Internet DRAFT - draft-xu-behave-ivit

draft-xu-behave-ivit






Network Working Group                                              M. Xu
Internet-Draft                                                    C. Xia
Intended status: Experimental                                      X. Li
Expires: January 7, 2010                                          Y. Cui
                                                                   J. Wu
                                                     Tsinghua University
                                                            July 6, 2009


                            IVIT(IVI+Tunnel)
                        draft-xu-behave-ivit-00

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on January 7, 2010.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.






Xu, et al.               Expires January 7, 2010                [Page 1]

Internet-Draft                    IVIT                         July 2009


Abstract

   This document proposes a mechanism, IVIT (IVI+Tunnel), to support
   non-IVI IPv6 hosts to communicate with IPv4 hosts, and vice versa.
   IVIT combines IVI translation and Tunnel methods with the IVI
   translation at the core and the tunnel at the edge.  In this
   document, IVIT provides two modes.  One is the dual-stack host mode,
   which supports the communication between a dual-stack host in an IPv4
   network and a non-IVI IPv6 host, especially the communication
   scenario between a dual-stack server in an IPv4 network and a non-IVI
   IPv6 host.  The other is the CPE mode, which supports the
   communication between an IPv4-only host and a non-IVI IPv6 host,
   especially the bidirectional communication scenario between a private
   IPv4 network and a non-IVI IPv6 network.  Combined with IVI, IVIT can
   support the communication between IPv4 networks and IPv6 networks
   statelessly at the core.



































Xu, et al.               Expires January 7, 2010                [Page 2]

Internet-Draft                    IVIT                         July 2009


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
   2.  Dual-Stack Host Mode . . . . . . . . . . . . . . . . . . . . .  6
     2.1.  Basic Idea of the Dual-Stack Host Mode . . . . . . . . . .  6
     2.2.  The IPv6 Address Format of the Dual-stack Host . . . . . .  6
     2.3.  Upgrade of an IPv4 Host  . . . . . . . . . . . . . . . . .  7
     2.4.  Application Scenarios  . . . . . . . . . . . . . . . . . .  7
     2.5.  The Communication Process  . . . . . . . . . . . . . . . .  7
     2.6.  An Example . . . . . . . . . . . . . . . . . . . . . . . .  8
   3.  CPE Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
     3.1.  Basic Idea of the CPE Mode . . . . . . . . . . . . . . . . 10
     3.2.  CPE Modified Operation . . . . . . . . . . . . . . . . . . 10
     3.3.  The Mapping Rule between the CPE IPv6 address and the
           IPv4 only address  . . . . . . . . . . . . . . . . . . . . 10
     3.4.  Application Scenarios  . . . . . . . . . . . . . . . . . . 11
     3.5.  The Communication Process  . . . . . . . . . . . . . . . . 11
     3.6.  An Example . . . . . . . . . . . . . . . . . . . . . . . . 13
   4.  Integrated with IVI  . . . . . . . . . . . . . . . . . . . . . 14
   5.  Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 15
   6.  Security Considerations  . . . . . . . . . . . . . . . . . . . 16
   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 17
   8.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 18
     8.1.  Normative References . . . . . . . . . . . . . . . . . . . 18
     8.2.  Informative References . . . . . . . . . . . . . . . . . . 18
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 19

























Xu, et al.               Expires January 7, 2010                [Page 3]

Internet-Draft                    IVIT                         July 2009


1.  Introduction

   IVI[1] is a simple and stateless translation mechanism for resolving
   the communication problem between an IPv6 network and an IPv4
   network.  In IVI, address translation and protocol translation are
   adopted.  In the address translation, IVI defines an address mapping
   rule, as shown in Figure 1, where bits from 32 to 39 are all
   identifiers of IVI, and bits from 40 to 71 are embedded global IPv4
   space.  Because the mapping is 1-to-1 mapping, IVI is stateless and
   has the feature of end-to-end address transparency.  The protocol
   translation in IVI obeys SIIT[2].


      | 0                 |32 |40                   |72             127|
      ------------------------------------------------------------------
      |                   |FF |                     |                  |
      ------------------------------------------------------------------
      |<-  IPv6 prefix  ->|   |<-  IPv4 address   ->|<- zero padding ->|


   Figure 1: IVI Address Mapping Rule

   IVI is simple and scalable.  In IVI, the communication between the
   IPv4 network and the IVI IPv6 network is stateless.  But IVI can't
   support the stateless communication between the non-IVI IPv6 network
   and the IPv4 network.

