Network Working Group P. Tattam Internet-Draft Tattam Software Enterprises Pty Intended status: Experimental Ltd, Hobart, Australia Expires: July 18, 2012 January 15, 2012 Stateless IPv6 delivery within IPv4 (V6 via V4) draft-v6-via-v4-00 Abstract This document describes a method for transmitting IPv6 packets directly to and from IPv4 hosts via the IPv4 network in a stateless manner using an IPv4 header option and transponders. Additionally described is a mechanism to automatically locate IPv6 network transponders via well known IPv4 and IPv6 network prefixes. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on July 18, 2012. Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of Tattam Expires July 18, 2012 [Page 1] Internet-Draft V6viaV4 January 2012 publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Transmission of IPv6 payload via IPv4 . . . . . . . . . . . . 3 2.1. Sending a packet from IPv4 to IPv6 . . . . . . . . . . . . 3 2.1.1. IPv4 Header Option (IPv6 Address Extension) . . . . . 4 2.1.2. Code (to be allocated) . . . . . . . . . . . . . . . . 4 2.1.3. Length . . . . . . . . . . . . . . . . . . . . . . . . 4 2.1.4. Flags . . . . . . . . . . . . . . . . . . . . . . . . 4 2.1.5. Translation of IPv6 via IPv4 packet to an IPv6 packet . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2. Sending a packet from IPv6 to IPv4 . . . . . . . . . . . . 8 2.3. Optimal Alignment of IPv4 header . . . . . . . . . . . . . 10 2.4. Handling Payload Checksums . . . . . . . . . . . . . . . . 10 2.5. Handling ICMP and ICMPv6 traffic . . . . . . . . . . . . . 12 2.6. Additional IPv4 packet considerations . . . . . . . . . . 12 2.7. Definition of HELPER_ADDRESS() . . . . . . . . . . . . . . 12 2.8. Definition of V6_VIA_V4_PREFIX (IPv6) . . . . . . . . . . 13 2.9. Local Operation of Protocol . . . . . . . . . . . . . . . 13 3. Global Network Allocation for IPv6 via IPv4 traffic . . . . . 13 3.1. HELPER_ADDRESS() function for global IPv6 via IPv4 access . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.2. Definition of V6_VIA_V4_NETWORK (IPv4) . . . . . . . . . . 14 4. Example of IPv6 via IPv4 traffic . . . . . . . . . . . . . . . 14 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 6. Security Considerations . . . . . . . . . . . . . . . . . . . 17 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 18 8. Normative References . . . . . . . . . . . . . . . . . . . . . 18 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 18 Tattam Expires July 18, 2012 [Page 2] Internet-Draft V6viaV4 January 2012 1. Introduction Since its acceptance as new standard, deployment of IPv6 [RFC2460] has been somewhat slower than anticipated. The original transition strategy was to deploy IPv6 alongside IPv4 in the expectation that the IPv6 network would grow to such an extent that it would supplant the aging IPv4 network. This, however, has not been the case, and in early 2011 top level IPv4 address allocations in at least one regional registry were exhausted. One of the possible reasons for the slow uptake of IPv6 is that the current IPv6 protocol is not backwardly compatible with widely deployed IPv4 protocol. This in turn has led to a reluctance by network infrastructure suppliers to deploy IPv6 natively. Another significant factor has been that in recent years much end-user customer link level infrastructure has only supported IPv4 network services (layer 2 services, customer DSL routers etc). To supply both IPv4 and IPv6 service typically requires having to roll out a duplicate network topology, both at the transport layer and at the link level layer making, which is not economically viable within an industry highly sensitive to delivery costs. This document outlines a proposal to deliver IPv6 network access over IPv4 only infrastructure without the use of tunnels. It is divided into two parts, the first being a header extension to provide IPv6 addressing for an IPv4 packet, and the second an addressing proposal for default IPv4 to IPv6 traffic. Ultimately such a protocol enhancement to IPv4 could logically join the IPv4 and IPv6 networks together allowing the IPv6 network to grow without the risk of being isolated from the IPv4 network despite the exhaustion of IPv4 address space. 