Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Understanding IPv6 Dual-Stack Lite


IPv6 dual-stack lite (DS-Lite) is a technology that enables Internet service providers to move to an IPv6 network while simultaneously handling IPv4 address depletion.

IPv4 addresses are becoming depleted; therefore, broadband service providers (DSL, cable, and mobile) need new addresses to support new users. Providing IPv6 addresses alone is often not workable because most of the systems that make up the public Internet are still enabled and support only IPv4, and many users’ systems do not yet fully support IPv6.

DS-Lite allows service providers to migrate to an IPv6 access network without changing end-user software. The device that accesses the Internet remains the same, thus allowing IPv4 users to continue accessing IPv4 internet content with minimum disruption to their home networks, while enabling IPv6 users to access IPv6 content.

Figure 1 illustrates the DS-Lite architecture which uses IPv6-only links between the provider and the user while maintaining the IPv4 (or dual-stack) hosts in the user network.

Figure 1: DS-Lite NAT (IPv4-in-IPv6)
 DS-Lite NAT (IPv4-in-IPv6)

The DS-Lite deployment model consists of the following components:

  • Softwire initiator for the DS-Lite home router--Encapsulates the IPv4 packet and transmits it across an IPv6 tunnel.

  • Softwire concentrator for DS-Lite carrier-grade Network Address Translation (NAT)–Decapsulates the IPv4-in-IPv6 packet and also performs IPv4-IPv4 NAT translations.

When a user’s device sends an IPv4 packet to an external destination, DS-Lite encapsulates the IPv4 packet in an IPv6 packet for transport into the provider network. These IPv4-in-IPv6 tunnels are called softwires. Tunneling IPv4 over IPv6 is simpler than translation and eliminates performance and redundancy concerns.

The softwires terminate in a softwire concentrator at some point in the service provider network, which decapsulates the IPv4 packets and sends them through a carrier-grade Network Address Translation (NAT) device. There, the packets undergo source NAT processing to hide the original source address.

IPv6 packets originated by hosts in the subscriber’s home network are transported natively over the access network.

The DS-Lite carrier-grade NAT translates IPv4-to-IPv4 addresses to multiple subscribers through a single global IPv4 address. Overlapping address spaces used by subscribers are disambiguated through the identification of tunnel endpoints. One concentrator can be the endpoint of multiple softwires.

The IPv4 packets originated by the end hosts have private (and possibly overlapping) IP addresses. Therefore, NAT must be applied to these packets. If end hosts have overlapping addresses, Network Address Port Translation (NAPT) is needed.

Using NAPT, the system adds the source address of the encapsulating IPv6 packet in the subscriber network to the inside IPv4 source address and port. Because each user’s IPv6 address is unique, the combination of the IPv6 source address with the IPv4 source address and port creates an unambiguous mapping.

The system takes the following actions when it receives a responding IPv4 packet from outside the subscriber network:

  • Encapsulates the IPv4 packet in an IPv6 packet using the mapped IPv6 address as the IPv6 destination address.

  • Forwards the packet to the user.

Table 1 lists the maximum number of softwire initiators and softwire concentrators per device. Platform support depends on the Junos OS release in your installation.

Table 1: Softwire Initiator and Softwire Concentrator Capacity






Maximum softwire initiators connected per device







Maximum softwire concentrator numbers per device








The most recent IETF draft documentation for DS-Lite uses new terminology:

  • The term softwire initiator has been replaced by B4.

  • The term softwire concentrator has been replaced by AFTR.

Junos OS documentation generally uses the original terms when discussing configuration in order to be consistent with the CLI statements used to configure DS-Lite.

For more information, see the following documents:

  • draft-ietf-softwire-dual-stack-lite-06, Dual-Stack Lite Broadband Deployments Following IPv4 Exhaustion, August 2010.

  • RFC 2473, Generic Packet Tunneling in IPv6 Specification, December 1998.

  • RFC 2663, IP Network Address Translator (NAT) Terminology and Considerations, August 1999.

  • RFC 4787, Network Address Translation (NAT) Behavioral Requirements for Unicast UDP, BCP 127, January 2007.

  • RFC 4925, Softwire Problem Statement, July 2007.

  • RFC 5382, NAT Behavioral Requirements for TCP, BCP 142, October 2008.

  • RFC 5508, NAT Behavioral Requirements for ICMP, BCP 148, April 2009.