A Summary Of Transition Mechanisms

Published Date: 02 Nov 2017

Abstract:

Internet Protocol is the language of the internet. Every device must have an IP address to communicate to the internet. IPv4 has about in theory 4.3 billion addresses, wherein world�s population is 7 billion. Internet has been growing very fast and more and more people are using smart phones which require an IP address. To meet this tremendous need for IP, a temporary solution was NAT (Network Address Translation) that allowed a single public address to carry internet traffic for an entire office by the use of private RFC1918 addresses. Considering the future grows, a new IP addressing scheme was needed and IPv6 was developed.

In this document, we will discuss the design and implementation differences between IPv4 and v6 and also document the routing protocol support for IPv6. At the end, we will give a recommendation on suitable protocols to update current infrastructure to IPv6.

Introduction:

IPv6 was first proposed by IETF in 1992. It�s only recently that interest has grown up to migrate to IPv6 due to the overwhelming tasks of readdressing and upgrading of existing networks and applications. There were actually two drivers for the development and deployment of IPv6.

1. The primary reason was the limited address space in IPv4 and the growing need for new addresses. According to Hurricane Electric�s report IPv4 addresses has exhausted in 2011, and as of now 87% TLDs are IPv6 ready.

2. IPv6 was developed with the 20 years of IPv4 experience in mind. Many enhancements are integrated in IPv6. Like IPSec, QoS, Peer- to-peer networking, end-to-end security, and mobile IP to name a few.

IPv4 is a 32bit address space wherein IPv6 uses a 128bit address scheme which gives 3.4 x 10 ^38 addresses. There is a significant improvement in IPv6 design; IPv6 Header is reduced to fewer fields which provide faster processing and routing efficiency.

IPv4 addresses are represented in Hexadecimal format. The major differences between them are:

Figure 1: IPv4 Header format

Figure 2: IPv6 Header format

IPv6 basic header is 40-bytes fixed length. Header Checksum is removed in IPv6 which greatly reduces processing time of the network layer. If checksum is required, it can be implemented using the AH of the IPSec. It includes an 8bit Next Header field which specifies the extension header. Extension header allows end-to-end security. A new header Flow Level tags packets in particular traffic flow, routers no longer needs to process the data to identify the traffic flow.

Difference between IPv4 and IPv6 (15-points)

There are some significant enhancements on IPv6 addressing over IPv4.

� IPv6 supports three types of address, Unicast, Multicast and Anycast. Broadcast address is removed in IPv6. New address type Anycast represents a service and does one-to-nearest mapping. A packet sent to Anycast address is delivered to nearest and lowest cost interface. Unicast addresses are further divided into three types Global Unicast, Unique-Local Unicast, and Link-Local Unicast.

o Global Unicast: Global Unicast address is a globally unique address and publicly routable.

Figure 3 : Global Unicast Address

First four bit is always 0001 that is 0x2000::/3. The IANA and RIRs (Regional Internet Registries) normally assigns /32 or /35 IPv6 prefixes to the (Local Internet Registries) LIRs. Then LIRs who are usually ISPs, assigns customers prefixes of /48 to /64 in length. Unlike IPv4, IPv6 prefixes are assigned in specific ranges to customers locating in different RIRs which makes route summarizing easier. 16bit Site Level Aggregator (SLA) are used by organizations to create local subnet within the AS. Interface ID uniquely identifies interfaces within a link. Interface ID can be auto-configured using EUI-64 (Extended Unique Identifier -64 which derived the Interface ID using MAC address of the interface. [1] IANA � Internet Assigned Numbers Authority (www.iana.org).

o Unique-Local Unicast: They are like IPv4 RFC1918 addresses (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.). These are globally unique addresses but are not meant to be routed to the public internet. Its prefix is FD00::/8.