2. Transmission of IPv6 payload via IPv4 Let us suppose that we want an IPv4 only host to communicate with an IPv6 only host directly. We will divide this problem into two tasks. 2.1. Sending a packet from IPv4 to IPv6 The first task is for us to send an IPv4 packet to an IPv6 host. For the packet to be routable to the IPv6 host, it must contain an IPv6 address destination, but the IPv4 packet only has space for an IPv4 address of 32 bits, so it is proposed that we either extend the IPv4 address by including the remaining 96 bits to make an IPv6 address of 128 bits, or that we simply include the full IPv6 address as an IPv6 address extension. Operational experience has shown that the latter Tattam Expires July 18, 2012 [Page 3] Internet-Draft V6viaV4 January 2012 is preferable in that it provides us the freedom to choose an arbitrary IPv4 address as a "helper" address to route the packet to its IPv6 destination (typically a V4 to V6 transponder). To do this, it is proposed that the following IPv4 header option be approved by IANA. This allows a data packet to transit the IPv4 network without the use of tunnels in a stateless manner. Once the packet reaches the transponder, it is reformatted and retransmitted into the IPv6 network where it will reach its ultimate destination. 2.1.1. IPv4 Header Option (IPv6 Address Extension) An IPv6 via IPv4 packet is defined as standard IPv4 packet with the inclusion of a single IPv4 header Option (IPv6 address extension). The layout of this IPv4 header option is as follows. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Code = nnn | Length = 20 | Flags |I|D| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + IPv6 Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IPv4 Header Option (IPv6 Address Extension) 2.1.2. Code (to be allocated) The IPv4 Header Option (IPv6 Address Extension) has a value which as yet unassigned. 2.1.3. Length The IPv4 Header Option (IPv6 Address Extension) has a fixed length of 20 octets 2.1.4. Flags IPv4 Header Option (IPv6 Address Extension) has a 16 bit flags field. Currently the only defined bits are the D (Direction) bit and the I (ignore checksum) . All other values are reserved. Tattam Expires July 18, 2012 [Page 4] Internet-Draft V6viaV4 January 2012 2.1.4.1. D (Direction) bit = 0 The IPv6 Address is a replacement for the IPv4 Destination Address 2.1.4.2. D (Direction) bit = 1 The IPv6 Address is a replacement for the IPv4 Source Address 2.1.4.3. I (ignore checksum) bit = 0 Relevant payload checksums SHOULD BE modified 2.1.4.4. I (ignore checksum) bit = 1 Relevant payload checksums SHOULD NOT be modified. 2.1.4.5. IPv6 Address The full IPv6 address that should replace the source or destination IPv4 address. If D = 0, this represents the destination IPv6 address. If D = 1, this represents the source IPv6 address. 2.1.5. Translation of IPv6 via IPv4 packet to an IPv6 packet A typical V6 via V4 packet header would look like the following. Tattam Expires July 18, 2012 [Page 5] Internet-Draft V6viaV4 January 2012 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | VER=4 |IHL=10 |Type of Service| Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identification |Flags| Fragment Offset | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time to Live | Protocol | Header Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IPv4 Source Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IPv4 Destination Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Code = nnn | Length = 20 | |I|D| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + IPv6 Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Payload | | ...... | IPv6 via IPv4 packet format On receipt of an IPv6 via IPv4 packet a suitable transponder can convert the packet in situ to an IPv6 packet using the following rules. Two cases apply, the first being when a packet is destined to an IPv6 host (D = 0), for which the following rules apply. 