Internet Engineering Task Force Robert E. Gilligan INTERNET-DRAFT Sun Microsystems, Inc. October 6, 1994 Simple Internet Transition Overview Abstract In order to address problems of scaling and address space, a new version of the Internet Protocol (IP) has been developed. The currently deployed IP is version 4 (IPv4), and the new IP is version 6 (IPv6). If IPv6 is to be widely adopted in the global Internet, the transition from the current IP must be simple and easy for users as well as network operators. In order for this to occur, hosts and routers implementing the new protocol must interoperate with the large installed base of systems which continue to use the existing IP. In addition, the transition process must not disrupt the operation of the Internet. This paper provides an overview of a set of mechanisms, operational practices, and transition plans that can be used for transitioning the Internet from IPv4 to IPv6. These techniques are collectively termed the Simple Internet Transition (SIT). While specifically designed to transition the IPv4 Internet to IPv6, the methods used in SIT could be adapted to transition other internet layer protocols such as IPX or CLNP to IPv6. Status of this Memo Internet Drafts are working documents of the Internet Engineering Task Force (IETF), its Areas, and its Working Groups. Note that other groups may also distribute working documents as Internet Drafts. Internet Drafts are draft documents valid for a maximum of six months. This Internet Draft expires on April 5, 1995. Internet Drafts may be updated, replaced, or obsoleted by other documents at any time. It is not appropriate to use Internet Drafts as reference material or to cite them other than as a "working draft" or "work in progress." Please check the I-D abstract listing contained in each Internet Draft directory to learn the current status of this or any other Internet Draft. Distribution of this memo is unlimited. draft-gilligan-ipv6-sit-overview-00.txt [Page 1] INTERNET-DRAFT Simple Internet Transition Overview October 1994 History and Acknowledgements SIT is derived the IPAE proposal [IPAE]. IPAE was based on ideas originally developed by Dave Crocker and Bob Hinden. Erik Nordmark, Ron Jacoby, Steve Deering, Bob Hinden and Dave Crocker made significant contributions to the design of IPAE. Many others made contributions as part of the SIPP, SIP, PIP, and IPAE working groups over a period of more than two years. A number of people have provided feedback and suggestions on earlier drafts of this paper, including: Ross Callon, Dino Farinacci, Christian Huitema, Bill Simpson, ... draft-gilligan-ipv6-sit-overview-00.txt [Page 2] INTERNET-DRAFT Simple Internet Transition Overview October 1994 1. Introduction SIT specifies a number of mechanisms and operational practices to transition the Internet from IPv4 to IPv6. The mechanisms employed by SIT include: - Use of the dual IP layer (IPv4 and IPv6) technique in hosts and routers for direct interoperability with nodes implementing both protocols. - Two IPv6 addressing structures that embed an IPv4 addresses within IPv6 addresses. - A mechanism for tunneling IPv6 packets over IPv4 routing infrastructures. This technique uses the embedded IPv4 address structure, which eliminates the need for tunnel configuration in most cases. - An optional mechanism for translating headers of IPv4 packets into IPv6, and the headers of IPv6 packet into IPv4. This technique allows nodes that implement only IPv6 to interoperate with nodes that implement only IPv4. The operational issues include: - Practices for assigning IPv4 and IPv6 addresses. - Practices for upgrading hosts and routers and deploying new hosts and routers. - Practices for deploying DNS servers that support the IPv6 address record type. - Plans for transitioning individual Internet sites to IPv6. - Plans for transitioning the global Internet to IPv6. SIT provides a number of features, including: - Incremental upgrade. Existing installed IPv4 hosts and routers may be upgraded to IPv6 at any time without being dependent on any other hosts or routers being upgraded. - Incremental deployment. New IPv6 hosts and routers can be installed at any time without any prerequisites. - Easy Addressing. When existing installed IPv4 hosts or routers draft-gilligan-ipv6-sit-overview-00.txt [Page 3] INTERNET-DRAFT Simple Internet Transition Overview October 1994 are upgraded to IPv6, they may continue to use their existing address. They do not need to be assigned new addresses. - Low start-up costs. Little or no preparation work is needed in order to upgrade existing IPv4 systems to IPv6, or to deploy new IPv6 systems. 1.1. Additional Documents This paper provides an overview of SIT. It gives an introduction to the concepts used in the transition, and describes the mechanisms that are employed. This is not a specification document. The requirements on the hosts, routers and header translating routers will be detailed in two companion documents: - IPv6 Transition Mechanisms for Hosts and Routers [SIT-HR] This is a detailed specification of the transition mechanisms that hosts and routers implement. This is a specification document, written with the standard MUST/SHOULD/MAY wording. - IPv6 Transition Mechanisms for Header Translating Routers [SIT-TR] This a detailed specification of the special mechanisms that translating routers must implement. This is a specification document, written with the standard MUST/SHOULD/MAY wording. No transition proposal can be complete without a detailed plan for how the transition will be carried out operationally. For SIT, this information is detailed in a companion document: - IPv6 Transition Plan [SIT-TP] This is an informational paper detailing the specific operational steps that must be taken to transition the Internet to using IPv6 globally. This paper includes time lines for the transition, and identifies specific milestones. 