if)# ipv6 rip tag enable

The tag parameter associates the interface with the correct RIPng routing process. To view the routing protocol configuration, use theshow ipv6 rip command:

Router# show ipv6 rip

RIP process "RIPPROC1", port 521, multicast-group FF02::9,
pid 187

Updates every 30 seconds, expire after 180
Administrative distance is 120. Maximum paths is 16

Split horizon is on; poison reverse is off
Holddown lasts 0 seconds, garbage collect after 120
Default routes are not generated

None
Periodic updates 2, trigger updates 0
Interfaces:
FastEthernet0/0

Redistribution:

In this example, the tag is RIPPROC1 for the name of the RIPng routing process and RIPng is enabled on FastEthernet0/0. To view the IPv6 routing table for RIPng, use the show ipv6 route rip command.

The 12 in the interface command again references the AS number that was enabled in the configuration mode. Last to check out in our group is what OSPF looks like in the IPv6 routing protocol.

EIGRPv6

As with RIPng, EIGRPv6 works much the same as its IPv4 predecessor does—most of the features that EIGRP provided before EIGRPv6 will still be available.

EIGRPv6 is still an advanced distance-vector protocol that has some link-state features. The neighbor discovery process using hellos still happens, and it still provides reliable communication with reliable transport protocol that gives us loop-free fast convergence using the Diffusing Update Algorithm (DUAL).

Hello packets and updates are sent using multicast transmission, and as with RIPng, EIGRPv6’s multicast address stayed almost the same.

In IPv4 it was 224.0.0.10; in IPv6, it’s FF02::A (A = 10 in hexadecimal notation).
But obviously, there are differences between the two versions. Most notably, and just as with RIPng, the use of the network command is gone, and the network and interface to be advertised must be enabled from interface configuration mode.

But you still have to use the router configuration mode to enable the routing protocol in EIGRPv6 because the routing process must be literally turned on like an interface with the no shutdown command The configuration for EIGRPv6 is going to look like this:

Router1(config)#ipv6 router eigrp 12

The 12 in this case is still the autonomous system (AS) number. The prompt changes to
(config-rtr), 
and from here you must perform a no shutdown:

Router1(config-rtr)#no shutdown

Other options also can be configured in this mode, like redistribution. So now, let's go to the interface and enable IPv6:

Router1(config-if)#ipv6 eigrp 12

The 12 in the interface command again references the AS number that was enabled in the configuration mode. Last to check out in our group is what OSPF looks like in the IPv6 routing protocol.

OSPFv3

The new version of OSPF continues the trend of the routing protocols having many similarities with their IPv4 versions. The foundation of OSPF remains the same—it is still a link-state routing protocol that divides an entire internetworks or autonomous system into areas, making a hierarchy. In OSPF version 2, the router ID (RID) is determined by the highest IP addresses assigned to the router (or you could assign it).

In version 3, you assign the RID, area ID, and link-state ID, which are all still 32-bit values but are not found using the IP address anymore because an IPv6 address is 128 bits. Changes regarding how these values are assigned, along with the removal of the IP address information from OSPF packet headers, makes the new version of OSPF capable of being routed over almost any Network layer protocol!

Adjacencies and next-hop attributes now use link-local addresses, and OSPFv3 still uses multicast traffic to send its updates and acknowledgments, with the addresses FF02::5 for OSPF routers and FF02::6 for OSPF-designated routers. These new addresses are the replacements for 224.0.0.5 and 224.0.0.6, respectively.

Other, less flexible IPv4 protocols don’t give us the ability that OSPFv2 does to assign specific networks and interfaces into the OSPF process—however, this is something that is still configured under the router configuration process. And with OSPFv3, just as with the other IPv6 routing protocols we have talked about, the interfaces and therefore the networks attached to them are configured directly on the interface in interface configuration mode.

The configuration of OSPFv3 is going to look like this:

Router1(config)#ipv6 router osfp 10

Router1(config-rtr)#router-id 1.1.1.1

The 12 in the interface command again references the AS number that was enabled in the configuration mode. Last to check out in our group is what OSPF looks like in the IPv6 routing protocol.

You get to perform some configurations from router configuration mode like summarization and redistribution, but we don’t even need to configure OSPFv3 from this prompt if we configure OSPFv3 from the interface.

When the interface configuration is completed, the router configuration process is added automatically and the interface configuration looks like this:

Router1(config-if)#ipv6 ospf 10 area 0.0.0.0

Internet Protocol version 6(Cont.)

Addressing

Compared to IPv4, the most obvious advantage of IPv6 is its larger address space. IPv4 addresses are 32 bits long and number about 4.3×10⁹ (4.3 billion).^[31] IPv6 addresses are 128 bits long and number about 3.4×10³⁸ (340 undecillion). IPv6's addresses are deemed enough for the foreseeable future.

IPv6 addresses are written in eight groups of four hexadecimal digits separated by colons, such as 2001:0db8:85a3:0000:0000:8a2e:0370:7334. IPv6 unicast addresses other than those that start with binary 000 are logically divided into two parts: a 64-bit (sub-)network prefix, and a 64-bit interface identifier.

Stateless autoconfiguration

An IPv6 host may generate its own IP address and test its uniqueness in the addressing scope intended. IPv6 addresses consist of two parts. The most-significant 64 bits are the subnet prefix to which the host is connected, and the least-significant 64 bits are the identifier of the host interface on the subnet. This means that the identifier need only be unique on the subnet to which the host is connected, which simplifies the detection of duplicate addresses.

Autoconfigured address format

part	Subnet prefix	Interface identifier
bits	64	64

Link local address

All IPv6 hosts require a link-local address. This is derived from the MAC address of each interface and the link-local prefix FE80::/10. The process involves filling the address space with prefix bits left-justified to the most-significant bit, and filling the MAC address in EUI-64 format into the least-significant bits. If any bits remain to be filled between the two parts, those are set to zero.

The uniqueness of the address on the subnet is tested with the Duplicate Address Detection (DAD) method.

Address uniqueness

Hosts verify the uniqueness of addresses assigned by sending a neighbor solicitation message asking for the Link Layer address of the IP address. If any other host are using that address, they respond. However, MAC addresses are designed to be unique on each network card which minimizes chances of duplication.

The host first determines if the network is connected to any routers at all, because if not, then all nodes are reachable using the link-local address that already is assigned to the host. The host will send out a Router Solicitation message to the all-routers multicast group with its link local address as source. If there is no answer after a predetermined number of attempts, the host concludes that no routers are connected. If it does get a response from a router, there will be network information inside that is needed to create a globally unique address. There are also two flag bits that tell the host whether it should use DHCP to get further information and addresses:

• The Manage bit, that indicates whether or not the host should use DHCP to obtain additional addresses
• The Other bit, that indicates whether or not the host should obtain other information through DHCP. The other information consists of one or more prefix information options for the subnets that the host is attached to, a lifetime for the prefix, and two flags:^[36]
• On-link

  If this flag is set, the host will treat all addresses on the specific subnet as being on-link, and send packets directly to them instead of sending them to a router for the duration of the given lifetime.

• Address

  This is the flag that tells the host to actually create a global address.

Global addressing

The assignment procedure for global addresses is similar to local address construction. The prefix is supplied from router advertisements on the network. Multiple prefix announcements cause multiple addresses to be configured.

Stateless address autoconfiguration (SLAAC) requires a /64 address block, as defined in RFC 4291. Local Internet registries are assigned at least /32 blocks, which they divide among subordinate networks. The initial recommendation stated assignment of a /48 subnet to end-consumer sites (RFC 3177). This was replaced by RFC 6177, which "recommends giving home sites significantly more than a single /64, but does not recommend that every home site be given a /48 either". /56s are specifically considered. It remains to be seen if ISPs will honor this recommendation. For example, during initial trials, Comcast customers were given a single /64 network.