   NAT-PT[3] can support the stateful communication between the non-IVI
   IPv6 network and the IPv4 network.  However, NAT-PT has been
   obsolete.  The Non-IVI IPv6 networks account for a large proportion
   of the total IPv6 networks.  So providing a simple method to
   communicate between a non-IVI IPv6 network and an IPv4 network is
   important.

   In this document, IVIT (IVI+Tunnel) mechanism is proposed for
   supporting the communication between a non-IVI IPv6 network and an
   IPv4 network.

   The basic idea of IVIT is the combination of IVI and Tunnel, which
   mixes IVI address mapping rule, ISATAP[4] tunnel mechanism and 6to4
   [5][6]tunnel mechanism together.  IVIT has two modes.  One is dual-
   stack host mode, in which IPv4-only hosts are upgraded to dual-stack
   hosts which can support encapsulation and decapsulation.  The dual-
   stack host mode mainly borrows the idea from ISATAP tunnel mechanism
   to construct the IPv6 in IPv4 tunnel between the dual-stack host in
   an IPv4 network and the IVI gateway.  The other is CPE mode.  In this
   mode, CPEs are upgraded from IPv4 only to dual-stack, and support
   encapsulation/decapsulation and address mapping.  The CPE mode uses



Xu, et al.               Expires January 7, 2010                [Page 4]

Internet-Draft                    IVIT                         July 2009


   the 6to4 tunnel mechanism for reference to construct the tunnel
   between the CPE and the IVI Gateway.  Whichever mode, the IVI Gateway
   has no change in the address and protocol translation.  Of course,
   IVI gateway needs to support tunnel encapsulation and decapsulation.
   So IVIT is stateless at the core.














































Xu, et al.               Expires January 7, 2010                [Page 5]

Internet-Draft                    IVIT                         July 2009


2.  Dual-Stack Host Mode

2.1.  Basic Idea of the Dual-Stack Host Mode

    IPv4 network                                             IPv6 network
     /-----\                                                    /-----\
    (  +-+  )                   -------------                  (  +-+  )
    (  |H|==)==========//=====>| IVI gateway |----//---------- (  |H|  )
    (  +-+  )                   -------------                  (  +-+  )
     \-----/                                                    \-----/
        a                                                          a
    Dual-stack                                                   non-IVI
      Host                                                        IPv6
                                                                  Host
         -------IPv6 in IPv4----------->
      Tunnel                     Tunnel

    IPv6 in IPv4 Tunnel between the dual-stack host
    in an IPv4 network and the IVI gateway


   Figure 2: Dual-stack host mode

   Figure 2 shows the basic idea of the dual-stack host mode.  If a
   dual-stack host in an IPv4 network communicates with a non-IVI IPv6
   host, the dual-stack host firstly constructs the IPv6 packets where
   the Src address is local IPv6 address and the Dst address is the IPv6
   address of the non-IVI IPv6 host.  For transmitting the IPv6 packets
   over the IPv4 network, the IPv6 in IPv4 tunnel is built with the IVI
   gateway and the dual-stack host as its endpoints.  The IPv6 packets
   are encapsulated into the IPv4 packets, which arrive at the IVI
   gateway and are decapsulated into the IPv6 packets.  The IVI gateway
   forwards the IPv6 packets to the non-IVI IPv6 host.  The reverse
   communication is similar.