Figure 4: Unique Local Address

o Link-Local addresses: These addresses are usually automatically configured using EUI-64 with a prefix of FE80::/10. They are confined within a single link and used by Neighbor discovery and stateless auto-configuration purposes. Every interface has a link-local address.

o Multicast Addresses: Multicasting is similar to broadcasting in a sense it does selectively broadcast among the group members. Broadcasting had many problem like every broadcasts had to be processed by TCP/IP stack upto the network to transport to the application layer only for the end system to determine if its intended. Multicast can be recognized and dropped at Layer2 only, that�s a huge advantage. IPv6 Multicast has a prefix of FF00::/8. Below is a list of well-known multicast addresses, reserved multicast address range FF00:: to FF0F::

FF01::1 All nodes within the node-local scope

FF01::2 All routers within the node-local scope

FF02::1 All nodes within the Link-local scope

FF02::2 All routers within the Link-local scope

FF02::5 All OSPFv3 routers within the Link-local scope

FF02::6 All OSPFv3 designated routers within the Link-local scope

FF02::9 All RIPng routers within the link-local scope

FF02::A All EIGRP routers within the link-local scope

FF02::1:2 All DHCPv6 agents (servers and relays) within the link-local scope

FF05::2 All IPv6 routers within the site-local scope

FF02::1:FF00:0/104 IPv6 solicited-node multicast address within the link-local scope

� IPv6 allows each node to have a globally unique address, which removes the need for NAT as the globally unique address is publicly routable. An interface can have multiple IPv6 addresses, but can have only one IPv4 addresses.

� Using Auto-configuration, IPv6 host can automatically assign itself an address without the need of a DHCP.

� IPSec is built-in on IPv6; it was an add-on in IPv4.

� In IPv6, by MTU path discovery, a router no longer needs to fragment packets. Only the sending host fragments packets. An IPv6 host decides end to end path MTU and fragments the packet at the source.

� IPv6 uses AAAA resource records in DNS to map host names to IPv6 addresses and pointer (PTR) resource records in the IP6.ARPA to map IPv6 addresses to host names.

� ICMPv6 Router Solicitation and Router Advertisement messages are used to determine the IP address of the best default gateway, and they are mandatory.

� IPv6 supports 1280-byte packet size without fragmentation where in IPv4 supports 576-byte packet size with possible fragmentation.

� IPv6 uses Multicast Neighbor Solicitation messages to resolve IPv6 addresses to link-layer addresses. In IPv4, broadcast ARP Request resolves an IP address to a link-layer address.

�

Figure 5 : Control Panel Operation

Discussion on the level of support of IPv6 for currently used routing protocols (critical analysis of currently used routing protocols and their support for IPv6) (20-points)

TCP/IP protocol suite integrates today�s networks and as such routing plays a key part of TCP/IP based network. Many routing protocols were developed over the years; each with specific requirements in mind to solve technical problems; designed specifically keeping IPv4 in mind. They are primarily classified in two domains, Interior Gateway Protocols and External Gateway Protocols. Some process faster but takes more router resources, others slow but can accommodate larger routing table. Some can do unequal cost load balancing, others cannot. With the 20years IPv4 experience in mind, it was imperative to have some significant improvement on routing protocol designs. Given the larger address space in IPv6, there has to be smarter ways to addressing and also aggregate the routes for a better manageable routing table.

While moving to IPv6 gives greater benefits, a number of problems surface when considering a migration to IPv6. The primary one is the huge task of readdressing the interfaces and hosts. There is an interim solution of mapping IPv4 addresses into IPv6 using 96 zero bit prefix. These IPv4 addresses cannot be routed the same way as IPv6, because by natively IPv6 routing is based on hierarchical routing. IPv6 address auto-configuration can greatly improve the migration process or remapping of networks when there is a change of Internet service provider because IPv6 addresses refers to interfaces instead of network hosts.

Distance vector routing protocol RIP (Routing Information Protocol) periodically broadcast its �distance� to any network from itself. It uses hop-count as its metric with a maximum of 15hops as allowed. RIP version for IPv6 is called RIPng and it multicasts updates at FFe2::9. RIPng now supports multiple instances, and it is enabled on the interfaces. RIPng header has been redesigned and it�s easier to implement in Ipv6 although this is not an ideal protocol for us.

OSPF is a link state routing protocol, and provides faster convergence. In OSPF, each router sees the entire topology and computes the best path from itself. A change to any network is immediate flooded. There are little changes in Ospfv6 for IPv6. Network areas are identified by their IPv6 address and Prefix. It now supports multiple instances and the configurations are done on interfaces. We must add a router-id if an ipv4 address is not already configured.

Eigrp is a hybrid protocol developed by Cisco systems, although it is recently come out of its proprietary status, it�s still not widely supported. IPv6 support for EIGRP isn introduced in IOS version 12.4(6)T. EIGRP for IPv6 Hellos are sourced from the interface link-local address and destined to FF02::A There is no Split Horizon rule for EIGRP for IPv6, because IPv6 Interfaces supports multiple addresses. It�s a robust protocol but its implementation and support for IPv6 is limited and hence not ideal for us.

BGP for IPv6 is Multiprotocol-BGP. BGP is an exterior routing protocol and holds the routes of entire Internet. It remain mostly same for IPv6, BGP added two optional and not transitive attributes MP_REACH_NLRI and MP_UNREACH_NLRI. Ipv4 routes cannot be exchanged over an IPv6 TCP session and there can be two next hop addresses in next-hop attributes.

Review of IPv6 routing protocols (Review of available routing protocols for their support for IPv6 (20-points)

There are many enhancements on implementing IPv6. Routing protocols like OSPF. EIGRP and BGP configuration and behavior is different in IPv6. We will briefly discuss the changes here to the context on Cisco devices.

IPv6 is not enabled by default on a Cisco router and must be enabled using �IPv6 unicast-routing� global command. And interface addresses are configured using �ipv6 address <address>�command.

IPv6 Static Routes

IPv6 static routing works almost similarly as it does in IPv4, but with little twist: An IPv6 static route to a broadcast interface Ethernet, must also specify a next-hop IPv6 address because IPv6 does not use ARP, and, next-hop routers will not proxy-ARP for a destination that is off the subnet. Therefore, static routes must specify the next-hop IP address.

Syntax

ipv6 route < destination IPv6 > <Next Hop / Outgoing int> < Next Hop > tag <#>

ipv6 route < ::/0 > <Next Hop / Outgoing int> < Next Hop > tag <#> (default route)

OSPF version 3:

OSPF in IPv6 is named as OSPFv3. Key concepts remain same here in version 3 like Neighbor Relationships, Areas, Interface Types, Virtual Links, and Metric calculations. However the differences between OSPFv2 and OSPFv3 are:

� OSPFv3 is configured on the interface unlike ospfv2 which is configured in router config mode.

� Advertises multiple networks on an interface � An interface can have multiple IPv6 addresses, when ospf is enabled on an interface, OSPFv3 advertise all of the corresponding networks.

� Router-ID must be set - automatically sets its 32-bit RID based on the configured IPv4 address. If no IPv4 address is configured on an interface, we need to manually set the router-id for the ospf process to start.

� Flooding scope - Three specific types of flooding LSAs in OSPFv3:

o Link-local scope - called Link LSA.

o Area scope - For LSAs flooded throughout a single OSPFv3 area. Used by Router, Network, Inter-Area Prefix, Inter-Area Router, and Intra-Area Prefix LSA types.

o AS scope � They are flooded throughout the routing domain; and used for AS External LSAs.

� Multiple instances per link � We can configure multiple instances OSPFv3. Eg. We have four routers on an Ethernet segment: R1, R2, R3 and R4. We want R1 and R2 form neighbor and R3 and R4 form neighbor, but don�t want R1 & R2 form adjacencies with R3 & R4, we can separate them using instances. For example, ipv6 ospf 1 area 0 instance 12. Instance number must match between routers to form neighborship.

� Ospfv3 sources packets from link-local addresses except for virtual links. On virtual links, OSPFv3 sources packets from a globally scoped IPv6 address.

