Transitioning IPv4 to IPv6

© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 1
Transitioning IPv4 to
IPv6

2© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public
IPv6 Co-existence Solutions
Tunneling
Services
Connect Islands of IPv6 or IPv4
IPv4 over IPv6 IPv6 over IPv4
Dual-Stack
Enterprise Co-existence strategy
Translation
Services
Connect to the IPv6 community
IPv4
IPv6
Internet consumers
Remote Workers
International Sites
Government Agencies
IPv6
IPv4

Dual Stack

Dual-Stack Techniques
 Hosts and network devices run both IPv4 and IPv6 at the
same time.
• This technique is useful as a temporary transition, but it adds
overhead and uses many resources.
 Cisco IOS Software is IPv6 ready.
• As soon as IPv4 and IPv6 configurations are complete, the interface is
dual stacked and it forwards both IPv4 and IPv6 traffic.
 Drawback of dual stacking includes:
• The additional resources required to keep and process dual routing
tables, routing protocol topology tables, etc.
• The higher administrative overhead, troubleshooting, and monitoring,
is more complex.

Dual-Stack Example
 The FastEthernet 0/0 interface of R1 is dual stacked.
• It is configured with an IPv4 and an IPv6 address.
• Also notice that for each protocol, the addresses on R1 and R2 are on
the same network.
R2
10.10.10.1
R1
R1(config)# interface fa0/0
R1(config-if)# ip address 10.10.10.1 255.255.255.0
R1(config-if)# ipv6 address 2001:12::1/64
R1(config-if)# ^Z
R1#
10.10.10.2
2001:12::1/64 2001:12::2/64

Dual-Stack Example
 The output confirms that the Fa0/0 interface is operational and uses the
IPv4 address.
R1# show ip interface fa0/0
FastEthernet0/0 is up, line protocol is up
Internet address is 10.10.10.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always present
<output omitted>
R2
10.10.10.1
R1
10.10.10.2
2001:12::1/64 2001:12::2/64

Dual-Stack Example
 The output confirms that the Fa0/0 interface is operational and also
uses the IPv6 address.
R1# show ipv6 interface fa0/0
FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::219:56FF:FE2C:9F60
Global unicast address(es):
2001:12::1, subnet is 2001:12::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:1
FF02::1:FF2C:9F60
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
<output omitted>
R2
10.10.10.1
R1
10.10.10.2
2001:12::1/64 2001:12::2/64

Tunneling

Tunneling Techniques
 Isolated IPv6 networks are connected over an IPv4
infrastructure using tunnels.
 The edge devices are the only ones that need to be dual-
stacked.
 Scalability may be an issue if many tunnels need to be
created.
• Tunnels can be either manually or automatically configured,
depending on the scale required and administrative overhead
tolerated.

 For IPv6, tunneling is an integration method in which an
IPv6 packet is encapsulated within IPv4.
 This enables the connection of IPv6 islands without the
need to convert the intermediary network to IPv6.

 In this example, the tunnel between sites is using:
• IPv4 as the transport protocol (the protocol over which the tunnel is
created).
• IPv6 is the passenger protocol (the protocol encapsulated in the tunnel
and carried through the tunnel).
• GRE is used to create the tunnel, and is known as the tunneling
protocol.

Types of Tunnels
 Tunnels can be created manually using:
• Manual IPv6 tunnels
• GRE IPv6 tunnels (not covered in this presentation)
 Tunnels can also be created automatically using:
• IPv4-Compatible IPv6 Tunnels (now deprecated)
• 6to4 tunnels
• ISATAP Tunnels

Manual Tunnels

Manual Tunnel Configuration
 Create a tunnel interface.
Router(config)#
interface tunnel number
 Creates a tunnel interface which is virtual.
 Once in interface configuration mode, configure the tunnel
parameters including:
• IP address
• Tunnel source
• Tunnel destination
• Tunnel mode (type of tunnel)

Tunnel Configuration Commands
Command Description
tunnel source interface-
type interface-number
An interface configuration command that sets
the source address for a tunnel interface as
the address of the specified interface
tunnel destination ip-
address
An interface configuration command that
specifies the destination address for a tunnel
interface. In this case the ip-address
parameter is an IPv4 address
tunnel mode ipv6ip An interface configuration command that sets
the encapsulation mode for the tunnel
interface to use IPv6 as the passenger
protocol, and IPv4 as both the encapsulation
and transport protocol.

Tunnel Troubleshooting Commands
Command Description
debug tunnel EXEC command that enables the display of
the tunnel encapsulation and decapsulation
process.
debug ip packet detail EXEC command that enables the display of
details about IP packets traversing the router.

Manual IPv6 Tunnel Example
 R1 is configured with the manual tunnel configuration.
R1(config)# interface tunnel 12
R1(config-if)#
*Aug 16 09:34:46.643: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel12,
changed state to down
R1(config-if)# no ip address
R1(config-if)# ipv6 address 12::1/64
R1(config-if)# tunnel source loopback 101
R1(config-if)# tunnel destination 10.1.1.2
R1(config-if)#
changed state to up
R1(config-if)# tunnel mode ipv6ip
R1(config-if)#
S0/1/0
S0/1/0
R1 R2
IPv4 RIP
Fa0/0
13::1/64
R3
Fa0/0
13::3/64 24::4/64
R4
Fa0/0
24::2/64
Fa0/0
Lo101:
10.1.1.1/24
Lo102:
10.1.1.2/24
Tu12
12::2/64
Tu12
12::1/64
172.16.12.1/24
172.16.12.2/24

 R2 is configured with the manual tunnel configuration.
R2(config-if)#
changed state to down
R2(config-if)# ipv6 address 12::2/64
R2(config-if)# tunnel destination 10.1.1.1
R2(config-if)#
changed state to up
R2(config-if)# tunnel mode ipv6ip
R2(config-if)#
S0/1/0
S0/1/0
R1 R2
IPv4 RIP
Fa0/0
13::1/64
R3
Fa0/0
13::3/64 24::4/64
R4
Fa0/0
24::2/64
Fa0/0
Lo101:
10.1.1.1/24
Lo102:
10.1.1.2/24
Tu12
12::2/64
Tu12
12::1/64
172.16.12.1/24
172.16.12.2/24

 The tunnel interface is examined.
 Next, RIPng will be configured to cross the tunnel.
R1# show interface tunnel 12
Tunnel12 is up, line protocol is up
Hardware is Tunnel
MTU 1514 bytes,BW 9 Kbit/sec, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 10.1.1.1 (Loopback101), destination 10.1.1.2
Tunnel protocol/transport IPv6/IP
Tunnel TTL 255
Fast tunneling enabled
<output omitted>
S0/1/0
S0/1/0
R1 R2
IPv4 RIP
Fa0/0
13::1/64
R3
Fa0/0
13::3/64 24::4/64
R4
Fa0/0
24::2/64
Fa0/0
Lo101: 10.1.1.1/24 Lo102: 10.1.1.2/24
Tu12
12::2/64
Tu12
12::1/64
172.16.12.1/24
172.16.12.2/24

 RIPng is enabled on the tunnel interfaces and on the FastEthernet
interfaces of R1 and R2.
R1(config)# ipv6 unicast-routing
R1(config-if)# ipv6 rip RIPoTU enable
R1(config-if)# interface fa0/0
R1(config-if)#
R2(config-if)# interface fa0/0
R2(config-if)#
S0/1/0
S0/1/0
R1 R2
IPv4 RIP
Fa0/0
13::1/64
R3
Fa0/0
13::3/64 24::4/64
R4
Fa0/0
24::2/64
Fa0/0
Lo101: 10.1.1.1/24 Lo102: 10.1.1.2/24
Tu12
12::2/64
Tu12
12::1/64
172.16.12.1/24
172.16.12.2/24

 RIPng is enabled on the FastEthernet interfaces of R3 and R4.
 Now end-to-end connectivity should be achieved.
R3(config-if)#
R4(config-if)#
S0/1/0
S0/1/0
R1 R2
IPv4 RIP
Fa0/0
13::1/64
R3
Fa0/0
13::3/64 24::4/64
R4
Fa0/0
24::2/64
Fa0/0
Lo101: 10.1.1.1/24 Lo102: 10.1.1.2/24
Tu12
12::2/64
Tu12
12::1/64
172.16.12.1/24
172.16.12.2/24

R4# show ipv6 route rip
<output omitted>
R 12::/64 [120/2]
via FE80::2, FastEthernet0/0
R 13::/64 [120/3]
via FE80::2, FastEthernet0/0
R4#
R3# ping 24::4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 24::4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/18/20 ms
R3#
S0/1/0
S0/1/0
R1 R2
IPv4 RIP
Fa0/0
13::1/64
R3
Fa0/0
13::3/64 24::4/64
R4
Fa0/0
24::2/64
Fa0/0
Lo101: 10.1.1.1/24 Lo102: 10.1.1.2/24
Tu12
12::2/64
Tu12
12::1/64
172.16.12.1/24
172.16.12.2/24

Manual IPv6 Tunnel Summary
 Manual tunnels are simple to configure, and are therefore
useful for a small number of sites.
 However, for large networks manual tunnels are not
scalable, from both a configuration and management
perspective.
 The edge routers on which the tunnels terminate need to be
dual stacked, and therefore must be capable of running
both protocols and have the capacity to do so.

6to4 Tunnels

6to4 Tunnels
 6to4 tunnels, also known as a 6-to-4 tunnel, is an automatic
tunneling method.
 6to4 tunnels are point-to-multipoint, rather than the point-to-
point tunnels.
 The 6to4 tunnels are built automatically by the edge routers,
based on embedded IPv4 address within the IPv6
addresses of the tunnel interfaces on the edge routers.
 6to4 tunnels enable the fast deployment of IPv6 in a
corporate network without the need for public IPv6
addresses from ISPs or registries.

6to4 Tunnel Example
 When Router A receives an IPv6 packet with a destination address in
the range of 2002::/16 (the address 2002:c0a8:1e01::/48 in the example), it
determines that the packet must traverse the tunnel.
• The router extracts the IPv4 address embedded in the third to sixth octets,
inclusively, in the IPv6 next-hop address.
• In this example, these octets are c0a8:1e01 which is therefore 192.168.30.1.
 This IPv4 address is the IPv4 address of the 6to4 router at the
destination site, Router B.

6to4 Tunnel Example
 Router A encapsulates the IPv6 packet in an IPv4 packet
with Router B’s extracted IPv4 address as the destination
address.
• The packet passes through the IPv4 network.
 Router B, decapsulates the IPv6 packet from the received
IPv4 packet and forwards the IPv6 packet to its final
destination.

6to4 Limitations
 Only static routes or BGP are supported.
• This is because the other routing protocols use link-local addresses to
form adjacencies and exchange updates and these do not conform to
the address requirements for 6to4 tunnels.
• The example presented here will use static routes.
 NAT cannot be used along the IPv4 path of the tunnel,
again because of the 6to4 address requirements.

6to4 Tunnel Example
 In this example, there are two IPv6 networks separated by an IPv4
network.
 The objective of this example is to again provide full connectivity
between the IPv6 islands over the IPv4-only infrastructure.
 The first step is to configure routers R1 and R2 so that they can
establish the 6to4 tunnel between them.
S0/1/0
S0/1/0
R1 R2
Fa0/0
13:13::1/64
R3
Fa0/0
13:13::3/64 24:24::4/64
R4
Fa0/0
24:24::2/64
Fa0/0
Lo101: 172.16.101.1 Lo102: 172.16.102.1
172.16.12.1/24
172.16.12.2/24
Automatic 6to4 Tunnel
Tu12
2002:AC10:6501::/128
Tu12
2002:AC10:6601::/128
IPv4 RIP

6to4 Tunnel Example
 R1 is configured with the 6to4 tunnel.
 Notice that the configuration is similar to the manual tunnel configurations
except that the tunnel destination is not specified.
R1(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel12, changed state to down
R1(config-if)# ipv6 address 2002:AC10:6501::/128
R1(config-if)# tunnel mode ipv6ip 6to4
R1(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel12, changed state to up
R1(config-if)# exit
S0/1/0
S0/1/0
R1 R2
Fa0/0
13:13::1/64
R3
Fa0/0
13:13::3/64 24:24::4/64
R4
Fa0/0
24:24::2/64
Fa0/0
Lo101: 172.16.101.1 Lo102: 172.16.102.1
172.16.12.1/24
172.16.12.2/24
Tu12
2002:AC10:6501::/128
Tu12
2002:AC10:6601::/128
IPv4 RIP

6to4 Tunnel Example
 R1 is configured with static routes.
R1(config)# ipv6 route 2002::/16 tunnel 12
R1(config)# ipv6 route 24::/64 2002:AC10:6601::
R1(config)#
S0/1/0
S0/1/0
R1 R2
Fa0/0
13:13::1/64
R3
Fa0/0
13:13::3/64 24:24::4/64
R4
Fa0/0
24:24::2/64
Fa0/0
Lo101: 172.16.101.1 Lo102: 172.16.102.1
172.16.12.1/24
172.16.12.2/24
Tu12
2002:AC10:6501::/128
Tu12
2002:AC10:6601::/128
IPv4 RIP

6to4 Tunnel Example
 R2 is configured with the 6to4 tunnel.
R2(config-if)#
R2(config-if)# ipv6 address 2002:AC10:6601::/128
R2(config-if)# tunnel mode ipv6ip 6to4
R2(config-if)#
R2(config-if)# exit
S0/1/0
S0/1/0
R1 R2
Fa0/0
13:13::1/64
R3
Fa0/0
13:13::3/64 24:24::4/64
R4
Fa0/0
24:24::2/64
Fa0/0
Lo101: 172.16.101.1 Lo102: 172.16.102.1
172.16.12.1/24
172.16.12.2/24
Tu12
2002:AC10:6501::/128
Tu12
2002:AC10:6601::/128
IPv4 RIP

6to4 Tunnel Example
 R2 is configured with static routes.
R2(config)# ipv6 route 2002::/16 tunnel 12
R2(config)# ipv6 route 13::/64 2002:AC10:6501::
R2(config)#
S0/1/0
S0/1/0
R1 R2
Fa0/0
13:13::1/64
R3
Fa0/0
13:13::3/64 24:24::4/64
R4
Fa0/0
24:24::2/64
Fa0/0
Lo101: 172.16.101.1 Lo102: 172.16.102.1
172.16.12.1/24
172.16.12.2/24
Tu12
2002:AC10:6501::/128
Tu12
2002:AC10:6601::/128
IPv4 RIP

ISATAP Tunnels

ISATAP Tunnels
 An Intra-Site Automatic Tunnel Addressing Protocol
(ISATAP) tunnel is very similar to a 6to4 IPv6 tunnel.
• It is used to connect IPv6 domains over an IPv4 network.
• It embeds an IPv4 address within the IPv6 address.
 The goal of ISATAP is to provide connectivity for IPv6 hosts
to a centralized IPv6-capable router, over an IPv4-only
access network.
 ISATAP was designed to transport IPv6 packets within a
site (hence the “intra-site” part of its name).
• It can still be used between sites, but its purpose is within sites.
 ISATAP tunnels use IPv6 addresses consisting of a 64-bit
prefix concatenated to a 64-bit interface ID in EUI-64
format.

ISATAP Tunnel Example
 In this example, there are two IPv6 networks separated by an IPv4
network.
 The objective of this example is to again provide full connectivity
between the IPv6 islands over the IPv4-only infrastructure.
 The first step is to configure routers R1 and R2 so that they can
establish the ISATAP tunnel between them.
S0/1/0
S0/1/0
R1 R2
Fa0/0
13:13::1/64
R3
Fa0/0
13:13::3/64 24:24::4/64
R4
Fa0/0
24:24::2/64
Fa0/0
Lo101: 172.16.101.1 Lo102: 172.16.102.1
172.16.12.1/24
172.16.12.2/24
Automatic ISATAP Tunnel
Tu12
12:12::5EFE:AC10:6501
Tu12
12:12::5EFE:AC10:6601
IPv4 RIP

 R1 is configured with the ISATAP tunnel and a static route.
 Notice that the configuration is similar to the manual and GRE tunnel
configurations except that the tunnel destination is not specified.
R1(config-if)#
R1(config-if)# ipv6 address 12:12::/64 eui-64
R1(config-if)# tunnel mode ipv6ip isatap
R1(config-if)# exit
R1(config)# ipv6 route 24::/64 tunnel12 FE80::5EFE:AC10:6601
R1(config)#
S0/1/0
S0/1/0
R1 R2
Fa0/0
13:13::1/64
R3
Fa0/0
13:13::3/64 24:24::4/64
R4
Fa0/0
24:24::2/64
Fa0/0
Lo101: 172.16.101.1 Lo102: 172.16.102.1
172.16.12.1/24
172.16.12.2/24
Tu12
12:12::5EFE:AC10:6501
Tu12
12:12::5EFE:AC10:6601
IPv4 RIP

 R2 is configured with the ISATAP tunnel and a static route.
R2(config-if)#
R2(config-if)# ipv6 address 12:12::/64 eui-64
R2(config-if)# tunnel mode ipv6ip isatap
R2(config-if)# exit
R2(config)# ipv6 route 13::/64 tunnel12 FE80::5EFE:AC10:6501
R2(config)#
S0/1/0
S0/1/0
R1 R2
Fa0/0
13:13::1/64
R3
Fa0/0
13:13::3/64 24:24::4/64
R4
Fa0/0
24:24::2/64
Fa0/0
Lo101: 172.16.101.1 Lo102: 172.16.102.1
172.16.12.1/24
172.16.12.2/24
Tu12
12:12::5EFE:AC10:6501
Tu12
12:12::5EFE:AC10:6601
IPv4 RIP

Translation
Using NAT-PT

NAT-PT
 NAT-PT is a transition technique, but is not a replacement for dual stack
or tunneling.
• It can be used in situations where direct communication between IPv6-only
and IPv4-only networks is desired.
• It would not be appropriate in situations where connectivity between two IPv6
networks is required, because two points of translation would be necessary,
which would not be efficient or effective.
 With NAT-PT, all configuration and translation is performed on the NAT-
PT router.
• The other devices in the network are not aware of the existence of the other
protocol’s network, nor that translations are occurring.
 Note: NAT-PT has been moved to historical status with RFC 4966.

Summary
 This presentation covered transition mechanisms to aid in the transition from IPv4 to IPv6.
 Dual Stack
• A device or network on which two protocol stacks have been enabled at the same time operates in
dual-stack mode.
• The primary advantage of dual-stack is that it does not require tunneling within the campus network.
Dual-stack runs the two protocols as “ships-in-the-night”.
 Tunneling
• A manually configured tunnel is equivalent to a permanent link between two IPv6 domains over an
IPv4 backbone.
• An automatic 6to4 tunnel allows isolated IPv6 domains to be connected over an IPv4 network to
remote IPv6 networks. The key difference between automatic 6to4 tunnels and manually configured
tunnels is that the tunnel is not point-to-point; it is point-to-multipoint.
• ISATAP tunneling mechanism is similar to other automatic tunneling mechanisms, such as IPv6 6to4
tunneling; however, ISATAP is designed for transporting IPv6 packets within a site, not between
sites.
 NAT-PT
• NAT-PT is designed to be deployed to allow direct communication between IPv6-only networks and
IPv4-only networks.
• One of the benefits of NAT-PT is that no changes are required to existing hosts, because all the
NAT-PT configurations are performed at the NAT-PT router.

Resources
 Cisco IPv6
http://www.cisco.com/web/solutions/netsys/ipv6/index.html
 Cisco IOS IPv6 Configuration Guide
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/12_4/ip
v6_12_4_book.html
 Dual-Stack At-A-Glance
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/a
t_a_glance_c45-625859.pdf
 Implementing Tunneling for IPv6
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-tun
nel.html
 RFC 4966
http://www.apps.ietf.org/rfc/rfc4966.html

Transitioning IPv4 to IPv6

More Related Content

What's hot (20)

Similar to Transitioning IPv4 to IPv6 (20)

More from Jhoni Guerrero (10)

Recently uploaded (20)

Transitioning IPv4 to IPv6