2.2.  The IPv6 Address Format of the Dual-stack Host

   In IVIT, we still use the IVI address mapping rule to assign or
   configure the IPv6 address of the dual-stack host.  But we change the
   eight bits from 32 to 39 for differentiating IVI feature into eight
   zeros to identify IVIT mapping, as shown in Figure 3.  During the
   communication, we can distinguish the IPv4 address from the IVI
   address.








Xu, et al.               Expires January 7, 2010                [Page 6]

Internet-Draft                    IVIT                         July 2009


      | 0                 |32 |40                   |72             127|
      ------------------------------------------------------------------
      |                   |00 |                     |                  |
      ------------------------------------------------------------------
      |<-  IPv6 prefix  ->|   |<-  IPv4 address   ->|<- zero padding ->|



   Figure 3: The IPv6 address format of the dual-stack host

2.3.  Upgrade of an IPv4 Host

   If an IPv4-only host wants to communicate with a non-IVI IPv6 host,
   it must upgrade to a dual-stack host.  In the dual-stack host, the
   IPv6 address is assigned or configured as 2.2 format, so we can
   extract the IPv4 address from the IPv6 address to build the IPv6 in
   IPv4 tunnel automatically.  In this mode, the modified host may
   construct the IPv6 packets.  Meanwhile, it must support
   encapsulation/decapsulation in order to build the tunnel between the
   dual-stack host and the IVI gateway.

2.4.  Application Scenarios

   The dual-stack host mode mainly supports the application scenarios of
   a non-IVI IPv6 host accessing a dual-stack server.  Giving an IPv4-
   only server in an IPv4 network, the server might be accessed by all
   IPv6 hosts if upgraded into dual-stack host mode.  Of course, the
   mode supports the communication between a dual-stack host in an IPv4
   network and a non-IVI IPv6 server.

2.5.  The Communication Process

   Giving a communication between an IPv6 host and an IPv4-only host, if
   the IPv6 host is an IVI IPv6 host, we take the IVI mechanism to
   realize the communication.  However, if the IPv6 host is a non-IVI
   IPv6 host, we adopt the IVIT mechanism instead.  That is to say, the
   IVI and IVIT's integration may solve the communication problem
   between an IPv4 network and an IPv6 network and ensure statelessness
   at the core without DNS-ALG.  In this section, we mainly give a
   detailed description about the communication between a non-IVI Ipv6
   host and a dual-stack host in an IPv4 network.

   First of all, we describe the communication between a dual-stack host
   in an IPv4 network and a non-IVI IPv6 host.  If a non-IVI IPv6 host H
   accesses a dual-stack server S in an IPv4 network, which is a main
   application scenario of dual-stack host mode, S's IPv6 address is
   according to 2.2 format.  Meanwhile, S and the IVI gateway support
   encapsulation/decapsulation.



Xu, et al.               Expires January 7, 2010                [Page 7]

Internet-Draft                    IVIT                         July 2009


   The communication from H to S is as follows.  H queries DNS server
   for S address and DNS server returns the S's IPv6 address.  Then, H
   sends the IPv6 packets where Src IPv6 address is H's address and Dst
   IPv6 address is S's IPv6 address of the dual-stack server to the IVI
   gateway.  The IVI gateway extracts the destination's IPv4 address
   from the Dst IPv6 address and encapsulates the IPv6 packets into IPv4
   packets since the eight bits from 32 to 39 are all zeros (IVIT ID),
   where Src IPv4 address is IVI gateway's IPv4 address and Dst IPv4
   address is S's IPv4 address obtained from the Dst IPv6 address, and
   then forwards the IPv4 packets to S. S decapsulates the IPv4 packets
   and hands the IPv6 packets to the upper layer.

   The response is as follows.  S constructs the IPv6 packets where Src
   IPv6 address is local IPv6 address and Dst IPv6 address is H's
   address.  Then S encapsulates IPv6 packets into IPv4 packets where
   Src IPv4 address is S's IPv4 address and Dst IPv4 address is IVI
   gateway's IPv4 address, and then sends the IPv4 packets to IVI
   gateway.  IVI gateway decapsulates IPv4 packets and forwards the IPv6
   packets to H.

   If a dual-stack host H in an IPv4 network communicates with a non-IVI
   IPv6 server S, H's IPv6 addresses are 2.2 format.  H and IVI gateway
   support encapsulation/decapsulation.  The communication is as
   follows.  H queries DNS server for S address and DNS server returns
   S's address.  H constructs the IPv6 packets where Src IPv6 address is
   local IPv6 address and Dst IPv6 address is S's address.  Then H
   encapsulates IPv6 packets into IPv4 packets where Src IPv4 address is
   H's IPv4 address and Dst IPv4 address is IVI gateway's IPv4 address,
   and sends the IPv4 packets to IVI gateway.  IVI gateway decapsulates
   the IPv4 packets and forwards the IPv6 packets to S.

   The response is as follows.  S sends the IPv6 packets where Src IPv6
   address is S's address and Dst IPv6 address is H's IPv6 address.  IVI
   gateway encapsulates the IPv6 packets into IPv4 packets where Src
   IPv4 address is IVI gateway's IPv4 address and Dst IPv4 address is
   H's IPv4 address obtained from the Dst IPv6 address, and forwards the
   IPv4 packets to H. H decapsulates the IPv4 packets and hands the IPv6
   packets to the upper layer.

2.6.  An Example

   Suppose a non-IVI IPv6 host with the address 3FFE:3600:8::1 access a
   dual-stack server in an IPv4 network whose IPv4 and IPv6 addresses
   are 163.162.1.1 and 2001:da8:00a3:a201:0100::0/72, where 2001:da8 is
   the ISP's IVI IPv6 prefix.  The IVI gateway has the IPv4 address
   140.125.1.3 and the IPv6 address 2001:da8:ff8c:7d01:0300::0/72(the
   IVI address).  The non-IVI IPv6 host sends the IPv6 packets where the
   Src address is 3FFE:3600:8::1 and the Dst address is 2001:da8:00a3:



Xu, et al.               Expires January 7, 2010                [Page 8]

Internet-Draft                    IVIT                         July 2009


   a201:0100::0/72.  When the IPv6 packets arrive at the IVI gateway,
   the IVI gateway encapsulates the IPv6 packets into the IPv4 packets
   where the Src address is 140.125.1.1 and the Dst address is
   163.162.1.1 obtained from the Dst IPv6 address.  Then, forward the
   IPv4 packets to the dual-stack server.  The dual-stack server
   receives these packets and decapsulates the IPv4 packets into the
   IPv6 packets, then sends to the upper layer.

   The response process is as follows.  The dual-stack server sends the
   IPv6 packets where Src address is 2001:da8:00a3:a201:0100::0/72 and
   Dst address is 3FFE:3600:8::1.  For transmitting the IPv6 packets in
   the IPv4 network, the dual-stack server then encapsulates the IPv6
   packets into the IPv4 packets where the Src address is 163.162.1.1
   and the Dst address is 140.125.1.3.  When the encapsulation packets
   arrive at the IVI gateway, the IVI gateway decapsulates the packets
   and gets the IPv6 packets.  Then, the IVI gateway forwards the IPv6
   packets to the destination 3FFE:3600:8::1.


































Xu, et al.               Expires January 7, 2010                [Page 9]

Internet-Draft                    IVIT                         July 2009


3.  CPE Mode

3.1.  Basic Idea of the CPE Mode

   The basic idea of the CPE Mode is similar to that of the dual-stack
   host mode.  But, in this mode, the IPv4-only host needs no change and
   the CPE is modified into dual-stack and becomes the endpoint of the
   tunnel.