1.2. Intended Audience Individuals such as end users and system administrators who are interested in the concepts of SIT can read this paper by itself. People implementing host and router software which will incorporate the transition mechanisms should read this paper in conjunction with the specification documents. draft-gilligan-ipv6-sit-overview-00.txt [Page 4] INTERNET-DRAFT Simple Internet Transition Overview October 1994 People who will be involved in the transitioning the operational Internet should read this paper along with the IPv6 Transition Plan. All readers should be familiar with IPv6 and IPv4. The IPv6 specification [IPv6] should be read before reading this document. 1.3. Notation We use the following notation to write IPv6 addresses: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:ddd.ddd.ddd.ddd Where "x" represents a hex digit, and "d" represents a decimal digit. Each group of hex digits separated by ":" represents 16 bits of the address. Leading zero digits in each group are suppressed. Each group of decimal digits separated by "." represents 8 bits of the address. Leading zero digits are suppressed here also. It is expected that the notation for IPv6 addresses will eventually be standardized and defined in the IPv6 specification document. 1.4. Adaptability to Other Internet Layer Protocols If IPv6 is successful as a successor to IPv4, then organizations operating networks of other internet layer protocols, such as CLNP or IPX, may wish to transition them also to IPv6. The techniques in SIT can be adapted to transition virtually any existing internet layer infrastructure to IPv6 so long as the following assumptions hold: - Addresses in the other internet layer protocol can be mapped into the IPv6 address space efficiently. - The semantics of the other internet layer protocol are similar enough for header translation to work. If these assumptions do not hold, or if the population of nodes running the other protocol is small, a "pure dual stack" transition approach may be more appropriate. The first assumption appears to be true for CLNP and IPX. IPv6 address space has been assigned for CLNP NSAP and IPX addresses in the IPv6 Routing and Addressing specification document [IPv6-ADDR]. And both CLNP and IPX are semantically close enough to IPv6 to believe that header translation may be possible. draft-gilligan-ipv6-sit-overview-00.txt [Page 5] INTERNET-DRAFT Simple Internet Transition Overview October 1994 2. Definitions A number of new terms are introduced in this paper. Types of Nodes IPv4-only node: A host or router that speaks only IPv4. An IPv4-only node does not understand IPv6. The existing installed base of IPv4 hosts and routers today are all IPv4-only nodes. IPv6/IPv4 (dual) node: A host or router that speaks both IPv4 and IPv6. IPv6/IPv4 nodes must implement transition mechanisms (e.g. tunneling) in addition to the basic IPv6 and IPv4 protocols. IPv6-only node: A host or router that speaks only IPv6. An IPv6-only node does not understand IPv4. IPv6/IPv4 header translating router: An IPv6/IPv4 router that performs IPv6/IPv4 header translation. Types of IPv6 Addresses IPv4-compatible IPv6 address: An address assigned to an IPv6 node that can be used for both IPv6 and IPv4. An IPv4-compatible IPv6 address holds an IPv4 address in the low-order 32-bits. The high-order 96 bits bears the prefix 0:0:0:0:ffff:ffff. The entire 128-bit address can be used when sending IPv6 packets. The low-order 32-bits can be used when sending IPv4 packets. IPv4-compatible IPv6 addresses always identify IPv6/IPv4 or IPv6-only nodes; they never identify IPv4-only nodes. IPv4-mapped IPv6 address: draft-gilligan-ipv6-sit-overview-00.txt [Page 6] INTERNET-DRAFT Simple Internet Transition Overview October 1994 The address of an IPv4-only node represented as an IPv6 address. The IPv4 address is stored in the low-order 32-bits of an IPv4-mapped IPv6 address. The high-order 96 bits bears the prefix 0:0:0:0:0:0. The address of any IPv4 node may be mapped into the the IPv6 address space by prepending the prefix 0:0:0:0:0:0 to its IPv4 address. IPv4-mapped IPv6 addresses always identify IPv4-only nodes; they never identify IPv6/IPv4 or IPv6-only nodes. IPv4-incompatible IPv6 address: An IPv6 address that does not necessarily hold an IPv4-address embedded in the low-order 32-bits. IPv4-incompatible IPv6 addresses bear prefixes other than 0:0:0:0:0:0 and 0:0:0:0:ffff:ffff. IPv4-incompatible IPv6 addresses always identify IPv6/IPv4 or IPv6-only nodes; they never identify IPv4-only nodes. Types of Routing Infrastructures IPv4-dominant area: A region of infrastructure that routes IPv4 completely. IPv6-dominant area: A region of infrastructure that routes IPv6 completely. Techniques Used in SIT IPv6-over-IPv4 tunneling (encapsulation): The technique of encapsulating IPv6 packets within IPv4 so that it can be carried across an IPv4-dominant area. IPv6/IPv4 header translation: The technique of translating IPv6 packets into IPv4, and IPv4 packets into IPv6, so that IPv4-only and IPv6-only hosts can interoperate. draft-gilligan-ipv6-sit-overview-00.txt [Page 7] INTERNET-DRAFT Simple Internet Transition Overview October 1994 3. Transition Model The design of SIT is based on two fundamental assumptions about how the transition will take place. The first is that the Internet will