Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

IPv6 Dual-Stack Lite

 

IPv6 Dual-Stack Lite (DS-Lite) is a technology to help Internet service providers to migrate to an IPv6 access network without changing end-user software. IPv4 users continue to access IPv4 internet content with minimum disruption to their home networks while enabling IPv6 users to access IPv6 content.

Understanding IPv6 Dual-Stack Lite

IPv6 dual-stack lite (DS-Lite) is a technology that enables Internet service providers to move to an IPv6 network while simultaneously handling IPv4 address depletion.

IPv4 addresses are becoming depleted; therefore, broadband service providers (DSL, cable, and mobile) need new addresses to support new users. Providing IPv6 addresses alone is often not workable because most of the systems that make up the public Internet are still enabled and support only IPv4, and many users’ systems do not yet fully support IPv6.

DS-Lite allows service providers to migrate to an IPv6 access network without changing end-user software. The device that accesses the Internet remains the same, thus allowing IPv4 users to continue accessing IPv4 internet content with minimum disruption to their home networks, while enabling IPv6 users to access IPv6 content.

Figure 1 illustrates the DS-Lite architecture which uses IPv6-only links between the provider and the user while maintaining the IPv4 (or dual-stack) hosts in the user network.

Figure 1: DS-Lite NAT (IPv4-in-IPv6)
 DS-Lite NAT (IPv4-in-IPv6)

The DS-Lite deployment model consists of the following components:

  • Softwire initiator for the DS-Lite home router--Encapsulates the IPv4 packet and transmits it across an IPv6 tunnel.

  • Softwire concentrator for DS-Lite carrier-grade Network Address Translation (NAT)–Decapsulates the IPv4-in-IPv6 packet and also performs IPv4-IPv4 NAT translations.

When a user’s device sends an IPv4 packet to an external destination, DS-Lite encapsulates the IPv4 packet in an IPv6 packet for transport into the provider network. These IPv4-in-IPv6 tunnels are called softwires. Tunneling IPv4 over IPv6 is simpler than translation and eliminates performance and redundancy concerns.

The softwires terminate in a softwire concentrator at some point in the service provider network, which decapsulates the IPv4 packets and sends them through a carrier-grade Network Address Translation (NAT) device. There, the packets undergo source NAT processing to hide the original source address.

IPv6 packets originated by hosts in the subscriber’s home network are transported natively over the access network.

The DS-Lite carrier-grade NAT translates IPv4-to-IPv4 addresses to multiple subscribers through a single global IPv4 address. Overlapping address spaces used by subscribers are disambiguated through the identification of tunnel endpoints. One concentrator can be the endpoint of multiple softwires.

The IPv4 packets originated by the end hosts have private (and possibly overlapping) IP addresses. Therefore, NAT must be applied to these packets. If end hosts have overlapping addresses, Network Address Port Translation (NAPT) is needed.

Using NAPT, the system adds the source address of the encapsulating IPv6 packet in the subscriber network to the inside IPv4 source address and port. Because each user’s IPv6 address is unique, the combination of the IPv6 source address with the IPv4 source address and port creates an unambiguous mapping.

The system takes the following actions when it receives a responding IPv4 packet from outside the subscriber network:

  • Encapsulates the IPv4 packet in an IPv6 packet using the mapped IPv6 address as the IPv6 destination address.

  • Forwards the packet to the user.

Table 1 lists the maximum number of softwire initiators and softwire concentrators per device. Platform support depends on the Junos OS release in your installation.

Table 1: Softwire Initiator and Softwire Concentrator Capacity

DescriptionSRX650SRX1500SRX3400

SRX3600
SRX4100

SRX4200
SRX4600SRX5400

SRX5600

SRX5800

Maximum softwire initiators connected per device

50,000

300

100,000

200,000

200,000

100,000

Maximum softwire concentrator numbers per device

32

32

32

32

32

32

Note

The most recent IETF draft documentation for DS-Lite uses new terminology:

  • The term softwire initiator has been replaced by B4.

  • The term softwire concentrator has been replaced by AFTR.

Junos OS documentation generally uses the original terms when discussing configuration in order to be consistent with the CLI statements used to configure DS-Lite.

For more information, see the following documents:

  • draft-ietf-softwire-dual-stack-lite-06, Dual-Stack Lite Broadband Deployments Following IPv4 Exhaustion, August 2010.

  • RFC 2473, Generic Packet Tunneling in IPv6 Specification, December 1998.

  • RFC 2663, IP Network Address Translator (NAT) Terminology and Considerations, August 1999.

  • RFC 4787, Network Address Translation (NAT) Behavioral Requirements for Unicast UDP, BCP 127, January 2007.

  • RFC 4925, Softwire Problem Statement, July 2007.

  • RFC 5382, NAT Behavioral Requirements for TCP, BCP 142, October 2008.

  • RFC 5508, NAT Behavioral Requirements for ICMP, BCP 148, April 2009.

  • http://www.potaroo.net/tools/ipv4/index.html

  • http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml

Example: Configuring IPv6 Dual-Stack Lite

When an ISP begins to allocate IPv6 addresses and IPv6-capable equipment to new subscriber homes, dual-stack lite (DS-Lite) provides a method for the private IPv4 addresses behind the IPv6 CE WAN equipment to reach the IPv4 network. DS-Lite enables IPv4 customers to continue to access the Internet using their current hardware by using a softwire initiator at the customer edge to encapsulate IPv4 packets into IPv6 packets with minimum disruption to their home network, while enabling IPv6 customers to access IPv6 content. The softwire concentrator decapsulates the IPv4-in-IPv6 packets and also performs IPv4-IPv4 NAT translations.

This example shows you how to configure a softwire concentrator for IPv4-in-IPv6 addresses.

Requirements

Before you begin:

Overview

This configuration example shows how to configure a softwire concentrator, the softwire name, the concentrator address, and the softwire type.

Note

The softwire concentrator IPv6 address can match an IPv6 address configured on a physical interface or an IPv6 address configured on a loopback interface.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in theCLI User Guide.

To configure a DS-Lite softwire concentrator to convert IPv4 packets into IPv6 packets:

  1. Assign a name for the softwire concentrator.
  2. Specify the address of the softwire concentrator.
  3. Specify the softwire type for IPv4 to IPv6.

Results

From configuration mode, confirm your configuration by entering the show command. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

If you are done configuring the device, enter commit from configuration mode.

Verification

From operational mode, enter the show security softwires command. If a softwire is not connected, the operational output looks like the following sample:

If a softwire is connected, the operational output looks like the following sample: