Understanding IPv6

 

Service providers and some enterprises are faced with growing their networks using IPv6, while continuing to serve IPv4 customers.

Juniper Networks has made significant investments in technologies and solutions that enable enterprises and service providers to meet mixed IP addressing needs even as they build out IPv6 networks as rapidly as markets and services require.

Increasingly, the public side of network address translation (NAT) devices is IPv6 rather than IPv4. Service providers cannot continue giving customers globally routable IPv4 addresses, they cannot get new globally routable IPv4 addresses for expanding their own networks, and yet they must continue to serve both IPv4 customers and new customers, all of whom are primarily trying to reach IPv4 destinations.

IPv4 and IPv6 must coexist for some number of years, and their coexistence must be transparent to end users. If an IPv4-to-IPv6 transition is successful, the end users should not even notice it.

What is IPv6?

IP version 6 (IPv6) is the latest version of IP. IPv6 builds upon the functionality of IPv4, providing improvements to addressing, configuration and maintenance, and security. Juniper Networks is focused on helping service provider and enterprise customers deploy IPv6 in ways that improve current networks.

IPv6 offers the following benefits:

  • Expanded addressing capabilities—IPv4 uses 32-bit addresses and can support 4.3 billion devices connected directly to the Internet. IPv6, on the other hand, uses 128-bit addresses and supports a virtually unlimited number of devices—2 to the 128th power.

  • Header format simplification—IPv6 packet header format is designed to be efficient. IPv6 standardizes the size of the packet header to 40 bytes, divided into 8 fields. Figure 1 provides a comparison between the packet headers of the two protocol versions.

    Figure 1: IPv4 and IPv6 Header Comparison
    IPv4 and IPv6 Header Comparison
  • Improved support for extensions and options—Extension headers carry Internet-layer information and have a standard size and structure.

  • Flow labeling capability—Flow labels provide consistent handling of packets belonging to the same flow.

  • Improved privacy and security—IPv6 supports extensions for authentication and data integrity, which enhance privacy and security.

IPv6 Address Format

IPv6 addresses consist of eight hexadecimal groups. Each hexadecimal group, separated by a colon (:), consists of a 16-bit hexadecimal value. The following is an example of the IPv6 format:

xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx

A group of xxxx represents the 16-bit hexadecimal value. Each individual x represents a 4-bit hexadecimal value. The following is an example of a possible IPv6 address:

4FDE:0000:0000:0002:0022:F376:FF3B:AB3F

The first sixty four bits (4FDE:0000:0000:0002) are network bits, the remaining ones are the host's interface identifier (host bits). The network portion is provided by an ISP or by the registry (ARIN or RIPE).

The length of the prefix depends on the size of your organiztion:

  • Registries are assigned /23.

  • ISPs are assigned /32.

  • Sites are assigned /48.

Say, you are the organization that receives a /48 prefix like this: 4FDE:0000:0000:0000:0000:0000:0000:0000/48. This gives you two bytes (shown in itallics) in the network portion to create different networks (itallic portion: 2^16=65536 different numbers). As a shortcut, this network address space can be represented as 4FDE::/48.

To create the host portion of IPv6 address, if DHCP is not used, you have several options.

Table 1 lists the host addressing strategies.

Table 1: IPv6 Host Portion Techniques

Ways to Create the Host Portion of an IPv6 AddressExample

Embed an IPv4 address in an IPv6 address

4FDE::101.45.75.219

Manually

4FDE::1

EUI-64

Automatically create the host portion of IPv6 address based on the MAC address of the first Ethernet interface

For an example of manually assigned host addresses, see Example: Configuring IPv6 Static Routes. For an example of EUI-64 assigned host addresses, see Example: Configuring a Basic RIPng Network.

Implementations at Juniper Networks

When deploying IPv6, you can gain a great advantage by using Juniper Networks high-end routers because IPv6 has been implemented directly in the ASICs (Application-Specific Integrated Circuit). Having IPv6 compatibility in the hardware means that IPv6 packets can be forwarded at line rate – unlike many competing routers.

After over a decade of development, the IPv6 functionality in Juniper Networks products is extensive. Junos OS, for over ten years has had IPv6 support. Juniper has a tremendous presence on various technical bodies that have specified IPv6. Juniper had already enabled IPv6 across all of its platforms and interfaces back in 2002. Juniper was at the forefront of shipping IPv6-ready firewall and VPN gear in 2004. And Juniper was the first to have its routers certified as IPv6 capable by the U.S. Defense Department in 2007.

