Ipv4 to Ipv6 Deployment in Medium to Large Scale Networks

Rodney Smith

3-25-05

CS 158B

IPv4 to IPv6 Deployment in Medium to Large Scale Networks

The reasons for moving to a 128-bit addressing scheme instead of 32-bit addressing scheme is simple, more addresses means more global connectivity. The issue facing Internet Protocol version Four (IPv4) is that the current pool of addresses is being consumed and that eventually all addresses will be used. Protocols have been created to help fix this solution such as Network Address Translation (NAT) protocol which allows private addressing to be used inside a network with a specific pool of global addresses to be used for access on the internet. This still doesn’t fix the fact that new technologies and products need the use of a globally unique address. By pushing for Internet Protocol version Six (IPv6) to be deployed we allow the rules of the network to be transparent to devices and applications.

In order to provide IPv6 to applications that can take advantage of its properties, a careful deployment strategy must be applied to networks for seamless integration of IPv4 and IPv6. Of course this must be cheap, easy, and reasonably low overhead to accomplish and in this paper the discussion of certain methods will be presented, but not used due to not having one of these characteristics. Fortunately, tools have been created to help with the transition from IPv4 to IPv6.

Part of utilizing the tools to transition from IPv4 to IPv6 requires deployment of IPv6 to be from the edges of the network and move toward the core. This makes sense considering applications drive IPv6 deployment and allow gradual upgrades to be taken place at the pace of given network administrator’s discretion. This allows for some early test trials to observe problems that may arise during implementation. Some of the early configuration would be on the Domain Name Server (DNS) to be able to support IPv4 and IPv6.

Since layer 3 is where IP lies at, our focus is on how IPv6 will be implemented at the router level and the service provider level. IPv6 will of course have no impact on layer 2 devices such as switches and hubs in the network as these devices do not look at the IP header of these packets. A few concepts must be observed before continuing.

Figure 1

Figure 1 is an example of how a basic network is connected. Businesses connect to the internet via service provider to connect to another site of their business or the internet. The service provider is what lies in between these locations. The placements of these routers act different depending on their placement. The C routers are customer routers and do not connect to the outside world. The Customer Edge (CE) routers connect to the service provider and are the entrance/exit to the outside network. The service provider has Provider Edge (PE) routers which connect to the CE routers. The Provider (P) router is at the core of the service provider network.

Most of the configuration and operation will occur at the boundaries between autonomous systems (AS). An AS is a routing domain that distributes route within itself using an Internal Gateway Protocol (IGP).

Dual-Stack

This method of allowing IPv4 to coexist with IPv6 is to run both protocols on a router. Configuration is simple, but overhead is high. For example, by running dual-stack this doubles the memory requirements of the router so upgrades might be necessary. This is usually configured on the customer sites as it is unfeasible and costly to run dual-stack on most service provider routers due to the size of some routing tables. Dual will usually be applied to the C routers and CE routers.

The method of routing within these dual-stack routers is RIPng which is RIP specific to IPv6, Intermediate System to Intermediate System for IPv6(i/IS-IS), and Open Shortest Path First version three (OSPFv3). The most likely candidate for IPv6 would be OSPFv3. OSPFv3 is somewhat improved over OSPFv2 in that once it provides the route, it sends updates using pointers to the route which reduces overhead of the packet.

Figure 2

6to4

IPv6 over IPv4 tunnel is a method applied on the PE routers where the CE connected is an IPv6 router and the PE is running dual-stack. The interface facing the CE has a tunnel applied to it with the tunnel terminating at a different destination within the service provider network. A tunnel is a method of networking that lets packets flow through the network being completely oblivious as to the method of transportation. This is done through encapsulating the packet and putting an IPv4 header on such packet. This allows the core to continue using IPv4 addressing. There are drawbacks to this method though. For each path need to a different AS, there needs to be a separately configured 6to4 tunnel requiring high administrative overhead and being an overall troubleshooting nightmare.

Tunnel Broker

To alleviate tunnels having to be configured all the time the service provider uses a remote host to run a script which dynamically configures the tunnels on a CE router. This is not recommended due to security issues and a single point of failure being the remote host.