3.2.  CPE Modified Operation

   In the CPE mode, the IPv4-only host has no change and the CPE is
   upgraded to dual-stack.  The modified CPE supports encapsulation/
   decapsulation and mapping.  For mapping, the CPE has an IPv4 address
   pool.  The CPE maintains the mapping between the IPv6 host's IPv6
   address and an IPv4 address in the IPv4 address pool.  Since the IPv4
   addresses mapped from the IPv6 host's IPv6 address are used locally,
   private IPv4 addresses can be used to in the IPv4 address pool.  The
   IPv4 hosts' IPv4 addresses can also be private addresses.  The IVI
   extended IPv6 address of the dual-stack CPE is according to section
   3.2.  Constructing the IPv6 packets and establishing the tunnel on
   the CPE resemble the dual-stack host mode.  But there are some
   differences as follows.

   1) When an IPv4-only host wants to access an IPv6 host, the IPv4-only
   host does DNS query and the DNS server returns the IPv6 address of
   the IPv6 host.  The CPE can capture the DNS response, and map the
   IPv6 host's IPv6 address into one IPv4 address from the IPv4 address
   pool, then send the IPv4 address to the IPv4-only host.  The IPv4-
   only host uses the IPv4 address as the Dst IPv4 address to construct
   IPv4 packets.

   2) When constructing the IPv6 packets, CPE uses the IVI extended IPv6
   address as Src address, and uses the IPv6 address mapped from Dst
   IPv4 address in IPv4 packets as Dst address.

3.3.  The Mapping Rule between the CPE IPv6 address and the IPv4 only
      address

   We need a mapping rule between the CPE's IPv6 address and the IPv4-
   only address in two cases.  One is that the CPE translates the IPv4
   packets into the IPv6 packets where the Src IPv6 address is created
   by the mapping rule.  The other is that an IPv6 address accesses a
   private IPv4 address where the mapping rule is adopted to
   differentiate the private IPv4 address from the Dst CPE IPv6 address.
   The mapping rule is shown in Figure 4.





Xu, et al.               Expires January 7, 2010               [Page 10]

Internet-Draft                    IVIT                         July 2009


     | 0             |32 |40              |72              |104     127|
     ------------------------------------------------------------------
     |               |00 |                |                |           |
     ------------------------------------------------------------------
     |<-IPv6 prefix->|   |<-IPv4 address->|<-IPv4 address->|<-  zero ->|
                               of CPE      of the IPv4 host    padding


   Figure 4: The mapping rule between the IPv4 address and the CPE's
   IPv6 address

   In this 1-to-1 mapping, the bits from 72 to 103 are IPv4 address of
   the IPv4-only host.  Accordingly, we can identify the address of the
   IPv4-only host from the CPE's IPv6 address.  Meanwhile, the DNS
   server creates a mapping in the DNS.  For example, if the IPv4
   address of an IPv4-only host is 10.10.20.1 and the CPE's IPv6 address
   is 2001:da8:000A:0A0A:0100::0/72, the mapped IPv6 address is 2001:
   da8:000A:0A0A:010A:0A14:0100::0/104.  If another IPv4 address is
   10.10.30.1, the mapped IPv6 address is 2001:da8:000A:0A0A:010A:0A1E:
   0100::0/104.  When the IPv6 address 2001:da8:000A:0A0A:010A:0A14:
   0100::0/104 is received, we can map into the 10.10.20.1 IPv4 address.
   And if the address 2001:da8:000A:0A0A:010A:0A1E:0100::0/104 is
   received, we can map into the 10.10.30.1 IPv4 address.  Contrarily,
   if the address 10.10.30.1 is received, the CPE translates the IPv4
   address into 2001:da8:000A:0A0A:010A:0A1E:0100::0/104.

3.4.  Application Scenarios

   The CPE mode supports the communication between an IPv4 network and
   an IPv6 network, especially the bidirectional communications between
   a private IPv4 host and a non-IVI IPv6 host.