transition to IPv6 in an evolutionary fashion over an extended period of time. The second is that the sites that make up the Internet will transition at different rates and on different time schedules. It is expected that, for most Internet sites, the transition will occur in two phases. First, they will evolve from their initial state, in which all hosts and routers support only IPv4, to a state where most hosts and routers support both IPv6 and IPv4. In the second phase, Internet sites would evolve to a state where all of the hosts and routers support only IPv6, and none directly support IPv4. The second phase is optional. Sites may elect to stop when the first phase is complete. The transition from an "IPv4-only" infrastructure to a "dual IPv6 and IPv4" infrastructure will take place at different speeds in different Internet sites. Some organizations will transition rapidly, while others will delay transition for quite some time. This transition phase can begin immediately, but may be carried out over an extended period of time. The eventual transition of some areas of the Internet to an "IPv6-only" infrastructure is unlikely to begin immediately. It will more likely begin only after the first phase of transition is completed, or at least well under way. Even after some areas begin a transition to IPv6-only, other areas of the Internet may choose to remain IPv4-only or IPv6/IPv4 indefinitely. In order to accommodate this, SIT provides a way for hosts that only support IPv6 to continue to interoperate with hosts that only support IPv4. Most organizations that do decide to transition to an IPv6-only infrastructure will likely do so only after first transitioning to a dual IPv6/IPv4 infrastructure. However, this is not strictly required. Sites may transition directly from IPv4-only to IPv6-only if they wish. And organizations building entirely new infrastructures may elect to make them IPv6-only. The general timeline of transition for the Internet can be viewed as: IPv4 only -----> Dual IPv6/IPv4 -----> IPv6 only (first phase) (second phase) Today --- Time ---> Future draft-gilligan-ipv6-sit-overview-00.txt [Page 8] INTERNET-DRAFT Simple Internet Transition Overview October 1994 SIT is designed to optimize what is expected to be the common case for most sites: a two-phase transition. SIT makes the first phase -- transition to dual IPv6/IPv4 -- quite easy, requiring virtually no interdependencies. The second phase -- transition to an IPv6-only infrastructure -- requires somewhat more effort. Some planning is needed, and translating routers must be deployed, before any IPv6-only infrastructure can be built. Nevertheless, once a site has transitioned to IPv6/IPv4, its subsequent transition to IPv6-only is straightforward. draft-gilligan-ipv6-sit-overview-00.txt [Page 9] INTERNET-DRAFT Simple Internet Transition Overview October 1994 4. System Components SIT assumes that three different types of hosts and routers will exist: - "IPv4-only nodes" are routers and hosts that only support IPv4; They do not support IPv6. At the beginning of the transition, all hosts and routers in the Internet are IPv4-only. - "IPv6/IPv4 nodes" are hosts and routers that support both IPv6 and IPv4, as well as some additional transition mechanisms such as IPv6-over-IPv4 tunneling. IPv6/IPv4 nodes can directly interoperate with both IPv6 and IPv4 nodes, although to interoperate with IPv4-only nodes, they must be configured with an "IPv4-compatible" IPv6 address. The first transition phase in a site involves converting most or all hosts and routers in that site from IPv4-only to IPv6/IPv4. - "IPv6-only nodes" are hosts and routers that support only IPv6. IPv6-only nodes do not provide an IPv4 protocol implementation. Like IPv6/IPv4 nodes, IPv6-only nodes must be configured with "IPv4-compatible" IPv6 addresses in order to interoperate with IPv4 nodes. The second phase of transition in a site involves converting all of the hosts and routers in that site to IPv6-only. One additional type of node is used in the transition: - "IPv6/IPv4 header translating routers" are IPv6/IPv4 routers that translate IPv4 packets into IPv6, and IPv6 packets into IPv4. Translating routers are needed in order for IPv6-only nodes that are configured with IPv4-compatible addresses to interoperate with IPv4-only nodes. It is expected that as part of their normal evolution, most products that implement the Internet Protocols will eventually become "IPv6/IPv4". Vendors may deliver this product change as part of a normal software release. Users will install such upgrades as part of their normal operational procedures. Thus hosts and routers may transition from IPv4-only to IPv6/IPv4 as part of a normal system upgrade. Since IPv6/IPv4 hosts and routers keep their complete IPv4 implementation, any IPv4-only host or router can be upgraded to IPv6/IPv4 without affecting its IPv4 functionallity in any way. Thus most IPv4-only nodes can be upgraded to IPv6/IPv4 at any time. draft-gilligan-ipv6-sit-overview-00.txt [Page 10] INTERNET-DRAFT Simple Internet Transition Overview October 1994 5. Addressing SIT uses two formats of IPv6 addresses, both of which hold an embedded IPv4 address. IPv4-compatible are assigned to IPv6 nodes, and have the following structure: | 96-bits | 32-bits | +--------------------------------------+--------------+ | 0:0:0:0:ffff:ffff | IPv4 Address | +--------------------------------------+--------------+ IPv4-Compatible IPv6 Address Format The addresses of IPv4 nodes are represented as IPv4-mapped IPv6 addresses. These addresses have the following structure: | 96-bits | 32-bits | +--------------------------------------+--------------+ | 0:0:0:0:0:0 | IPv4 Address | +--------------------------------------+--------------+ IPv4-Mapped IPv6 Address Format The remainder of the IPv6 address space (that is, all addresses with 96-bit prefixes other than 0:0:0:0:0:0 or 0:0:0:0:ffff:ffff) are termed "IPv4-Incompatible IPv6 Addresses" because they are not used by the transition mechanisms. IPv4-compatible IPv6 addresses are designed to be used by IPv6 nodes that wish to interoperate with IPv4 nodes. These addresses are listed in the DNS with both IPv6 "AAAA" records and IPv4 "A" records. The AAAA records holds the entire 128-bit address, while the "A" record holds only the low-order 32-bits. Both types of address records are listed so that they can be located by both IPv4 and IPv6 nodes. IPv4-mapped IPv6 addresses are only used to represent the addresses of IPv4 nodes. They are never assigned to IPv6 nodes. Thus they are listed in the DNS only with "A" records. They are not listed with "AAAA" records. IPv4-incompatible addresses are only assigned to IPv6 nodes and can not be used for interoperating with IPv4 nodes. Thus these addresses are listed in the DNS only with "AAAA" records. They are not listed with "A" records. When administrators assign IPv4-compatible IPv6 addresses to IPv6 nodes, they must assign the low-order 32-bits (the portion) according to the IPv4 numbering plan used on the subnet to which that draft-gilligan-ipv6-sit-overview-00.txt [Page 11] INTERNET-DRAFT Simple Internet Transition Overview October 1994 node is attached. The part must be a valid, globally unique, IPv4 address. The entire space of IPv4-incompatible IPv6 addresses is available for use in a global IPv6 addressing plan that is not burdened with transition requirements. This allows, for example, the addressing plan for auto-configured addresses to be developed independent of the transition mechanisms. IPv6 Addressing Summary: Embedded DNS Record IPv4 Type of Type High-order 96-bit prefix Addr Node Required ------------------------ ------- ---------- ------- 0:0:0:0:0:0 Yes IPv4-only A only 0:0:0:0:ffff:ffff Yes IPv6/IPv4 or A and IPv6-only AAAA Not 0:0:0:0:0:0 or No IPv6/IPv4 or AAAA only 0:0:0:0:ffff:ffff IPv6-only The ability of IPv4-only, IPv6/IPv4 and IPv6-only nodes to interoperate is as follows: draft-gilligan-ipv6-sit-overview-00.txt [Page 12] INTERNET-DRAFT Simple Internet Transition Overview October 1994 --------------------------- IPv6-only node \ w/ IPv4-incompatible \ Address \ ------------------------ \ IPv6-only node \ \ w/ IPv4-compatible \ \ Address \ \ --------------------- \ \ IPv6/IPv4 node \ \ \ w/ IPv4-incompatible \ \ \ Address \ \ | ------------------ \ \ | IPv6/IPv4 node \ \ | | w/ IPv4-compatible \ \ | | Address \ | | | --------------- \ | | | IPv4-only node \ | | | | ------------\ \ | | | | ---------------------+---+----+----+----+----+ IPv4-only node | D | D | N | T | N | ---------------------+---+----+----+----+----+ IPv6/IPv4 node | | | | | | w/ IPv4-compatible | D | D | D | D | D | Address | | | | | | ---------------------+---+----+----+----+----+ IPv6/IPv4 node | | | | | | w/ IPv4-incompatible | N | D | D | D | D | Address | | | | | | ---------------------+---+----+----+----+----+ IPv6-only node | | | | | | w/ IPv4-compatible | T | D | D | D | D | Address | | | | | | ---------------------+---+----+----+----+----+ IPv6-only node | | | | | | w/ IPv4-incompatible | N | D | D | D | D | Address | | | | | | ---------------------+---+----+----+----+----+ D = Direct Interoperability T = Interoperability with aid of a translating router N = Non Interoperable draft-gilligan-ipv6-sit-overview-00.txt [Page 13] INTERNET-DRAFT Simple Internet Transition Overview October 1994 6. Topologies The general model of routing topology transition in SIT is based on what we expect will be the "natural evolution" of IPv4 and IPv6 routing within a domain. It is expected that, in most cases, IPv6 routing will initially be deployed in parallel with an already existing IPv4 routing infrastructure. The deployment of IPv6 routing may take place by upgrading existing IPv4-only routers to IPv4/IPv6. This will occur over a period of time, not all at once. The site will eventually be transformed into a complete dual IPv4/IPv6 infrastructure. At some later point, IPv4 routing will be turned off. This process will also likely be incremental. This transition may take place by upgrading IPv4/IPv6 routers to IPv6-only, or by "turning off" the IPv4 software in IPv4/IPv6 routers. Eventually a pure IPv6 infrastructure will be formed. SIT takes into account the likelyhood that both the process of "building up" the IPv6 routing, and "tearing down" the IPv4 routing, will take place over an extended period of time. Using this model, we can classify routing topologies in two categories: - "IPv4-dominant areas" are topologies that are completely connected by IPv4 routing, but may also have partial IPv6 routing to some subnets. An area that provides exclusively IPv4 routing would be considered an IPv4-dominant area, as would one in which IPv6 routing was in the process of being deployed. IPv4-dominant areas naturally impose some restrictions on what types of hosts can operate within their boundaries. Since the area carries only IPv4 traffic completely, only hosts that can send and receive IPv4 can be deployed. That means that IPv4-only and IPv6/IPv4 hosts can be freely deployed within IPv4-dominant areas. However, IPv6-only hosts generally can not be deployed in IPv4-dominant areas because there are not enough (in many cases none) IPv6 routers present. - "IPv6-dominant areas" are topologies