IPv6 addresses are classified by three types of networking methodologies: unicast addresses identify each network interface, anycast addresses identify a group of interfaces, usually at different locations of which the nearest one is automatically selected, and multicast addresses are used to deliver one packet to many interfaces. The broadcastmethod is not implemented in IPv6. Each IPv6 address has a scope, which specifies in which part of the network it is valid and unique. Some addresses are unique only on the local (sub-)network. Others are globally unique.

Some IPv6 addresses are reserved for special purposes, such as loopback, 6to4 tunneling, and Teredo tunneling, as outlined in RFC 5156. Also, some address ranges are considered special, such as link-local addresses for use on the local link only, Unique Local addresses (ULA), as described in RFC 4193, and solicited-node multicast addresses used in the Neighbor Discovery Protocol.

IPv6 in the Domain Name System

In the Domain Name System, hostnames are mapped to IPv6 addresses by AAAA resource records, so-called quad-A records. For reverse resolution, the IETF reserved the domain ip6.arpa, where the name space is hierarchically divided by the 1-digit hexadecimal representation of nibble units (4 bits) of the IPv6 address. This scheme is defined in RFC 3596.

Address representation

The 128 bits of an IPv6 address are represented in 8 groups of 16 bits each. Each group is written as 4 hexadecimal digits and the groups are separated by colons (:). The address 2001:0db8:0000:0000:0000:ff00:0042:8329 is an example of this representation.

For convenience, an IPv6 address may be abbreviated to shorter notations by application of the following rules, where possible.

• One or more leading zeroes from any groups of hexadecimal digits are removed; this is usually done to either all or none of the leading zeroes. For example, the group 0042is converted to 42.
• Consecutive sections of zeroes are replaced with a double colon (::). The double colon may only be used once in an address, as multiple use would render the address indeterminate. RFC 5952 recommends that a double colon must not be used to denote an omitted single section of zeroes.

An example of application of these rules:

Initial address: 2001:0db8:0000:0000:0000:ff00:0042:8329

After removing all leading zeroes in each group: 2001:db8:0:0:0:ff00:42:8329

After omitting consecutive sections of zeroes: 2001:db8::ff00:42:8329

The loopback address, 0000:0000:0000:0000:0000:0000:0000:0001, may be abbreviated to ::1 by using both rules.

As an IPv6 address may have more than one representation, the IETF has issued a proposed standard for representing them in text

Transition Mechanisms

IPv6 is not foreseen to supplant IPv4 instantaneously. Both protocols will continue to operate simultaneously for some time. Therefore, some IPv6 transition mechanisms are needed to enable IPv6 hosts to reach IPv4 services and to allow isolated IPv6 hosts and networks to reach each other over IPv4 infrastructure.

Many of these transition mechanisms use tunneling to encapsulate IPv6 traffic within IPv4 networks. This is an imperfect solution, which reduces the maximum transmission unit(MTU) of a link and therefore complicates Path MTU Discovery, and may increase latency. Tunneling protocols are a temporary solution for networks that do not support native dual-stack, where both IPv6 and IPv4 run independently.

Dual IP stack implementation

Dual-stack (or native dual-stack) IP implementations provide complete IPv4 and IPv6 protocol stacks in the same network node. This facilitates native communications between nodes using either protocol. The method is defined in RFC 4213.

This is the most desirable IPv6 implementation during the transition from IPv4 to IPv6, as it avoids the complexities of tunneling, such as security, increased latency, management overhead, and a reduced PMTU. However, it is not always possible, since outdated network equipment may not support IPv6.

Dual-stack software design is a transitional technique to facilitate the adoption and deployment of IPv6. However, it might introduce more security threats as hosts could be subject to attacks from both IPv4 and IPv6. It has been argued that dual-stack could ultimately overburden the global networking infrastructure by requiring routers to deal with IPv4 and IPv6 routing simultaneously.

Tunneling

Many current Internet users do not have IPv6 dual-stack support, and thus cannot reach IPv6 sites directly. Instead, they must use IPv4 infrastructure to carry IPv6 packets. This is done using a technique known as tunneling, which encapsulates IPv6 packets within IPv4, in effect using IPv4 as a link layer for IPv6.

