“M” might stand for Murder in the London theatre world, but the ultimate “M” word in IT has to be “Migration”.
Apply this word to the challenge that is moving from IPv4 to IPv6 and you can probably hear the howls of despair and mistake them for an attempted murder. There are, however, some fundamental tools/advanced features of IPv6 that are designed to ease this process. These have been adopted to a lesser or greater degree by different vendors, so it’s worth noting the availability of these features when shopping around for IPv6 assistance and future proofing.
We’ll start with three absolutely fundamental ways to manage your IP addresses and how these work in a migratory environment.
NAT: NAT (Network Address Translation) has became a pretty fundamental tool for alleviating the issues with limited IPv4 address spaces, with most companies enabling it on their network gateways and other devices. So how to transition this to IPv6. First, there is what is known as Carrier Grade NAT (AKA Large Scale NAT) whereby Carriers/ISPs can allocate multiple clients to a single IPv4 address, standardising behaviour for IPv4 NAT devices and the applications running over them, using features such as “fairness” mechanisms – user allocated port quotas and the like.
We also have specific transition technologies such as NAT 64. This is a mechanism to allow IPv6 hosts to communicate with IPv4 servers. The NAT64 server is the endpoint for at least one IPv4 address and an IPv6 network segment of 32-bits. The IPv6 client embeds the IPv4 address it wishes to communicate with using these bits, and sends its packets to the resulting address. The NAT64 server then creates a NAT mapping between the IPv6 and the IPv4 address, allowing them to communicate.
DNS: As with the 64-bit version of NAS, we also have a 64-bit version of DNS. The IPv6 end user’s DNS requests are received by the DNS64 device, which resolves the requests.
If there is an IPv6 DNS record (AAAA record), then the resolution is forwarded to the end user and they can access the resource directly.
If there is no IPv6 address but there is an IPv4 address (A record), then DNS64 converts the A record into an AAAA record using its NAT64 prefix and forwards it to the end user. The end user then accesses the NAT64 device that NATs this traffic to the IPv4 server.
Dual Stacks/DS-Lite: An obvious feature to look for is dual-stack support where all IPv4 and IPv6 features can run simultaneously. In addition there is DS-Lite (Dual Lite Stack) which enables incremental IPv6 deployment, providing a single IPv6 network that can serve IPv4 and IPv6 clients. Basically this works using IPv4 (tunneled from customer’s gateway) over IPv6 (carrier’s network) to a NAT device (carrier’s device allowing connection to IPv4 Internet, which can also apply LSN/CGN). Because of IPv4 address exhaustion, Dual Lite Stack was created to enable an ISP to omit the deployment of any IPv4 address to the customer’s on-premises equipment, or CPE. Instead, only global IPv6 addresses are provided. (Regular Dual-Stack deploys global addresses for both IPv4 and IPv6.)