3.5.  The Communication Process

   Giving a communication between an IPv6 host and an IPv4-only host, if
   the IPv6 host is an IVI IPv6 host, we take the IVI mechanism to
   realize the communication.  However, if the IPv6 host is a non-IVI
   IPv6 host, we adopt the IVIT mechanism instead.  That is to say, the
   IVI and IVIT's integration may solve the communication problem
   between an IPv4 network and an IPv6 network, and ensure statelessness
   at the core without DNS-ALG.  In this section, we mainly give a
   detailed description about the communication between a non-IVI Ipv6
   host and a private IPv4 host in an IPv4 network.

   If a private IPv4 host H accesses a non-IVI IPv6 server S, the
   communication process is as follows.  H queries the Dst address from
   DNS server.  At first, H sends the query packets, and DNS server
   returns the S's address to CPE.  CPE then receives the returned



Xu, et al.               Expires January 7, 2010               [Page 11]

Internet-Draft                    IVIT                         July 2009


   packets and identifies that the address is an IPv6 address and
   extracts an IPv4 address from the address pool to map the IPv6
   address, and then returns the selected IPv4 address to H. H sends the
   IPv4 packets where the src address is local address and the Dst
   address is the mapped IPv4 address from the CPE.  The CPE receives
   the IPv4 packets, constructs the IPv6 packets where Src IPv6 address
   is obtained from the mapping rule described in Section 3.3 and the
   Dst IPv6 address is S's address (query the mapping list, get the
   corresponding IPv6 address from the Dst IPv4 address in the IPv4
   packets).  CPE encapsulates IPv6 packets into IPv4 packets where Src
   IPv4 address is CPE's IPv4 address and Dst IPv4 address is IVI
   gateway's IPv4 address and sends the IPv4 packets to IVI gateway.
   IVI gateway decapsulates IPv4 packets and forwards the IPv6 packets
   to S.

   The responding packets are as follows.  S sends the IPv6 packets
   where Src IPv6 address is S's address and Dst IPv6 address is the
   received IPv6 address to IVI gateway.  IVI gateway encapsulates the
   IPv6 packets into IPv4 packets where Src IPv4 address is IVI
   gateway's IPv4 address and Dst IPv4 address is CPE's IPv4 address
   obtained from the Dst Ipv6 address, and forwards the IPv4 packets to
   CPE.  CPE decapsulates the IPv4 packets, translates the IPv6 packets
   into the IPv4 packets(query the mapping table, use the mapping rule
   described in Section 3.3 and get the corresponding address
   information) and sends the IPv4 packets to H.

   If a non-IVI IPv6 host H communicates with a private IPv4 server S in
   an IPv4 network.  The communication is as follows.  At first, H
   queries the address information of S. DNS server returns the IPv6
   address according to the mapping rule described in Section 3.3.  H
   receives the response and sends the IPv6 packets where Src IPv6
   address is H's address and Dst IPv6 address is the returned IPv6
   address to IVI gateway.  IVI gateway encapsulates the IPv6 packets
   into IPv4 packets where Src IPv4 address is IVI gateway's IPv4
   address and Dst IPv4 address is CPE's IPv4 address, and forwards the
   IPv4 packets to CPE.  CPE decapsulates the IPv4 packets, translates
   the IPv6 packets into the IPv4 packets and sends the IPv4 packets to
   S.

   The responding packets are as follows.  S sends the IPv4 packets
   according to the sent address information.  CPE constructs the IPv6
   packets according to the address mapping table.  Then CPE
   encapsulates IPv6 packets into IPv4 packets where Src IPv4 address is
   CPE's IPv4 address and Dst IPv4 address is IVI gsteway's IPv4
   address, and sends the IPv4 packets to IVI gateway.  IVI gateway
   decapsulates IPv4 packets and forwards the IPv6 packets to H.