� Authentication is built into IPv6�s AH and ESP protocol and no authentication mechanism is designed on OSPFv3 internal

OSPFv3 configuration syntax:

interface FastEthernet0/0

ipv6 address 2000:0:0:1::2/64

ipv6 eigrp 10

ipv6 router ospf 1

router-id 4.4.4.4

EIGRP for IPv6

IPv6 EIGRP is not supported on all routers; it depends on the specific model of router and version of the IOS. Eigrp for IPv6 added a new Protocol-Dependent Module (PDM) for IPv6. Below are the significant changes on IPv6 EIGRP implementations:

� EIGRP for IPv6 is supported in Cisco IOS beginning with Release 12.4(6) T.

� In IPv6 EIGRP, routing process needs to be defined and enabled using �no shutdown� command and a router-id must be set using the router-id command before the IPv6 EIGRP routing process can start.

� Configured on the interface. We have to enable eigrp on interfaces.

� Must �no shut� the routing process � By default, Eigrp routing process is shutdown state and requires a no shutdown command in router configuration mode to become active.

� Router-ID must be set manually under the router configuration mode.

� Passive interfaces are configured in the routing process only. No required configuration commands on the interface.

� Route filtering is done using distribute-list prefixlist command. Route maps are not used here.

� IPv6 doesn�t have any concept of classfull routing and as such no equivalent to the IPv4 (no) auto-summary command in EIGRP for IPv6.

interface FastEthernet0/0

no ip address

duplex auto

speed auto

ipv6 address 2000:0:0:1::1/64

ipv6 eigrp 10

ipv6 router eigrp 10

router-id 2.2.2.2

no shutdown

Multiprotocol BGP for IPv6:

BGP is an Exterior Gateway Protocol used to connect separate routing domains together. In MP-BGP, configurations are still done under BGP configuration mode. We must first manually configure the 32bit Router ID. Neighbors are configured in bgp configuration mode but must be activated in address-family ipv6 unicast mode.

Before we begin configuring routing processes or static routes, it�s wise to enable IPv6 routing debugging using the �debug ipv6 routing� command.

Review, discuss and recommend suitable alternative routing protocols to replace currently used IPv4 routing protocols so the new network implementation will fully support IPV6.

IPv4 networks cannot be migrated to IPv6 overnight. Many of the websites, DNS, TLD are still to support to ipv6. We need to have a solid plan to migrate to IPv6; it should include the migration strategy and inter-operability with the ipv4 network once we are migrated to ipv6. The migration will start from the network edge and gradually move to network core.

IPv6 transition mechanism allows ipv6 hosts to reach ipv4 services and isolated ipv6 hosts. There are few transition mechanisms/technique like Dual Stacking and Tunneling, each with their merits and demerits. We will review few popular techniques here and recommend most viable one for us.

Dual Stacking:

Dual Stacking allows devices to handle both IPv4 and IPv6 stack simultaneously. Here both protocols are enabled concurrently and it provides the most flexibility. It does however need more resources for the routers as both the protocols are running at the same time on the router.

GRE/Manual Tunnels:

A tunnel creates a virtual point-to-point link between IPv6 networks and encapsulates IPv6 packets over IPv4 networks.

Here source and destination EDGE routers are connected with IPv4 addresses and IPv4 is the transport mechanism for IPv6 packets. IPv6 is the passenger protocol here. GRE and Manual tunnels works similarly except the GRE is the Cisco default tunnel protocol. To configure Manual tunnel, we use �Tunnel Protocol ipv6ip� and for GRE the command is �Tunnel Protocol GRE ipv6�

Figure 6 : Manual Tunneling

IPv6 to IPv4 tunneling (6to4):

6to4 tunnels are dynamically created, and we have a reserved prefix 2002::/16 for 6to4 tunnel. The first 16 bits of address are the hex 0x2002, and the next 32 bits are the hex converted IPv4 address of the other end router. The remaining bits can be specified below A 6to4 tunnel does not require a destination address because it is not a point-to-point link.