IP protocol 41 indicates IPv4 packets which encapsulate IPv6 datagrams. Some routers or network address translation devices may block protocol 41. To pass through these devices, UDP packets may be used to encapsulate IPv6 datagrams. Other encapsulation schemes, such as AYIYA or Generic Routing Encapsulation, are also popular.

Conversely, on IPv6-only Internet links, when access to IPv4 network facilities is needed, tunneling of IPv4 over IPv6 protocol occurs, using the IPv6 as a link layer for IPv4.

Automatic tunneling

Automatic tunneling refers to a technique by which the routing infrastructure automatically determines the tunnel endpoints. Some automatic tunneling techniques are below.

6to4 is recommended by RFC 3056. It uses protocol 41 encapsulation. Tunnel endpoints are determined by using a well-known IPv4 anycast address on the remote side, and embedding IPv4 address information within IPv6 addresses on the local side. 6to4 is the most common tunnel protocol currently deployed.

Teredo is an automatic tunneling technique that uses UDP encapsulation and can allegedly cross multiple NAT nodes. IPv6, including 6to4 and Teredo tunneling, are enabled by default in Windows Vista and Windows 7. Most Unix systems implement only 6to4, but Teredo can be provided by third-party software such as Miredo.

ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) uses the IPv4 network as a virtual IPv6 local link, with mappings from each IPv4 address to a link-local IPv6 address. Unlike 6to4 and Teredo, which are inter-site tunneling mechanisms, ISATAP is an intra-site mechanism, meaning that it is designed to provide IPv6 connectivity between nodes within a single organization.

Configured and automated tunneling (6in4)

6in4 tunneling requires the tunnel endpoints to be explicitly configured, either by an administrator manually or the operating system's configuration mechanisms, or by an automatic service known as a tunnel broker; this is also referred to as automated tunneling. Configured tunneling is usually more deterministic and easier to debug than automatic tunneling, and is therefore recommended for large, well-administered networks. Automated tunneling provides a compromise between the ease of use of automatic tunneling and the deterministic behavior of configured tunneling.

Raw encapsulation of IPv6 packets using IPv4 protocol number 41 is recommended for configured tunneling; this is sometimes known as 6in4 tunneling. As with automatic tunneling, encapsulation within UDP may be used in order to cross NAT boxes and firewalls.

Proxying and translation for IPv6-only hosts

After the regional Internet registries have exhausted their pools of available IPv4 addresses, it is likely that hosts newly added to the Internet might only have IPv6 connectivity. For these clients to have backward-compatible connectivity to existing IPv4-only resources, suitable IPv6 transition mechanisms must be deployed.

One form of address translation is the use of a dual-stack application-layer proxy server, for example a web proxy.

NAT-like techniques for application-agnostic translation at the lower layers in routers and gateways have been proposed. The NAT-PT standard was dropped because of criticisms;^[53] however, more recently, the continued low adoption of IPv6 has prompted a new standardization effort of a technology called NAT64.

Internet Protocol version 6

Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion. IPv6 is intended to replace IPv4.

Every device on the Internet is assigned an IP address for identification and location definition. With the rapid growth of the Internet after commercialization in the 1990s, it became evident that far more addresses than the IPv4 address space has available were necessary to connect new devices in the future. By 1998, the Internet Engineering Task Force (IETF) had formalized the successor protocol. IPv6 uses a 128-bit address, allowing 2¹²⁸, or approximately 3.4×10³⁸ addresses, or more than 7.9×10²⁸ times as many as IPv4, which uses 32-bit addresses and provides approximately 4.3 billion addresses. The two protocols are not designed to beinteroperable, complicating the transition to IPv6. However, several IPv6 transition mechanisms have been devised to permit communication between IPv4 and IPv6 hosts.