1. IPv6.Version = 6 2. IPv6.traffic_class = 0 3. IPv6.flow_label[16:19] = 0 4. IPv6.payload_len = IPv4.len - (IPv4.header_len*4) 5. IPv6.flow_label[0:15] = 0 6. IPv6.next_header = IPv4.protocol 7. IPv6.hop_limit = IPv4.ttl Tattam Expires July 18, 2012 [Page 6] Internet-Draft V6viaV4 January 2012 8. subtract IPv4 addresses from payload checksum if necessary 9. IPv6.src_addr = IPv4.src_addr + V6_VIA_V4_PREFIX 10. /* IPv6.dst_addr = IPV4.option_v6_address_extension.ipv6_address */ 11. add IPv6 addresses to payload checksum if necessary Note that if the IPv6 packet is reconstructed in situ, the rules need to be applied in the above order so as not to overwrite unprocessed information. In particular, the IPv6 flow label and IPv4 packet length overlap. Also note that in step 10, the IPv6 destination will be in the correct place so it need not be copied. Finally it can be observed that the IPv6 source address will be recognizable as coming from the IPv4 network by checking its 96 bit (or 64/32 bit) prefix. Suitable choice of V6_VIA_V4_PREFIX will be discussed later. Also consideration must be made towards modifying payload checksums if necessary. The packet should end up looking like a normal IPv6 packet as follows. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | VER=6 | Traffic Class | Flow Label | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Payload Length | Next Header | Hop Limit | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + IPv6 Source Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + IPv6 Destination Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Payload | | | Tattam Expires July 18, 2012 [Page 7] Internet-Draft V6viaV4 January 2012 The other case is where a packet is received by an IPv4 host which is the ultimate destination for traffic from a native IPv6 host. In this case the direction bit will be set (D=1) indicating that the address extension is for the IPv6 source. The following rules apply to convert the packet from the IPv4 form to the eventual IPv6 form for processing directly within the originating hybrid IPv4/IPv6 host or for retransmission within a local IPv6 LAN. 1. IPv6.Version = 6 2. IPv6.traffic_class = 0 3. IPv6.flow_label[16:19] = 0 4. IPv6.payload_len = IPv4.len - (IPv4.header_len*4) 5. IPv6.flow_label[0:15] = 0 6. IPv6.next_header = IPv4.protocol 7. IPv6.hop_limit = IPv4.ttl 8. subtract IPv4 addresses from payload checksum if necessary 9. IPv6.src_addr = IPV4.option_v6_address_extension.ipv6_address 10. IPv6.dst_addr = IPv4.src_addr + V6_VIA_V4_PREFIX 11. add IPv6 addresses to payload checksum if necessary 2.2. Sending a packet from IPv6 to IPv4 This process is the converse of sending a packet from IPv4 to IPv6 and involves constructing an IPv4 header based on the IPv6 header. There are two possibilities here, the first case is when a packet originates from a native IPv6 host (i.e. a machine on the live IPv6 network) and the second case when a packet originates from an IPv6 host within the IPv4 network. This can be determined by a transponder by examining the IPv6 source address. A packet originating from inside the IPv4 network MUST use an IPv6 address constructed from the special V6_VIA_V4_PREFIX concatenated with it's native IPv4 address. In the case that the IPv6 packet originates from an IPv6 within the IPv6 network, the following rules apply Tattam Expires July 18, 2012 [Page 8] Internet-Draft V6viaV4 January 2012 1. subtract IPv6 addresses from payload checksum if necessary 2. temp_addr = IPv6.src_addr 3. IPv4.dst_addr = IPv6.dst_addr[0:31] 4. IPv4.src_addr = HELPER_ADDRESS(IPv6.src_addr) 5. IPv4.option_v6_address_extension.type = nnn (to be assigned) 6. IPv4.option_v6_address_extension.len = 20 7. IPV4.option_v6_address_extension.D = 1 8. IPv4.option_v6_address_extension.IPv6_address = temp_addr 9. IPv4.version = 4 10. IPv4.header_len = 10 /* (20 + 20)/4 */ 11. IPv4.tos = 0 12. IPv4.len = IPv6.payload_len + (IPv4.header_len *4) 13. IPv4.ttl = IPv6.hop_limit 14. IPv4.id = allocate_new_id 15. IPv4.protocol = IPv6.next_header 16. IPv4.fragment = 0 17. IPv4.dont_fragment = 1 18. IPv4.header_checksum = recalculate header checksum 19. add IPv4 addresses to payload checksum if necessary In the case that the IPv6 packet originates from an IPv6 host within the IPv4 network, the following rules apply 1. subtract IPv6 addresses from payload checksum if necessary 2. IPv4.dst_addr = HELPER_ADDRESS(IPv6.dst_addr) 3. IPv4.src_addr = IPv6.src_addr[0:31] Tattam Expires July 18, 2012 [Page 9] Internet-Draft V6viaV4 January 2012 4. IPv4.option_v6_address_extension.type = nnn (to be assigned) 