that are completely connected by IPv6 routing, but may also have partial IPv4 routing to some subnets. A topology of dual IPv4/IPv6 routing, with IPv4 routing being de-commissioned, would be considered an IPv6-dominant area, as would one which provided only IPv6 routing. Like IPv4-dominant areas, IPv6-dominant areas have natural restrictions on what types of hosts they can support. Since an IPv6-dominant area carries only IPv6 traffic completely, only hosts that can send and receive IPv6 packets can be deployed. That means that IPv6/IPv4 and IPv6-only hosts can be freely draft-gilligan-ipv6-sit-overview-00.txt [Page 14] INTERNET-DRAFT Simple Internet Transition Overview October 1994 deployed within IPv6-dominant areas, but that IPv4-only hosts generally can not. A summary of which types of host may be deployed in each of the two types of topology is given in the table below: TOPOLOGY TYPE | IPv4-dominant | IPv6-dominant | -----------+---------------+---------------+ IPv4-Only | Yes | No | -----------+---------------+---------------+ HOST TYPE IPv4/IPv6 | Yes | Yes | -----------+---------------+---------------+ IPv6-only | No | Yes | -----------+---------------+---------------+ Note that SIT does not attempt to deal with a single area that is composed of a mixture of IPv4-only and IPv6-only routers. Such a topology does not work. IPv6-only and IPv4-only routers will not interoperate because the two can not exchange packets because the two do not share a common protocol. However, area sizes may be quite flexible: a single node may be treated as an area, as may the entire Internet. IPv4-dominant and IPv6-dominant areas may only be interconnected via a header translating router. For example: IPv4-dominant area ---- Translating router ---- IPv6-dominant area Header translating routers are discussed in section 8. draft-gilligan-ipv6-sit-overview-00.txt [Page 15] INTERNET-DRAFT Simple Internet Transition Overview October 1994 7. IPv6-over-IPv4 Tunneling IPv6 packets can be carried across segments of an IPv4-dominant topology by using the IPv6-over-IPv4 tunneling technique. An IPv6/IPv4 node that has IPv4 reachability to another IPv6/IPv4 node may send IPv6 packets to that node by encapsulating them within IPv4 headers. In order for this technique to work, both nodes must be assigned IPv4-compatible IPv6 addresses. This is necessary because the low-order 32-bits of those addresses are used as source and destination addresses of the encapsulating IPv4 header. Two types of tunneling are used in SIT. "Automatic tunnels" are used to deliver IPv6 packets all the way to their end destinations. "Configured tunnels" are used to deliver IPv6 packets to an intermediary IPv4/IPv6 router. Both types of tunneling make use of the IPv4 address embedded in IPv4-compatible IPv6 addresses. In automatic tunneling, the "tunnel endpoint" address is taken from the IPv4 address embedded in the IPv6 destination address. No additional configuration information is needed because the destination address is carried in the IPv6 packet being tunneled. In configured tunneling, the "tunnel endpoint" address is that of an intermediate IPv4/IPv6 router. This address must be configured. This configuration information could come in the form of routing table information on a host, or neighbor configuration information on a router. Automatic tunneling is a basic feature of SIT. Hosts and routers in SIT make extensive use of automatic tunneling. Configured tunneling is less commonly used feature. It is used only when a host or router has been configured to do so. 7.1. Automatic IPv6-over-IPv4 Tunneling Automatic tunneling is generally used between IPv6/IPv4 hosts that are connected to a common IPv4-dominant area. For example, consider two IPv6/IPv4 hosts H1 and H2: IPv6/IPv4 ------- IPv4-dominant area ------- IPv6/IPv4 Host H1 Host H2 (0:0:0:0:ffff:ffff:129.144.1.2) (0:0:0:0:ffff:ffff:192.9.5.3) If H1 wishes to send an IPv6 packet to H2, it could encapsulate that packet within an IPv4 packet as follows: draft-gilligan-ipv6-sit-overview-00.txt [Page 16] INTERNET-DRAFT Simple Internet Transition Overview October 1994 +-------------------------------------+ | | | src = 129.144.1.2 | IPv4 Header | dst = 192.9.5.3 | | | +-------------------------------------+ | | | src = 0:0:0:0:ffff:ffff:129.144.1.2 | | dst = 0:0:0:0:ffff:ffff:192.9.5.3 | IPv6 Header | | +-------------------------------------+ | | . . . . . . When H2 receives this packet, it decapsulates it (remove the IPv4 header), and then process the IPv6 header as it would any received IPv6 packet. Note that the source address of the encapsulating IPv4 packet is the low-order 32-bits of H1's IPv4-compatible IPv6 address, and the destination address is the low-order 32-bits of H2's IPv4-compatible IPv6 address. When automatic IPv6-over-IPv4 tunneling is used between two IPv6/IPv4 hosts, it is "end-to-end". Automatic tunneling can also be used "router-to-host". IPv6/IPv4 routers may send IPv6-over-IPv4 packets to IPv6/IPv4 hosts that are connected to a common IPv4-dominant area without requiring any configuration information. 