Main Features

IPv6 is an Internet Layer protocol for packet-switched internetworking and provides end-to-end datagram transmission across multiple IP networks, closely adhering to the design principles developed in the previous version of the protocol, Internet Protocol Version 4 (IPv4). IPv6 was first formally described in Internet standard document RFC 2460, published in December 1998.^[1] In addition to offering more addresses, IPv6 also implements features not present in IPv4. It simplifies aspects of address assignment (stateless address autoconfiguration), network renumbering, and router announcements when changing network connectivity providers. It simplifies processing of packets in routers by placing the responsibility for packet fragmentation into the end points. The IPv6 subnet size is standardized by fixing the size of the host identifier portion of an address to 64 bits to facilitate an automatic mechanism for forming the host identifier from link layer addressing information (MAC address). Network security was a design requirement of the IPv6 architecture, and included the original specification of IPsec.

IPv6 does not specify interoperability features with IPv4, but essentially creates a parallel, independent network. Exchanging traffic between the two networks requires translator gateways employing one of several transition mechanisms, such as NAT64, or a tunneling protocol like 6to4, 6in4, or Teredo.

Comparison with IPv4

On the Internet, data is transmitted in the form of network packets. IPv6 specifies a new packet format, designed to minimize packet header processing by routers. Because the headers of IPv4 packets and IPv6 packets are significantly different, the two protocols are not interoperable. However, in most respects, IPv6 is an extension of IPv4. Most transport and application-layer protocols need little or no change to operate over IPv6; exceptions are application protocols that embed Internet-layer addresses, such as FTPand NTP, where the new address format may cause conflicts with existing protocol syntax.

Larger address space

The main advantage of IPv6 over IPv4 is its larger address space. The length of an IPv6 address is 128 bits, compared with 32 bits in IPv4.^[1] The address space therefore has 2¹²⁸ or approximately 3.4×10³⁸ addresses.

In addition, the IPv4 address space is poorly allocated, with approximately 14% of all available addresses utilized. While these numbers are large, it was not the intent of the designers of the IPv6 address space to assure geographical saturation with usable addresses. Rather, the longer addresses simplify allocation of addresses, enable efficientroute aggregation, and allow implementation of special addressing features. In IPv4, complex Classless Inter-Domain Routing (CIDR) methods were developed to make the best use of the small address space. The standard size of a subnet in IPv6 is 2⁶⁴ addresses, the square of the size of the entire IPv4 address space. Thus, actual address space utilization rates will be small in IPv6, but network management and routing efficiency are improved by the large subnet space and hierarchical route aggregation.

Renumbering an existing network for a new connectivity provider with different routing prefixes is a major effort with IPv4. With IPv6, however, changing the prefix announced by a few routers can in principle renumber an entire network, since the host identifiers (the least-significant 64 bits of an address) can be independently self-configured by a host.

Multicasting

Multicasting, the transmission of a packet to multiple destinations in a single send operation, is part of the base specification in IPv6. In IPv4 this is an optional although commonly implemented feature. IPv6 multicast addressing shares common features and protocols with IPv4 multicast, but also provides changes and improvements by eliminating the need for certain protocols. IPv6 does not implement traditional IP broadcast, i.e. the transmission of a packet to all hosts on the attached link using a special broadcast address, and therefore does not define broadcast addresses. In IPv6, the same result can be achieved by sending a packet to the link-local all nodes multicast group at addressff02::1, which is analogous to IPv4 multicast to address 224.0.0.1. IPv6 also provides for new multicast implementations, including embedding rendezvous point addresses in an IPv6 multicast group address, which simplifies the deployment of inter-domain solutions.

In IPv4 it is very difficult for an organization to get even one globally routable multicast group assignment, and the implementation of inter-domain solutions is arcane. Unicast address assignments by a local Internet registry for IPv6 have at least a 64-bit routing prefix, yielding the smallest subnet size available in IPv6 (also 64 bits). With such an assignment it is possible to embed the unicast address prefix into the IPv6 multicast address format, while still providing a 32-bit block, the least significant bits of the address, or approximately 4.2 billion multicast group identifiers. Thus each user of an IPv6 subnet automatically has available a set of globally routable source-specific multicast groups for multicast applications.