Automatic IPv4 tunnel

As good as it sounds it really isn’t. In order for tunnels to be created, all routers must be running dual-stack which means an IPv4 address must be used on all routers, it also requires the use of NAT configuration must be stable and pre-established for this to work which means it isn’t dynamic. The benefits of IPv6 are overall wasted on this method due to poor scalability.

Automatic 6to4

Instead of running dual-stack on all routers in the core, unique 6to4 multicast addressing is used on all 6to4 routers on the edge and tunneling is again over an IPv4 core. When a packet arrives to another 6to4 router, it looks at the packet and sees that it has a multicast source. The destination is then looked and the router forwards it to the connecting IPv6 network. Multicasting allows packets to be sent to a specific group of recipient nodes. In IPv6 there are no broadcasts so this method is taking advantage of a unique feature of IPv6. This method is still not regarded as being usable due to high NAT overhead.

IPv6 over Dedicated Links

For IPv6 to go over Wide Area Networks (WANs) it is much simpler. WANs operate at layer 2 so they don’t look at the IP header at all typically. Only difference in having IPv6 over a WAN is that it is a dedicated IPv6 network as how IPv4 is over a WAN. This means that if one wants to coexist with IPv4 they would have to apply tunneling methods and additional Private Virtual Connections (PVCs) to be created by the service provider.

IPv6 over MPLS

This is the method of choice when implementing enterprise class networks that utilize IPv6. Multi-Protocol Label Switching (MPLS) is a very powerful protocol. Essentially what it does is connect networks over a service provider’s network with complete transparency through the use of small encapsulation on a packet’s header. Possibilities of applying a label at the PE make it seem as if multiple remote networks are connected as one. MPLS offers advantages such as a finer Quality of Service (QOS), traffic engineering possibilities, and allows Virtual Private Networks (VPNs). The way these MPLS labels are drawn is through the use of VPN Routing and Forwarding, a Cisco technology, are used to distribute packets to other CEs that terminate to the partnering VPN. This allows different sites to be connected privately.

So now that one applies MPLS to a network allows the network to be one VPN, IPv6 can be used. With dual-stack 6to4 tunnels on the CE’s we can use MPLS to create a VPN which is IPv4 and the service provider will not take any part of the IPv6 process. This is nice in a way because it allows great flexibility within a network to not be bounded by the service provider. As a note, service providers typically provide MPLS as a service.

6PE

Implementing MPLS on the CE can be considered one deployment stage; implementing MPLS on the provider edge would be the next deployment stage in creating an IPv6 network. This incredible feature makes the service provider seemingly provide native IPv4 and IPv6 support.

Figure 3

The 6PE router implements a dual stack, but the packet forwarding is done through MPLS. Since the 6PE is a dual stack it can also handle IPv4 networks and take advantage of MPLS and combine them to make a VPN as well. Do note that access to internet outside a companies’ VPN isn’t as complicated as it looks, it is provided from the cloud itself and should not be seen as any complicated task of building a network. Only 6PE routers need software and hardware upgrades which make it a cost effective solution by allowing the core routers to stay the way they are.

The last defining solution of combining MPLS with IPv6 is that VRF’s can be used to connect to the artificially created IPv4 vpn’s which create a seamless IPv6 and IPv4 network with the combination of a DNS that implements IPv4 and IPv6. This VRF compatibility with 6PE is a relatively new feature and is something that should be strongly considered and tested before implementation.

SOCKSv5

For hosts to talk to each other that are of different IP stacks. This is configured on the gateway which reduces configuration headaches on what could be thousands and thousands of hosts. It allows resolution of addresses without the altering of a current IPv4 DNS.

Put short, deploying an IPv6 network is work that should be delegated from the outwards in. Make no mistake that to implement all of this requires a networking expert and plenty of thought. Also coordination with one’s service provider should be done. If a service provider does not provide the services needed for the IPv6 upgrade then one should look for another or more likely encourage their service provider to upgrade.

Bibliography

Cisco Connection Documentation. 2005. 21 March 2005 < http://www.cisco.com/univercd/home/home.htm >.

Internet Protocol, Version 6 (IPv6) Specification. 2005. 21 March 2005 <http://www.ietf.org/rfc/rfc2460.txt>.