Xu, et al.               Expires January 7, 2010               [Page 12]

Internet-Draft                    IVIT                         July 2009


3.6.  An Example

   Suppose a non-IVI IPv6 host with the address 3FFE:3600:8::1
   communicates with a private IPv4-only host whose IP address is
   10.10.20.3.  In this communication, the IP addresses of the
   corresponding CPE are 163.162.1.1 and 2001:da8:00a3:a201:0100::0/72.
   The CPE establishes the mapping 192.168.5.12<->3FFE:3600:8::1.  The
   IVI gateway has the IPv4 address 140.125.1.3 and the IPv6 address
   2001:da8:ff8c:7d01:0300::0/72(the IVI address).

   Firstly, the non-IVI IPv6 host queries the Dst IP address, and DNS
   server returns the IPv6 address 2001:da8:00a3:a201:010A:0A14:0300::0/
   104.  The IPv6 host sends the IPv6 packets where the Src address is
   3FFE:3600:8::1 and the Dst address is 2001:da8:00a3:a201:010A:0A14:
   0300::0/104.  When the IPv6 packets arrive at the IVI gateway, it
   encapsulates the IPv6 packets into the IPv4 packets where the Src
   address is 140.125.1.1 and the Dst address is 163.162.1.1 obtained
   from the Dst IPv6 address, and forwards the IPv4 Packets to the dual-
   stack CPE.  The dual-stack CPE receives these packets and
   decapsulates the IPv4 packets into the IPv6 packets where the Src
   address is 3FFE:3600:8::1 and the Dst address is 2001:da8:00a3:a201:
   010A:0A14:0300::0/104.  Then the CPE queries the mapping table bases
   on the mapping rule described in Section 4.2, and obtains the
   corresponding mapping.  At last, it sends the IPv4 packets where the
   src address is 192.168.5.12 and the dst address is 10.10.20.3 to the
   private IPv4 server.

   The response process is as follows.  The private IPv4 server sends
   the IPv4 packets where the Src address is 10.10.20.1 and the Dst
   address is 192.168.5.12.  The dual-stack CPE receives the IPv4
   packets and constructs the IPv6 packets where the Src address is
   2001:da8:00a3:a201:010A:0A14:0300::0/104, and the Dst address is
   3FFE:3600:8::1.  For transmitting the IPv6 packets in the IPv4
   network, the dual-stack CPE then encapsulates the IPv6 packets into
   the IPv4 packets where the Src address is 163.162.1.1 and the Dst
   address is 140.125.1.3.  When the encapsulation packets arrive at the
   IVI gateway, it decapsulates the packets and gets the IPv6 packets.
   Then, the IVI gateway forwards the translated IPv6 packets to the Dst
   address 3FFE:3600:8::1.












Xu, et al.               Expires January 7, 2010               [Page 13]

Internet-Draft                    IVIT                         July 2009


4.  Integrated with IVI

   Owing to IVIT, the IVI gateway must identify IVIT from IVI.  The
   identification mechanism should be adopted in The IVI gateway.  In
   the identification mechanism, the operation of the IVI gateway should
   be classified into the following two cases.

   1) When the IVI gateway receives the IPv6 packets, if the dst address
   in the IPv6 packets is an IVI IPv6 address, the IVI gateway
   implements the IVI function, if the dst address isn't an IVI IPv6
   address, the IVI gateway implements the IVIT function.

   2) When the IVI gateway receives the IPv4 packets, if the dst address
   in the IPv4 packets isn't the IVI gateway's address, the IVI gateway
   implements the IVI function, if the dst address is the IVI gateway's
   address, the IVI gateway implements the IVIT function.



































Xu, et al.               Expires January 7, 2010               [Page 14]

Internet-Draft                    IVIT                         July 2009


5.  Conclusion

   In this draft, we proposed an IVI+Tunnel mechanism to solve the
   communication problem between a non-IVI IPv6 network and an IPv4
   network.  IVIT has evident advantages in the following three aspects.

   1) In the dual-stack host mode, all IPv6 hosts may access the dual-
   stack servers in an IPv4 network.

