McAfee Secure

IPv4-to-IPv6 Compatibility and Transition to IPv6

Exam: Microsoft 70-646 - Windows Server 2008, Server Administrator

Transition from IPv4 to IPv6 has many advantages for an organization. The likelihood of their coexistence is also high for an organization may opt for a gradual transition. It makes it imperative to discuss compatibility between IPv4 and IPv6. Before discussing the transition technologies let us look at the advantages of IPv6 over IPv4:

  • Increased Address Space from 32-bit structure to 128 bits.
  • Automatic Address Configuration by supporting stateless and stateful configuration.
  • Network-Level Security for IPsec is mandatory for IPv6.
  • Real-Time Data Delivery
  • Routing Table Size have been reduced
  • Header Size and Extension Headers are smaller and
  • Removal of Broadcast Traffic in case of IPv6.

Implementing IPv4-to-IPv6 Compatibility

IPv6 provides compatible addresses for facilitating migration from IPv4 to IPv6 and implementing transition technologies.

IPv4-Compatible Address

IPv4 compatible addresses are used by Dual Stack Nodes for communicating with IPv6 over an IPv4 infrastructure. The last four octets in the address denote the dotted decimal representation of an IPv4 address. Nodes with IPv4 and IPv6 protocols are known as Dual stack nodes. When IPv4 compatible address is used as an IPv6 destination, encapsulation of IPv6 takes place with a IPv4 header. This is forwarded to the destination by using IPv4 infrastructure automatically.

IPv4-Mapped Address

The IPv4 mapped address 0:0:0:0:0:ffff:w.x.y.z (or ::fffff:w.x.y.z) is used for representing an IPv4 only node to an IPv6 node. This makes it feasible to map IPv4 devices that income[atible with IPv6 address space. The mapped address is not used as a source or destination address of an IPv6 packet.

Teredo Address

Every Teredo address includes a 32 bit prefix. In Windows systems like Server 2008, 2008 R2, Vista and Windows 7, the Teredo prefix is usually 2001::/32, followed by the IPv4 (32-bit) Teredo server public address. 16 bits that follow are kept for Teredo flags. At the moment only the highest-ordered flag bit - the cone flag is specified. defined The following bits are assigned to external UDP port corresponding to all Teredo traffic for the Teredo client interface. As soon as the server sends the first data packet to the client, NAT maps the source UDP port to an external UDP port, ensuring that they aren't the same. Teredo traffic for the host interface utilizes the same external UDP port. The external port identification value is hidden behind the exclusive ORing with 0xffff. Hidden external ports prevent translation of payload packets by NAT.

ISATAP Addresses

IPv6 tends to employ an ISATAP address for communicating amongst over an IPv4 intranet. In the beginning, an ISATAP address includes a 64-bit unicast site loacla, link-local or 6to4 global prefix. The next 32 bits are the ISATAP identifier 0:5efe. The remaining 32 bits carry the IPv4 address, shown in hexadecimal notation, or dotted decimal form. A private or a public IPv4 address can be incorporated as an ISATAP address.

For example, the ISATAP address fe80::5efe:w.x.y.z address has a link-local prefix; the fec0::1111:0:5efe:w.x.y.z address has a site-local prefix; the 3ffe:1a05:510:1111:0:5efe:w.x.y.z address has a global prefix; and the 2002:9d36:1:2:0:5efe:w.x.y.z address has a 6to4 global prefix. In all cases w.x.y.z represents an IPv4 address.

Both Windows Server 2008 and Windows Server 2008 R2, have the ISATAP address configuration defaulted to fe80::5efe:w.x.y.z. This is done for all IPv4 address that are assigned to a node. The link local ISATAP address allows communication of two hosts over an IPv4 network by using the ISATAP address of each other.

IPv4 to IPv6 configuration can be implemented by using netsh interface.

Planning for Transition

There is no specific time for transition that is prescribed. It is for the administrator to decide in favor or against early adoption. The transition process is based on an assumption that a IPv4 infrastructure is available. It is important to pay attention to the following aspects while planning a transition:

  • First and foremost it is important to find if IPv6 is supported by the upstream ISPs;
  • Determining if the networking hardware is capable of supporting the protocol.

Several transition strategies and technologies are available. The most commonly used strategies are discussed below.

Transition Strategies

  • Dual Stack Transition: This is the most simple approach to transition. It is based on the assumption that the hosts and routers support both the protocols and are capable of transmitting and receiving both types of packets. It is also capable of operating in any of the three modes:
    • With only the IPv4 stack enabled
    • With only the IPv6 stack enabled
    • With both IPv4 and IPv6 stacks enabled
    Since the method supports both the protocols it can be configured with both IPv4 32-bit addresses and IPv6 128-bit addresses.
  • Configured Tunneling Transition: In case this method is chosen for transition purposes, the functionality of the existing IPv4 routing infrastructure remains undisturbed. It is able to carry IPv6 traffic even when the routing infrastructure is being developed. A tunnel is a two way point to point link between endpoints of two networks. Encapsulation is used for passing the data through the tunnel. IPv6 packet is transmitted in a IPv4 packet. The IPv4 header is created at the entry point of the tunnel and is removed at the exit point at the tunnel. The term explicit tunnels is used for describing configured tunnels. These can be configured as host to host, router-to-router, host-to-router, router-to-host. A tunnel broker can be used for managing the configured tunnel.
  • Automatic Tunneling: This allows communication of IPv4 and IPv6 nodes over an IPv4 routing infrastructure. It does not use preconfigured tunnels. The nodes that are responsible for automatic tunneling use a special address known as an IPv4-compatible address.
  • 6to4: This allows communication between IPv6 sites using an IPv4 network without an explicit tunnel and communicating with native IPv6 domains using relay routers.
  • Teredo: This is an enhancement of the 6 to 4 method and is supported by Windows Server 2008 and Windows Server 2008 R2. It enables NAT devices to attain IPv6 connectivity by using UDP for tunneling of packets.
  • Intra-Site Automatic Tunneling Addressing Protocol: It connects IPv6 hosts with the routers over an IPv4 network. It works by using a process that sees the IPv4 network as a link layer for IPv6. It allows viewing of other nodes on the network as potential IPv6 hosts or routers allowing creation of host-to-host, host-to-router, or router-to-host automatic tunnel.