Stateless address autoconfiguration (SLAAC)

IPv6 hosts can configure themselves automatically when connected to an IPv6 network using the Neighbor Discovery Protocol via Internet Control Message Protocol version 6 (ICMPv6) router discovery messages. When first connected to a network, a host sends a link-local router solicitation multicast request for its configuration parameters; routers respond to such a request with a router advertisement packet that contains Internet Layer configuration parameters.

If IPv6 stateless address autoconfiguration is unsuitable for an application, a network may use stateful configuration with the Dynamic Host Configuration Protocol version 6 (DHCPv6) or hosts may be configured manually using static methods.

Routers present a special case of requirements for address configuration, as they often are sources of autoconfiguration information, such as router and prefix advertisements. Stateless configuration of routers can be achieved with a special router renumbering protocol.

Network-layer security

Internet Protocol Security (IPsec) was originally developed for IPv6, but found widespread deployment first in IPv4, for which it was re-engineered. IPsec was a mandatory specification of the base IPv6 protocol suite, but has since been made optional.

Simplified processing by routers

In IPv6, the packet header and the process of packet forwarding have been simplified. Although IPv6 packet headers are at least twice the size of IPv4 packet headers, packet processing by routers is generally more efficient, thereby extending the end-to-end principle of Internet design. Specifically:

• The packet header in IPv6 is simpler than that used in IPv4, with many rarely used fields moved to separate optional header extensions.
• IPv6 routers do not perform fragmentation. IPv6 hosts are required to either perform path MTU discovery, perform end-to-end fragmentation, or to send packets no larger than the IPv6 default MTU size of 1280 octets.
• The IPv6 header is not protected by a checksum; integrity protection is assumed to be assured by both link-layer and higher-layer (TCP, UDP, etc.) error detection. UDP/IPv4 may actually have a checksum of 0, indicating no checksum; IPv6 requires UDP to have its own checksum. Therefore, IPv6 routers do not need to recompute a checksum when header fields (such as the time to live (TTL) or hop count) change. This improvement may have been made less necessary by the development of routers that perform checksum computation at link speed using dedicated hardware, but it is still relevant for software-based routers.
• The TTL field of IPv4 has been renamed to Hop Limit in IPv6, reflecting the fact that routers are no longer expected to compute the time a packet has spent in a queue.

Mobility

Unlike mobile IPv4, mobile IPv6 avoids triangular routing and is therefore as efficient as native IPv6. IPv6 routers may also allow entire subnets to move to a new router connection point without renumbering.

Options extensibility

The IPv6 packet header has a fixed size (40 octets). Options are implemented as additional extension headers after the IPv6 header, which limits their size only by the size of an entire packet. The extension header mechanism makes the protocol extensible in that it allows future services for quality of service, security, mobility, and others to be added without redesign of the basic protocol.

Jumbograms

IPv4 limits packets to 65535 (2¹⁶−1) octets of payload. An IPv6 node can optionally handle packets over this limit, referred to as jumbograms, which can be as large as4294967295 (2³²−1) octets. The use of jumbograms may improve performance over high-MTU links. The use of jumbograms is indicated by the Jumbo Payload Option header.

Privacy

Like IPv4, IPv6 supports globally unique IP addresses by which the network activity of each device can potentially be tracked. The design of IPv6 intended to re-emphasize the end-to-end principle of network design that was originally conceived during the establishment of the early Internet. In this approach each device on the network has a unique address globally reachable directly from any other location on the Internet.

• Network prefix

Network prefix tracking is less of a concern if the user's ISP assigns a dynamic network prefix via DHCP. Privacy extensions do little to protect the user from tracking if the ISP assigns a static network prefix. In this scenario, the network prefix is the unique identifier for tracking and the interface identifier is secondary.

• Interface identifier

In IPv4 the effort to conserve address space with network address translation (NAT) obfuscates network address spaces, hosts, and topologies. In IPv6 when using address auto-configuration, the Interface Identifier (MAC address) of an interface port is used to make its public IP address unique, exposing the type of hardware used and providing a unique handle for a user's online activity.

It is not a requirement for IPv6 hosts to use address auto-configuration, however. Yet, even when an address is not based on the MAC address, the interface's address is globally unique, in contrast to NAT-masqueraded private networks. Privacy extensions for IPv6 have been defined to address these privacy concerns, although Silvia Hagen describes these as being largely due to "misunderstanding". When privacy extensions are enabled, the operating system generates random host identifiers to combine with the assigned network prefix. These ephemeral addresses are used to communicate with remote hosts making it more difficult to track a single device.

Packet Format

An IPv6 packet has two parts: a header and payload.

The header consists of a fixed portion with minimal functionality required for all packets and may be followed by optional extensions to implement special features.

The fixed header occupies the first 40 octets (320 bits) of the IPv6 packet. It contains the source and destination addresses, traffic classification options, a hop counter, and the type of the optional extension or payload which follows the header. This Next Header field tells the receiver how to interpret the data which follows the header. If the packet contains options, this field contains the option type of the next option. The "Next Header" field of the last option, points to the upper-layer protocol that is carried in the packet's payload.

Extension headers carry options that are used for special treatment of a packet in the network, e.g., for routing, fragmentation, and for security using the IPsec framework.

Without special options, a payload must be less than 64KB. With a Jumbo Payload option (in a Hop-By-Hop Options extension header), the payload must be less than 4 GB.

Unlike with IPv4, routers never fragment a packet. Hosts are expected to use Path MTU Discovery to make their packets small enough to reach the destination without needing to be fragmented.

Frame Configuration (Cont.)

PVC Switching Configuration Example

You can configure your router as a dedicated, DCE-only Frame Relay switch. Switching is based on DLCIs. The incoming DLCI is examined, and the outgoing interface and DLCI are determined. Switching takes place when the incoming DLCI in the packet is replaced by the outgoing DLCI, and the packet is sent out the outgoing interface.

In Figure 31, the router switches two PVCs between serial interfaces 1 and 2. Frames with DLCI 100 received on serial 1 will be transmitted with DLCI 200 on serial 2.

Figure 31 PVC Switching Configuration

The following example shows one router with two interfaces configured as DCEs. The router switches frames from the incoming interface to the outgoing interface on the basis of the DLCI alone.

Configuration for Router A

frame-relay switching

interface Serial1

 no ip address

 encapsulation frame-relay

 keepalive 15

 frame-relay lmi-type ansi

 frame-relay intf-type dce

 frame-relay route 100 interface Serial2 200

 frame-relay route 101 interface Serial2 201

 clockrate 2000000

!

interface Serial2

 encapsulation frame-relay

 keepalive 15

 frame-relay intf-type dce

 frame-relay route 200 interface Serial1 100

 frame-relay route 201 interface Serial1 101

 clockrate 64000

Pure Frame Relay DCE Example

Using the PVC switching feature, it is possible to build an entire Frame Relay network using routers. In Figure 32, router A and router C act as Frame Relay switches implementing a two-node network. The standard Network-to-Network Interface (NNI) signalling protocol is used between router A and router C.

The following example shows a Frame Relay network with two routers functioning as switches and standard NNI signalling used between them.

Figure 32 Frame Relay DCE Configuration

Configuration for Router A

frame-relay switching

interface serial 1

 no ip address

 encapsulation frame-relay

 frame-relay intf-type dce

 frame-relay lmi-type ansi

 frame-relay route 100 interface serial 2 200

!

interface serial 2

 no ip address

 encapsulation frame-relay

 frame-relay intf-type nni

 frame-relay lmi-type q933a

 frame-relay route 200 interface serial 1 100

 clockrate 2048000

!

Configuration for Router C

frame-relay switching

!

interface serial 1

 no ip address

 encapsulation frame-relay

 frame-relay intf-type dce

 frame-relay route 300 interface serial 2 200

!

interface serial 2

 no ip address

 encapsulation frame-relay

 frame-relay intf-type nni

 frame-relay lmi-type q933a

 frame-relay route 200 interface serial 1 300

!