   2) In the CPE mode, the address pool of a CPE may use the private
   addresses, which saves more global IPv4 addresses.

   3) In the CPE mode, IVIT may support the bidirectional communication
   between a private IPv4 network and an IPv6 network.

   Integrating IVI and IVIT may resolve the communication problem
   between an IPv4 network and an IPv6 network.  IVI and IVIT union is
   stateless at the core and without DNS-ALG related issues.  So IVIT
   has high scalability and effectiveness.
































Xu, et al.               Expires January 7, 2010               [Page 15]

Internet-Draft                    IVIT                         July 2009


6.  Security Considerations

   This document presents IVIT (IVI+Tunnel) for the communication
   between an IPv4 network and a non-IVI IPv6 network.  The IPv4
   security and IPv6 security issues should be addressed using related
   documents of each address family and are not included in this
   document.












































Xu, et al.               Expires January 7, 2010               [Page 16]

Internet-Draft                    IVIT                         July 2009


7.  IANA Considerations


















































Xu, et al.               Expires January 7, 2010               [Page 17]

Internet-Draft                    IVIT                         July 2009


8.  References

8.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2765]  Nordmark, E., "Stateless IP/ICMP Translation Algorithm
              (SIIT)", RFC 2765, February 2000.

   [RFC2766]  Tsirtsis, G. and P. Srisuresh, "Network Address
              Translation - Protocol Translation (NAT-PT)", RFC 2766,
              February 2000.

   [RFC5214]  Templin, F., Gleeson, T., and D. Thaler, "Intra-Site
              Automatic Tunnel Addressing Protocol (ISATAP)", RFC 5214,
              March 2008.

   [RFC3056]  Carpenter, B. and K. Moore, "Connection of IPv6 Domains
              via IPv4 Clouds", RFC 3056, February 2001.

   [RFC3068]  Huitema, C., "An Anycast Prefix for 6to4 Relay Routers",
              RFC 3068, June 2001.

   [RFC4966]  Aoun, C. and E. Davies, "Reasons to Move the Network
              Address Translator - Protocol Translator (NAT-PT) to
              Historic Status", RFC 4966, July 2007.

8.2.  Informative References

   [I-D.xli-behave-ivi]
              Li, X., Bao, C., Chen, M., Zhang, H., and J. Wu, "The
              CERNET IVI Translation Design and Deployment for the IPv4/
              IPv6  Coexistence and Transition", draft-xli-behave-ivi-02
              (work in progress), June 2009.
















Xu, et al.               Expires January 7, 2010               [Page 18]

Internet-Draft                    IVIT                         July 2009


Authors' Addresses

   Mingwei Xu
   Tsinghua University
   Department of Computer Science, Tsinghua University
   Beijing  100084
   P.R.China

   Phone: +86-10-6278-5822
   Email: xmw@csnet1.cs.tsinghua.edu.cn


   Chunmei Xia
   Tsinghua University
   Department of Computer Science, Tsinghua University
   Beijing  100084
   P.R.China

   Phone: +86-10-6278-5822
   Email: xcm1977@sina.com


   Xing Li
   Tsinghua University
   Department of Electronic Engineering, Tsinghua University
   Beijing  100084
   P.R.China

   Phone: +86-10-6278-5983
   Email: xing@cernet.edu.cn


   Yong Cui
   Tsinghua University
   Department of Computer Science, Tsinghua University
   Beijing  100084
   P.R.China

   Phone: +86-10-6278-5822
   Email: cuiyong@tsinghua.edu.cn











Xu, et al.               Expires January 7, 2010               [Page 19]

Internet-Draft                    IVIT                         July 2009


   Jianping Wu
   Tsinghua University
   Department of Computer Science, Tsinghua University
   Beijing  100084
   P.R.China

   Phone: +86-10-6278-5983
   Email: jianping@cernet.edu.cn











































Xu, et al.               Expires January 7, 2010               [Page 20]