7.2. Configured IPv6-over-IPv4 Tunneling Tunneling can also be used between two IPv6/IPv4 routers, or by an IPv6/IPv4 host to an IPv6/IPv4 router. In these cases, the tunneling does not extend to the end host; It runs only as far as an intermediary router. For example, consider two IPv6/IPv4 hosts H1 and H2 and router R1: IPv6/IPv4 ------- IPv4-dominant area ------- IPv6/IPv4 Host H1 Router R1 (0:0:0:0:ffff:ffff:129.144.1.2) (0:0:0:0:ffff:ffff:129.146.9.8) | | | IPv6/IPv4 Host H2 (0:0:0:0:ffff:ffff:192.9.5.3) draft-gilligan-ipv6-sit-overview-00.txt [Page 17] INTERNET-DRAFT Simple Internet Transition Overview October 1994 If H1 wishes to send an IPv6 packet to H2 via router R1, it could encapsulate that packet within an IPv4 packet as follows: +-------------------------------------+ | | | src = 129.144.1.2 | IPv4 Header | dst = 129.146.9.8 | | | +-------------------------------------+ | | | src = 0:0:0:0:ffff:ffff:129.144.1.2 | | dst = 0:0:0:0:ffff:ffff:192.9.5.3 | IPv6 Header | | +-------------------------------------+ | | . . . . . . Note that the IPv4 destination address is the low-order 32-bits of R1's IPv6 address, while the IPv6 destination address is H2's address. In this case, R1 is the tunnel endpoint. When R1 receives this packet, it decapsulates it (remove the IPv4 header), and then process the IPv6 header as it would any received IPv6 packet. It then forwards the IPv6 packet based on its IPv6 destination address, and delivers the packet to H2. 7.3. Tunnel Addressing In both types of tunneling, the source address of the IPv4 header of the tunneled packet is the low-order 32-bits of the IPv4-compatible IPv6 address of the node that performs the encapsulation. The IPv4 destination address is low-order 32-bits of the IPv4-compatible IPv6 address of the tunnel endpoint. Except for the case of translating routers (see next section), the intermediary routers on the path between the encapsulating node and the decapsulating node do not look at the IPv6 header of the packet. They route the packet entirely based on its IPv4 header. This is the case even if the routers along the path are IPv6/IPv4 routers. The table below summarizes the two types of tunneling: draft-gilligan-ipv6-sit-overview-00.txt [Page 18] INTERNET-DRAFT Simple Internet Transition Overview October 1994 Tunneling Encapsulating Decapsulating Tunnel Endpoint Type Node Node IPv4 Address ----------- ------------- ------------- --------------- Automatic Source Host Dest Host Low-order 32-bits of dest host's IPv6 address Automatic Router Dest Host Low-order 32-bits of dest host's IPv6 address Configured Source Host Router Low-order 32-bits of router's IPv6 address Configured Router Router Low-order 32-bits of router's IPv6 address 7.4. Host Sending Decisions When sending IPv6 packets, an IPv6/IPv4 host must decide whether to use IPv6-over-IPv4 tunneling technique or not. Generally speaking, a host may follow these simple rules: - If the destination is located on-subnet, send directly to destination. - If the destination is located off-subnet, and there is at least one on-subnet default IPv6 router, send in IPv6 form to the router. - Otherwise, send using automatic IPv6-over-IPv4 tunneling. Note that the destination must be an IPv4-compatible IPv6 address in order to tunnel to it. And the sending IPv6/IPv4 host must itself be configured with an IPv4-compatible IPv6 address. This ordering mandates a preference for sending IPv6 packets via IPv6 routers, rather than tunneling. This is desirable for a number of reasons: - Less overhead because non-encapsulated IPv6 packets are smaller than IPv6-over-IPv4 packets. - Traffic can take advantage of IPv6 routing features such as special handling by flow ID. draft-gilligan-ipv6-sit-overview-00.txt [Page 19] INTERNET-DRAFT Simple Internet Transition Overview October 1994 - Ensures that IPv6 routing topology will be used as it is deployed. Note that a host does not explicitly need to know whether it is attached to an IPv4-dominant or IPv6-dominant area. If it is attached to an IPv6-dominant area, there will be an IPv6 router attached to every subnet, and the host will never send tunneled packets. If it is attached to an IPv4-dominant area, it will send tunneled packets if there are no on-subnet IPv6 routers, and IPv6 packets otherwise. draft-gilligan-ipv6-sit-overview-00.txt [Page 20] INTERNET-DRAFT Simple Internet Transition Overview October 1994 8. Header Translation. Header translating routers "bridge" the IPv4 infrastructure of IPv4-dominant areas into the IPv6 infrastructure of IPv6-dominant areas. There are two kinds of traffic that need to be bridged: IPv4 packets, and IPv6 packets encapsulated within IPv4 headers sent between IPv6 nodes. These two types of traffic are handled differently by header translators. Translating routers must provide all of the features required of IPv6/IPv4 routers since they must route both IPv6 and IPv4 packets. In addition to their routing responsibilities, they must perform three specific functions: - Translate IPv4 headers into IPv6. The IPv4 packets that must be translated are those that are generated by IPv4-only nodes, and addressed to IPv6 nodes located within the IPv6-dominant areas that the translator is attached to. For example: (IPv4 packet) --> (Translate to IPv6) --> (IPv6 Packet) IPv4-dominant area -- Translating router -- IPv6-dominant area | | | | IPv4-only node IPv6-only node - Translate IPv6 headers into IPv4. The IPv6 packets that must be translated are those that are generated by IPv6 nodes located within the IPv6-dominant area that the translator is attached to, and addressed to IPv4-only nodes. For example: (IPv4 packet) <-- (Translate to IPv4) <-- (IPv6 Packet) IPv4-dominant area -- Translating router ----- IPv6-dominant area | | | | IPv4-only node IPv6-only node - Decapsulate all IPv6-over-IPv4 packets. Translating routers must decapsulate all IPv6-over-IPv4 packets, even if it is not the tunnel endpoint. For example: draft-gilligan-ipv6-sit-overview-00.txt [Page 21] INTERNET-DRAFT Simple Internet Transition Overview October 1994 (IPv6 packet encapsulated in IPv4) --> (Decapsulate) --> (IPv6 Packet) IPv4-dominant area -- Translating routers ----- IPv6-dominant area | | | | IPv6/IPv4 node IPv6-only node Note that all IPv6-over-IPv4 tunnels are effectively terminated if they reach a translating router. This is necessary so that the encapsulated IPv6 packet can be routed based on its IPv6 destination address when it passes into an IPv6-dominant area. If this "early tunnel termination" were not performed, the encapsulating IPv4 header might be translated to IPv6, resulting in an IPv6 packet being encapsulated within another IPv6 header! draft-gilligan-ipv6-sit-overview-00.txt [Page 22] INTERNET-DRAFT Simple Internet Transition Overview October 1994 9. Node Requirements This section gives an overview of the mechanisms that each of the three system components -- IPv6/IPv4 nodes, IPv6-only nodes, and translating routers -- must implement. 