Just to highlight a few, Junos OS fully supports the following IPv6 RFCs:

  • RFC 2460, Internet Protocol, Version 6 (IPv6) Specification

  • RFC 3513, Internet Protocol Version 6 (IPv6) Addressing Architecture

  • RFC 2893, Transition Mechanisms for IPv6 Hosts and Routers

For a complete list of supported IPv6 RFCs, see Supported IPv6 Standards.

IPv4 and IPv6 Collaboration

IPv6 is the biggest upgrade in the 40-year history of the Internet. Forward-looking carriers and enterprises are deploying IPv6 because the Internet has run out of allocatable IP addresses using the current IPv4 standard. Juniper is putting its energy into supporting native IPv6 as well as dual-stack configurations where IPv6 runs alongside IPv4 in all of its products. Juniper fully supports an IPv4-to-IPv6 transition mechanism known as Dual-Stack Lite, and it has been a leader in another approach called 6PE for use with multiprotocol label switching (MPLS) networks.

Keep in mind that if you are going to dual stack all of your network devices, the interfaces need both an IPv6 and an IPv4 address. This raises the issue that the Internet has run out of IPv4 addresses, which is the main reason we need IPv6 in the first place. If you do not have an abundant supply of IPv4 addresses to apply to your devices, you can still use dual stacking, but you will need to conserve your supply of IPv4 addresses by using network address translation (NAT).

Building dual stacked networks with a mix of global IPv6 addresses and NAT-ed IPv4 addresses is quite feasible. Some specific solutions include carrier-grade NAT (CGN), NAT444, NAT464, and dual-stack lite.

Table 2 lists the types of IP transition strategies supported by Juniper Networks.

Table 2: IPv4 and IPv6 Collaboration Strategies

IPv4 and IPv6 Collaboration StrategyPurpose

Carrier-grade NAT—Sharing IPv4 addresses

To maintain IPv4 subscriber growth after IPv4 exhaustion, the remaining IPv4 addresses will have to be shared among end users. This is done with carrier-grade NAT (CGN). Rather than assigning public addresses directly to individual users, CGN “pulls back” these addresses to a more centralized Network Address Translation (NAT) point, allowing the sharing of a single public address among a much larger number of end devices. There are several variations in the deployment architecture of CGN. Dual Stack Lite (DS-Lite) and NAT44(4) are the most important ones for coexistence strategies. They are similar in the way that they enable providers to share a small set of IPv4 addresses among a large number of users. They differ in the way that packets are carried to the CGN. With DS-Lite, they are carried as IPv4 through an IPv6 tunnel; with NAT44(4) they are carried over IPv4.

NAT44(4)

NAT44(4) is an architecture that uses the NAT44 protocol to extend the life of a customer’s IPv4 address pool by allowing multiple subscribers or end users to share a single public IPv4 address. NAT44(4) requires no change to the service provider’s existing network infrastructure, and can be used in conjunction with 6rd for further benefits. In NAT44(4), the subscribers have their own private IPv4 (RFC1918) address space behind their customer premises equipment (CPE). The service provider translates the subscriber’s address to another IPv4 address in the access network to allow better utilization of the existing public IPv4 address space by aggregating subscribers in a public IPv4 pool on the carrier-grade NAT (CGN) router.

Dual Stack Lite (DS-Lite)

DS-Lite uses tunneling and NAT44 to mitigate IPv4 address depletion while incrementally adopting IPv6. When a device in the customer network sends an IPv4 packet to any destination, the IPv4 packet is encapsulated in an IPv6 packet for transport into the provider network. The address family transition router (AFTR) decapsulates the packet back to IPv4, and uses NAT44 to translates the private IPv4 address to a public IPv4 address and delivers the packet to the Internet.

Additional Juniper Networks supported IPv4/IPv6 technologies

  • NAT64—provides IPv6 to IPv4 translation allowing IPv6-only hosts to access IPv4-only hosts.

  • 6to4—connects IPv6 hosts or networks across an IPv4 infrastructure or Internet.

  • 6rd—provides rapid deployment of IPv6 service to end users over an existing IPv4 infrastructure.

  • IPv4/IPv6 dual stack—Junos OS supports IPv4/IPv6 dual stack, allowing concurrent independent operation of both protocols on a single router.