5. IPv4.option_v6_address_extension.len = 20 6. IPv4.option_v6_address_extension.D = 0 7. /* IPv4.option_v6_address_extension.IPv6_address = IPv6.dst_address */ 8. IPv4.version = 4 9. IPv4.header_len = 10 /* (20 + 20)/4 */ 10. IPv4.tos = 0 11. IPv4.len = IPv6.payload_len + (IPv4.header_len *4) 12. IPv4.ttl = IPv6.hop_limit 13. IPv4.id = allocate_new_id 14. IPv4.protocol = IPv6.next_header 15. IPv4.fragment = 0 16. IPv4.dont_fragment = 1 17. IPv4.header_checksum = recalculate header checksum 18. add IPv4 addresses to payload checksum if necessary 2.3. Optimal Alignment of IPv4 header Now the typical length of an IPv4 header is 20 bytes, whilst that of an IPv6 header is 40 bytes. The size of the IPv6 address extension has been chosen such that the size of an V6 via V4 extended packet is that same size as its equivalent IPv6 packet. Operational experience using tunnels has shown that packet size changes during transit cause an MTU impedance mismatch. If the IPv6 address extension is the only IPv4 header option, then translation to an IPv6 packet can be done in situ. Additionally, for a packet destined to an IPv6 host, the IPv6 destination address will be in the correct place. 2.4. Handling Payload Checksums Certain IP transport protocols such as TCP and UDP contain a payload checksum which includes the address end-points of the packet. Initially, the packet originator SHOULD calculate the checksum using Tattam Expires July 18, 2012 [Page 10] Internet-Draft V6viaV4 January 2012 the ultimate IPv6 source and destinations address. The possibility of IPv4 NATs in the packet path complicates matters somewhat since the traffic is actually live IPv4 traffic, not tunnelled, and a NAT will modify payload checksums, possibly by updating the existing checksum by applying a delta, or by recalculating the checksum. To handle this situation, any V6 via V4 packets within the IPv4 network should be maintained internally consistent. This involves firstly modifying the payload checksum upon entry and exit from the IPv4 network. Initial operational experience has shown that this can be achieved in the following manner. To convert a V4viaV6 payload checksum 1. identify whether the packet needs payload checksum modification 2. if so, proceed further, otherwise no further action is required. 3. remove the IPv4 source and destination addresses from the checksum using ones complement arithmetic 4. include the updated IPv6 source and destination address in the checksum using ones complement arithmetic To convert a V6 payload checksum 1. identify whether the packet needs payload checksum modification 2. if so, proceed further, otherwise no further action is required. 3. remove the IPv6 source and destination addresses from the checksum using ones complement arithmetic 4. include the updated IPv4 source and destination address in the checksum using ones complement arithmetic There are some minor optimizations that can be taken in the process. For example, the V6_VIA_V4_PREFIX will be constant meaning a constant value can be applied for that component of the translation (indeed if the prefix were 0, no adjustment would be required). It can also be determined by a discovery process whether checksum modification is actually required and if not, the I (ignore checksum) bit can be set in the flags of the header option to disable this feature. This feature is still an area for future research. This does not apply to the IPv4 header checksum which must always be valid. The payload checksums for ICMP, ICMPv6, TCP and UDP packets are in a Tattam Expires July 18, 2012 [Page 11] Internet-Draft V6viaV4 January 2012 fixed location in the payload, and these are currently the only protocols for which these actions will be defined. 2.5. Handling ICMP and ICMPv6 traffic It is suggested that ICMPv6 traffic be allowed to traverse the IPv4 network when IPv6 via IPv4 packets are used. This should allow ICMPv6 messages to pass between end points since we are ultimately only interested in IPv6 communication. However there may be times where intervening routers on the IPv4 network may respond with ICMP messages. Any host participating in this process should be prepared to receive ICMP packets if they have originated from the IPv4 network. More operational experience will be required to determine the nature of such traffic. Translation of ICMP messages to ICMPv6 and vice versa is the subject of further research at this stage. 