9.1. IPv6/IPv4 Nodes IPv6/IPv4 nodes provide complete implementations of both IPv4 and IPv6. They must adhere to all IPv6 and IPv4 specifications pertinent to their role as a host or router. Since IPv6/IPv4 nodes implement both protocols, they can directly interoperate with both IPv6 and IPv4 nodes located on the same attached subnet. IPv6/IPv4 nodes must implement the IPv6-over-IPv4 tunneling mechanism, and must be able to determine which destinations can be reached by tunneling. IPv6/IPv4 routers must have the ability to participate in both IPv6 and IPv4 routing systems. System administrators must have the ability to disable IPv4 routing on IPv6/IPv4 routers, because those routers operating in IPv6-dominant areas must not route IPv4. Generally, when IPv6/IPv4 nodes send packets to IPv4-only nodes, they send those packets in the IPv4 format. However, if an IPv4 destination is located off-subnet, and there are no on-subnet IPv4 routers, it must send an IPv6 format packet. This packet will be translated back to IPv4 form by a translating router before it is delivered to the destination IPv4 node. When sending IPv6 format packets to IPv4 destinations, the IPv6/IPv4 node composes the destination address by prepending the 0:0:0:0:0:0 prefix to the destination's IPv4 address. An IPv6/IPv4 node must be configured with an IPv4-compatible IPv6 address in order to interoperate with IPv4 nodes. When sending IPv4 packets to IPv4 nodes, an IPv6/IPv4 node uses the low-order 32-bits of its own IPv4-compatible IPv6 address as the source address. When sending IPv6 format packets, it must use its full IPv4-compatible IPv6 address as the source. IPv6/IPv4 nodes should have the ability to be configured with multiple IPv6 addresses per interface. In particular, an IPv6/IPv4 node should have the ability to configure each interface with an IPv4-compatible as well as an IPv4-incompatible IPv6 addresses. If an IPv6/IPv4 node is configured with no IPv4-compatible IPv6 addresses, it must treat all attempts to send packets to IPv4 draft-gilligan-ipv6-sit-overview-00.txt [Page 23] INTERNET-DRAFT Simple Internet Transition Overview October 1994 destinations as "unreachable". This is necessary because the node can provide no valid IPv4 source address in the packets it would send. 9.2. IPv6-only nodes IPv6-only nodes provide a complete IPv6 implementation, but no IPv4 implementation. They can directly interoperate with other IPv6 nodes, but can interoperate with IPv4-only nodes only with the assistance of a header translating router. IPv6-only nodes must implement a few simple mechanisms in order make interoperability with IPv4 nodes possible. Like IPv6/IPv4 nodes, IPv6-only nodes must have the ability to send IPv6 format packets to IPv4-only nodes. However, since IPv6-only nodes never send IPv4 format packets, the algorithm to do this can be simpler. When requested to send a packet to an IPv4 destination, an IPv6-only node can simply pre-pend the prefix 0:0:0:0:0:0 to that address, and send a IPv6 format packet to the resulting IPv6 address. IPv6-only nodes must also have the ability to handle "A" records in the DNS. Since IPv4-only nodes will only have A records listed in the DNS, IPv6-only nodes must be able to utilize these records when they are found in a DNS lookup. Since there is a one-to-one mapping from the IPv4 addresses of IPv4-only hosts to their corresponding IPv6 address, IPv6-only hosts can easily synthesize the IPv6 address by prepending the prefix 0:0:0:0:0:0 to the IPv4 address. (Note: The mapping of IPv4 addresses into IPv6 addresses need not affect the IPv6 or transport layer code in an IPv6-only host. It can usually be isolated in the DNS resolver or address parsing libraries.) IPv6-only routers participate in only the IPv6 routing systems. Like IPv6/IPv4 nodes, IPv6-only must be configured with IPv4-compatible IPv6 addresses in order to interoperate with IPv4 nodes. And IPv6-only nodes should have the ability to configure multiple IPv6 addresses per interface. 