Figure 7: 6to4 Tunneling

Other two options for IPv4 to IPv6 transition mechanisms are host dependent. They are Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) which typically works between routers; and Teredo tunneling which typically works between hosts.

Here is a summary of transition mechanisms:

Figure 8: Summary of IPv6 transition

Recommendation: Based on review of available routing that supports IPv6 recommend suitable replacement protocols and provide justification for your choice.

Here we discussed dual stack and tunneling mechanism for integration and coexistence of our IPv6 network over not yet migrated ipv4 networks. Our recommendation goes to using Dual-stacking at the edge router of the network. Because, we just have to add IPv6 configuration on the host and routers and business can continue without any interruption. We considered no all applications APIs are IPv6 ready within our ICT infrastructure. So if we Dual stack, and gradually take out IPv4 functionality, there will be little to no interruption to the end user and also we have redundancy to fall back to the IPv4.

All routing protocol provides stable supports for IPv6. Based on our review on IPv6 supported routing protocols RIPng, OSPFv3, Eigrp for IPv6 and Multiprotocol-BGP, we recommend to implement OSPFv3 as interior gateway Protocol because of the following reasons

� There is not much enhancement in OSPFv3 leaving us our old, time trusted protocol.

� OSPFv3 is not proprietary like Cisco EIGRP for IPv6 and widely supported among different version of IOS routers. And we prefer to use OSPFv3 as the as our routing protocol of choice.

� Supports multiple address and instances per interfaces. It allows us to isolate protocol instances among our routers of choice by means of instances. Eg we have four routers on an Ethernet segment: R1, R2, R3 and R4. We want R1 and R2 form neighbor and R3 and R4 form neighbor, but don�t want R1 & R2 form adjacencies with R3 & R4; we can separate them using instances. For example, ipv6 ospf 1 area 0 instance 12. Instance number must match between routers to form neighborship.

� OSPFv3 now does Per Link Processing. OSPFv3 runs over a link rather that a subnet.

� In a dual-stack environment, we need to run OSPFv2 (IPv4) and OSPFv3 (IPv6) separately.

� Runs directly over IPv6 � you can use link-locals

� OSPFv3 uses multicast addresses ALLSPFRouters (FF02::5)? and ALLDRouters (FF02::6)?

� OSPFv3 eliminates a number of addressing and peering restrictions,

� OSPFv6 introduced Address Families (AF) which provides multiprotocol support and other benefits. It also enables ipv4 and ipv6 address families coexist in the same networks.

� Ensure interoperability in multi-agency environments. Any OSPF interoperability solutions are both standards-based and easily implemented.

OSPFv3 is the protocol of choice where IPv6 support is mandated. Many organizations are extending their network for mobile users. In the process of migrating to IPv6, organization will need ipv4 and ipv6 resources to coexist. OSPFv3 Address Family feature does the very same thing. OSPFv3 enhances mobility, improves scalability, reduces complexity and eases migration to IPv6 and so is our protocol of choice.

Conclusion:

IPv6 is an extension of IP with many new features like larger address space, built into security, No need of NAT, Support for Mobile IP, Capability of multiple address per interface, easier address renumbering, and stateless auto-configuration. In this demonstration, we started with discussion on newer architectural difference on header format, difference with IPv4, changes in configuration of routing protocols and different transition strategies. Our discussions, made it clear, there are greater advantages on deploying IPv6 in our network. It is imperative, we need proper planning and we have done required Research and development to bring IPv6 into our production network. We intend to conclude the discussion with implementation of Ospfv3 as our preferred Interior routing protocol and Multiprotocol BGP as the exterior gateway protocol for our multi-homed edge network. We also like to implement dual stacking as our migration scenario as that was we can use both IPv4 and IPv6 network to operate simultaneously and we have minimum downtime to our production network. It is worth to mention IPv6 also gives us freedom on choosing the ISP as the addresses can be provider independent.