2.6. Additional IPv4 packet considerations For an IPv4 packet to be able to be suitably transmitted, the following restrictions SHOULD be adhered to. o The IPv4 packet SHOULD only contain a single IPv4 header option (IPv6 address extension). o The IPv4 packet MUST have the Don't Fragment bit set (DF=1) , and the Fragment Offset MUST be zero. o The IPv4 header field Type Of Service (TOS) is ignored on conversion to IPv6 and set to zero or default value on conversion from IPv6. o The IPv4 header field Identification (ID) is ignored on conversion to IPv6 and is set to a suitable ID on conversion from IPv6 2.7. Definition of HELPER_ADDRESS() The HELPER_ADDRESS() function is a special function which takes the IPv6 destination address (a native IPv6 address) and converts it into an IPv4 address for transit out of the IPv4 network. Operational testing has shown that there is some flexibility in the choice of HELPER_ADDRESS() which is used to translate IPv6 packets into IPv6 via IPv4 packets. The simplest function would be to use a fixed address, which in real terms would be the IP address of an IPv6 transponder visible from IPv4 hosts able to participate in the IPv6 via IPv4 protocol. Discussed later in this document is a proposal for a version of the Tattam Expires July 18, 2012 [Page 12] Internet-Draft V6viaV4 January 2012 HELPER_FUNCTION() which can be used in a global manner. 2.8. Definition of V6_VIA_V4_PREFIX (IPv6) For this mechanism to operate, IPv6 packets destined for the IPv4 network need to be identified. It is proposed that a well known IPv6 address allocation of at least /32 be allocated for this purpose. It is not known at this stage if this mechanism can coexist with similar prefix allocations for IPv6 NAT mechanisms. For efficiency with typical network infrastructure, it is preferable that it be unique in the IPv6 address space for the top 32 bits of the prefix (i.e. a /32 allocation). 2.9. Local Operation of Protocol For this protocol to function, it needs to differentiate traffic at the network layer. As a minimum in the IPv6 world, IPv4 destined traffic needs to be identifiable with a known prefix, and in the IPv4 world an IPv4 address or network needs to be visible for which transponders exist which bridge the IPv4 and IPv6 worlds. Also any IPv6 capable host which is operating in the IPv4 world should have a local address constructed from its IPv4 address and the V6_VIA_V4_PREFIX. 3. Global Network Allocation for IPv6 via IPv4 traffic One of the significant obstacles to continued growth of the IPv6 network has been that of the address depletion happening faster than was anticipated. This has created two disjoint networks. New address allocations are made from the IPv6 network but these have limited value since only IPv6 network hosts can see them. Conversely, IPv4 address allocations are now at a premium due to scarcity. It would be prudent if there were a standard mechanism by which existing IPv4 hosts could automatically see IPv6 hosts and vice versa. This is termed as the backward compatibility problem. Whilst this proposal can't fully deliver seamless connectivity between the two networks, it can at least go a long way towards that in that any host armed with the IPv6 via IPv4 protocol could potentially achieve full IPv6 connectivity provided the IPv6 network were accessible from the IPv4 network via a well known IPv6 via IPv4 prefix. The local network need not be IPv6 connected or implement IPv6 via IPv4 transponders so long as it can direct any such traffic to a well known IPv4 prefix for such traffic. Given the extreme need for traffic to be able to automatically pass between the two networks in the long term, it is conceivable that a special allocation be made for such traffic. This proposal suggests a possible standard Tattam Expires July 18, 2012 [Page 13] Internet-Draft V6viaV4 January 2012 addressing scheme for IPv6 via IPv4 traffic which obviates the need for end user configuration or transponder discovery. 