9.3. Header Translating Routers Translating routers must be configured to know which packets must be translated, and which can be simply forwarded without translation. This can be done by configuring the translating router to know which IPv6 addresses are located within the IPv6-dominant area that it it attached to. Translating routers use this configuration information, along with the destination IPv6 or IPv4 addresses of packets they receive to determine which packets to translate. They must: draft-gilligan-ipv6-sit-overview-00.txt [Page 24] INTERNET-DRAFT Simple Internet Transition Overview October 1994 - Translate IPv6 packets addressed to IPv4-only nodes outside the attached IPv6-dominant area to IPv4. - Translate IPv4 packets addressed to nodes within the attached IPv6-dominant area to IPv6. - Translate IPv4 packets addressed to nodes outside the attached IPv6-dominant area to IPv6 if the resulting packets would transit the IPv6-dominant area. When translating IPv6 packets to IPv4, translating routers use the low-order 32-bits of the source and destination IPv6 addresses to generate the addresses for the IPv4 packet. When translating IPv4 packets to IPv6, translating routers pre-pend the prefix 0:0:0:0:0:0 to the IPv4 source address to generate the source address for the IPv6 packet. They prepend either the prefix 0:0:0:0:ffff:ffff or 0:0:0:0:0:0 to generate the destination address. They use the 0:0:0:0:ffff:ffff prefix if the destination is located within the attached IPv6-dominant area, and the prefix 0:0:0:0:0:0 if the destination is located outside. draft-gilligan-ipv6-sit-overview-00.txt [Page 25] INTERNET-DRAFT Simple Internet Transition Overview October 1994 10. Upgrade Dependencies Perhaps the most important issue for those who must carry out the transition from IPv4 to IPv6 is that of upgrade dependencies: Which transition steps must be performed before other steps can be taken? SIT is designed so that the prerequisites to installation of IPv6/IPv4 nodes are minimal, while the steps that must be taken before IPv6-only nodes may be deployed are more involved. The upgrade dependencies are summarized in the table below: | Transition Step | Depends On | +-------------------------------+------------------------------+ | DNS upgrade to support | None | | AAAA records (1) | | +-------------------------------+------------------------------+ | Upgrade IPv4 host or router | DNS upgrade to support | | to IPv6/IPv4 | AAAA records (2) | +-------------------------------+------------------------------+ | Deploy new IPv6/IPv4 host or | DNS upgrade to support | | router | AAAA records (2) | +-------------------------------+------------------------------+ | Change IPv4-dominant area to | Install Translating router | | IPv6-dominant | at border | | | Upgrade all routers within | | | area to IPv6/IPv4 | +-------------------------------+------------------------------+ | Upgrade IPv6/IPv4 host or | Change area from IPv4-dom'nt | | router to IPv6-only | to IPv6-dominant | +-------------------------------+------------------------------+ | Deploy new IPv6-only | Change area from IPv4-dom'nt | | host or router | to IPv6-dominant | +-------------------------------+------------------------------+ Notes: (1) Strictly speaking, a DNS server being upgraded to support the IPv6 AAAA address record type does not itself need to be upgraded to IPv6. An IPv4-only DNS server may support AAAA record types. (2) The DNS upgrade is only required if node being upgraded or installed is going to be listed in the DNS. "Unlisted" nodes do not have this dependency. draft-gilligan-ipv6-sit-overview-00.txt [Page 26] INTERNET-DRAFT Simple Internet Transition Overview October 1994 11. Examples Two IPv6/IPv4 hosts may use IPv6-over-IPv4 tunneling to communicate via an IPv4 infrastructure: IPv6/IPv4 Host H1 (0:0:0:0:ffff:ffff:129.144.1.2) | --+--------------------------+-- (subnet A) | (0:0:0:0:0:0:129.144.1.3) IPv4-only Router R1 (0:0:0:0:0:0:129.144.2.3) | -------+-----------------+----- (subnet B) | (0:0:0:0:ffff:ffff:129.144.2.4) IPv6/IPv4 Host H2 When H1 sends a packet to H2, the packets that will be transmitted on subnets A and B are: Subnet Packet IPv4 header Datalink Hop Type IPv6 header dest addr dest addr dest addr ------ ----- ----------------------------- ---------- --------- A Encap. 0:0:0:0:ffff:ffff:129.144.2.4 129.144.2.4 R1 B Encap. 0:0:0:0:ffff:ffff:129.144.2.4 129.144.2.4 H2 Note: Encap. = IPv6-over-IPv4 encapsulation If an IPv6/IPv4 router is added to this topology, H1 will have multiple routes to reach H2. It could use IPv6-over-IPv4 tunneling, sending the traffic via R1 or R2, or use the raw IPv6 format routing via R2. Since IPv6/IPv4 hosts prefer routes via IPv6 routers, H1 will use send the traffic via R2: draft-gilligan-ipv6-sit-overview-00.txt [Page 27] INTERNET-DRAFT Simple Internet Transition Overview October 1994 IPv6/IPv4 Host H1 (0:0:0:0:0:1:129.144.1.2) | --+-----+-------------------------------+-- (subnet A) | | (0:0:0:0:0:1:129.144.1.4) (0:0:0:0:0:0:129.144.1.3) IPv6/IPv4 Router R2 IPv4-only Router R1 (0:0:0:0:0:1:129.144.2.6) (0:0:0:0:0:0:129.144.2.3) | | ----+--+----------------------------+----- (subnet B) | (0:0:0:0:0:1:129.144.2.4) IPv6/IPv4 Host H2 Now when H1 sends a packet to H2, the packets that will be transmitted on subnets A and B are: Subnet Packet Datalink Hop Type IPv6 header dest addr dest addr ------ ----- ----------------------------- --------- A IPv6 0:0:0:0:ffff:ffff:129.144.2.4 R2 B IPv6 0:0:0:0:ffff:ffff:129.144.2.4 H2 draft-gilligan-ipv6-sit-overview-00.txt [Page 28] INTERNET-DRAFT Simple Internet Transition Overview October 1994 12. Author's Address Robert E. Gilligan Sun Microsystems, Inc. 2550 Garcia Ave. Mailstop UMTV 05-44 Mountain View, California 94043 415-336-1012 (voice) 415-336-6015 (fax) Bob.Gilligan@Eng.Sun.COM 13. References [IPAE] R. E. Gilligan. IPAE: The SIPP Interoperability and Transition Mechanism. March 1994. Internet Draft. [IPv6] S. Deering. IPv6 Protocol Specification. Internet Draft in progress. [IPv6-ADDR] R. Hinden. IP Next Generation Addressing Architecture. October 1994. Internet Draft. [SIT-HR] IPv6 Transition Mechanisms for Hosts and Routers. Internet Draft to be written. [SIT-TR] IPv6 Transition Mechanisms for Header Translating routers. Internet Draft to be written. [SIT-TP] IPv6 Transition Plan. Internet Draft to be written. draft-gilligan-ipv6-sit-overview-00.txt [Page 29]