3.1. HELPER_ADDRESS() function for global IPv6 via IPv4 access One possible HELPER_ADDRESS() function might be the function HELPER_ADDRESS(v6_address) = ((v6_address << 3) >> (V6_VIA_V4_NETWORK_PREFIXLEN + 96) ) + V6_VIA_V4_NETWORK i.e. After removing the top 3 bits, take N bits from the routable part of the IPv6 address and assign them to the subnet address part of the routable IPv4 prefix. Such a prefix could be any allocation from the IPv4 network from /24 up to /8, possibly even up to /4. One possible candidate might be the reserved sections of the IPv4 network such as 224.0.0.0/4, 255.0.0.0/8 or 255.255.0.0/16. The degenerate case would be a single well known address (/32) which could be used to direct traffic to the IPv6 network. 3.2. Definition of V6_VIA_V4_NETWORK (IPv4) For the HELPER_ADDRESS() function to operate on global basis, it would be advantageous to have an IPv4 address allocation of a suitable size that would allow for IPv6 via IPv4 traffic to be routable in a useful manner. This would effectively be an address range which is a window to the IPv6 world from the IPv4 world. 4. Example of IPv6 via IPv4 traffic Let us consider a round trip of an IPv4 host (A) sending a packet to IPv6 host (B). IPv4 host A has only local IPv4 traffic capability and IPv6 host B has only local IPv6 capability. We also assume there is an IPv6 via IPv4 transponder (X) which is accessible from both A and B, i.e. X has both native IPv4 and native IPv6 access. Initially we will also assume that whilst host A has only IPv4 connectivity, it is IPv6 capable, and also understands the IPv6 via IPv4 protocol. Host A will have an IPv4 address and also the pseudo IPv6 address constructed from the well known V6_VIA_V4_PREFIX address space. Transponder X be will transparent to host B, but we assume that any traffic for the V6_VIA_V4_PREFIX address space will be directed to it. Tattam Expires July 18, 2012 [Page 14] Internet-Draft V6viaV4 January 2012 Traffic flow from A to B is as follows. o A requests internally that an IPv6 packet to be sent to B using the IPv6 addresses (v6.src=A.v6_address, v6.dst=B.v6_address) o A then internally translates this packet to an IPv6 via IPv4 packet using the address tuple (v4.src=A.v4_address, v4.dst=X.v4_address, v4.opt_hdr_v6_extension.v6_addr=B.v6_address, v4.opt_hdr_v6_extension.D=0) o A then transmits this packet to X on the IPv4 network. o X receives the packet and retrieves B.v6_address directly from v4.opt_hdr_v6_extension.v6_addr, and deduces A.v6_address from v4.src o X converts it to an IPv6 packet with the address tuple (v6.src=A.v6_address, v6.dst=B.v6_address) o X transmits the packet to B on the IPv6 network. o B receives the packet and processes it as a normal IPv6 packet. Traffic flow from B to A is as follows. o B requests that an IPv6 packet be sent to A using the address tuple (v6.src=B.v6_address, v6.dst=A.v6_address) o B transmits packet to IPv6 network. o IPv6 network routes packet to X as a result of the prefix of v6.dst being equal to V6_VIA_V4_PREFIX. o X receives the IPv6 packet and determines that it should be forwarded to A.v4_address. It extracts the IPv4 destination address from the lower 32 bits of the IPv6 destination address. o X constructs an IPv6 via IPv4 packet in situ with the address tuple (v4.src=X.v4_address, v4.dst=A.v4_address, v4.opt_hdr_v6_extension.v6_addr=B.v6_address, v4.opt_hdr_v6_extension.D=1) o X then retransmits the packet on the IPv4 network to A o A receives the IPv6 via IPv4 packet and reconstructs the original IPv6 packet with the address tuple (v6.src=B.v6_address, v6.dst=A.v6_address). Tattam Expires July 18, 2012 [Page 15] Internet-Draft V6viaV4 January 2012 o A processes the packet as an IPv6 packet. Our network round trip is now complete. There are some variants to this process which can be applied. Suppose that we have another host C which is not IPv6 aware at all. In this case, it would need assistance to reach the IPv6 network. In this case A can act as an agent to make the IPv6 network visible to C. It would need to provide a pool of IPv4 to IPv6 translation pairs which it would need to maintain in a stateful manner. It would also need to supply pseudo IPv4 DNS A records such that C would be able to discover the pseudo IPv4 address of B. The behaviour of A in this case would be similar to traditional IPv6 NAT operation. An additional variant of the basic scenario is that A can also act as an agent for other IPv6 enabled machines which have no IPv6 connectivity but are able to reach A via localized IPv6. In this scenario, each IPv6 machine should be using a local IPv6 address with the V6_VIA_V4_PREFIX. When A is acting as an agent for such traffic, it would follow similar steps to the above example, but replacing the v4.src address in the V6 via V4 packet by the originating IPv6 machine. Another possible variant to this scenario is when X is not identified as a specific machine, but is rather the destination route for a known IPv4 network prefix using the extended HELPER_ADDRESS() function described earlier in the document. In this manner, the transponder functions could be distributed based upon the IPv6 prefix of destination from the IPv4 side. From the IPv6 network side, transmitting back to the IPv4 network could be either an all-or-nothing style of routing or some coarse grained routing could be applied to the component IPv4 destination address. However in order to conform with the strong aggregation of IPv6, such behaviour should be deprecated. Theoretically, all IPv4 machines should be reachable from the IPv6 network and vice versa as long as any such machines are IPv6 via IPv4 capable and that there are transponders at transition points between the two networks. It should also be noted that the transponder component of this protocol is stateless, and that there is no MTU change for transition for packets from IPv4 to IPv6. The only significantly identifiable transponder cost would be the cost of rearranging the packet and recalculation of payload checksums if required. IPv4 header checksum recalculation is only required for the return path from an IPv6 host Tattam Expires July 18, 2012 [Page 16] Internet-Draft V6viaV4 January 2012 to an IPv4 host. 5. IANA Considerations This document requests the following from IANA 1. A number assignment for the IPv4 header option IPV6_ADDRESS_EXTENSION 2. A global IPv6 address /32 allocation (V6_VIA_V4_PREFIX) to identify traffic destined for the IPv4 network from the IPv6 network. An allocation which simplifies or obviates the need to V4-V6 address checksum recalculation would be desirable. 3. A global IPv4 address in the range /24 up to /8 allocation (V6_VIA_V4_NETWORK) to identify traffic destined for the IPv6 network from the IPv4 network. Note to RFC Editor: this section may be removed on publication as an RFC. 6. Security Considerations IPv6-IPv4 transponders will have a similar function to routers in that they will be handling high volumes of traffic. While the stateless mechanism described should have a trivially small amount of computing to rebuild the packet which comprises of reordering the header and possibly recomputing check sums, it may still be subject to denial of service issues. It is conceivable that transponders may become overloaded from the receipt of traffic over which it has no control. This is however a similar scenario to that of core routers having to deal with transit traffic, and similar measures should apply. Any host which implements this protocol extension in a hybrid IPv4/ IPv6 stack should take care that translated packets are managed correctly to prevent address space back doors. Operational experience has indicated that some implementations and firewalls may reject or flag packets containing the extended IPv4 header options. In particular it was noticed that one TCP/IP stack sent ICMP parameter problem messages in response to valid IPv4 header options. There needs to be negotiation with TCP/IP stack and firewall vendors to resolve such issues. Tattam Expires July 18, 2012 [Page 17] Internet-Draft V6viaV4 January 2012 7. Acknowledgements The author wishes to thank internet pioneer Vint Cerf for his insightful thoughts during early drafts of this proposal. The author also wishes to thank Medical-Objects Pty Ltd for the continuing use of their IPv6 enabled infrastructure in the development of this proposal. 8. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, December 1998. Author's Address Peter Tattam Tattam Software Enterprises Pty Ltd, Hobart, Australia Tattam Expires July 18, 2012 [Page 18]