An IPv6 transition mechanism is a technology that facilitates the transitioning of the Internet from the Internet Protocol version 4 (IPv4) infrastructure in use since 1983 to the successor addressing and routing system of Internet Protocol Version 6 (IPv6). As IPv4 and IPv6 networks are not directly interoperable, transition technologies are designed to permit hosts on either network type to communicate with any other host.
To meet its technical criteria, IPv6 must have a straightforward transition plan from the current IPv4.[1] The Internet Engineering Task Force (IETF) conducts working groups and discussions through the IETF Internet Drafts and Request for Comments processes to develop these transition technologies towards that goal. Some basic IPv6 transition mechanisms are defined in RFC 4213.
Stateless IP/ICMP Translation
Stateless IP/ICMP Translation (SIIT) translates between the packet header formats in IPv6 and IPv4.[2] The SIIT method defines a class of IPv6 addresses called IPv4-translated addresses.[3] They have the prefix ::ffff:0:0:0/96 and may be written as ::ffff:0:a.b.c.d, in which the IPv4 formatted address a.b.c.d refers to an IPv6-enabled node. The prefix was chosen to yield a zero-valued checksum to avoid changes to the transport protocol header checksum.[4]
The algorithm can be used in a solution that allows IPv6 hosts that do not have a permanently assigned IPv4 address to communicate with IPv4-only hosts. Address assignment and routing details are not addressed by the specification. SIIT can be viewed as a special case of stateless network address translation.
The specification is a product of the NGTRANS IETF working group, and was initially drafted in February 2000 by E. Nordmark of Sun Microsystems.[5] It was revised in 2011,[6] and in 2016 its current revision was published.[4]
Tunnel broker
A tunnel broker provides IPv6 connectivity by encapsulating IPv6 traffic in IPv4 Internet transit links, typically using 6in4. This establishes IPv6 tunnels within the IPv4 Internet. The tunnels may be managed with the Tunnel Setup Protocol (TSP)[7] or AYIYA.[8]
6rd was developed by Rémi Després. It is a mechanism to facilitate rapid deployment of the IPv6 service across IPv4 infrastructures of Internet service providers (ISPs). It uses stateless address mappings between IPv4 and IPv6 addresses, and transmits IPv6 packets across automatic tunnels that follow the same optimized routes between customer nodes as IPv4 packets.
It was used for an early large deployment of an IPv6 service with native addresses during 2007 (RFC 5569[9]).
The standard-track specification of the protocol is in RFC 5969.[10]
Transport Relay Translation
RFC 3142 defines the Transport Relay Translation (TRT) method. TRT acts as an intermediate device between two hosts. The function of the translator is to convert IPV6 into IPV4 addresses and vice versa. TRT accomplishes this translation through IP address mapping and a custom IP address.[11]
The address, for example, if packets are to be transmitted from an IPv6 address (fec0:0:0:1::/64) to an IPV4 address (10.1.1.1) would read as fec0:0:0:1::10.1.1.1. The packets are routed towards the translator firstly through an IPv6/TCP protocol and then from the translator to the IPv4 host through an IPv4/TCP protocol.[12]
TRT employs a similar operation to DNS translation between AAAA and A records known as DNS-ALG as defined in RFC 2694.[13]
NAT64 is a mechanism to allow IPv6 hosts to communicate with IPv4 servers. The NAT64 server is the endpoint for at least one IPv4 address and an IPv6 network segment of 32-bits, e.g., 64:ff9b::/96.[3] The IPv6 client embeds the IPv4 address with which it wishes to communicate using these bits, and sends its packets to the resulting address. The NAT64 server then creates a NAT-mapping between the IPv6 and the IPv4 address, allowing them to communicate.[14]
DNS64
DNS64 describes a DNS server that when asked for a domain's AAAA records, but only finds A records, synthesizes the AAAA records from the A records. The first part of the synthesized IPv6 address points to an IPv6/IPv4 translator and the second part embeds the IPv4 address from the A record. The translator in question is usually a NAT64 server. The standard-track specification of DNS64 is in RFC 6147.[15]
There are two noticeable issues with this transition mechanism:
It only works for cases where DNS is used to find the remote host address, if IPv4 literals are used the DNS64 server will never be involved.
Because the DNS64 server needs to return records not specified by the domain owner, DNSSEC validation against the root will fail in cases where the DNS server doing the translation is not the domain owner's server.
# DNS resolver 2606:4700:4700:64 synthesizes AAAA records for# ipv6test.google.com to a NAT64 address: 64:ff9b::<original-ipv4>$ nslookup ipv6test.google.com 2606:4700:4700::64Non-authoritative answer:ipv6test.google.comcanonical name = ipv6test.l.google.com.Name: ipv6test.l.google.comAddress:64:ff9b::8efa:c3e4
ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) is an IPv6 transition mechanism meant to transmit IPv6 packets between dual-stack nodes on top of an IPv4 network.
Unlike 6over4 (an older similar protocol using IPv4 multicast), ISATAP uses IPv4 as a virtual nonbroadcast multiple-access network (NBMA) data link layer, so that it does not require the underlying IPv4 network infrastructure to support multicast.
464XLAT
464XLAT (RFC 6877) allows clients on IPv6-only networks to access IPv4-only Internet services.[17][18]
The client uses a SIIT translator to convert packets from IPv4 to IPv6. These are then sent to a NAT64 translator which translates them from IPv6 back into IPv4 and on to an IPv4-only server. The client translator may be implemented on the client itself or on an intermediate device and is known as the CLAT (Customer-side transLATor). The NAT64 translator, or PLAT (Provider-side transLATor), must be able to reach both the server and the client (through the CLAT). The use of NAT64 limits connections to a client-server model using UDP, TCP, and ICMP.
Windows 11 (23H2) has the same implementation as Windows 10. A future version will extend CLAT support to other network devices (currently limited to WWAN). The implementation will use RFC 7050 (ipv4only.arpa DNS query), RFC 8781 (PREF64, and RFC 8925 (DHCP Option 108) standard [24]
macOS starts to have native CLAT support in Ventura, released in 2022.[25]
iOS has a native CLAT implementation since version 12.0, released in 2018.[26] Additionally, Apple requires all apps submitted to the App Store to work on IPv6 networks.[27]
OpenWRT linux OS for routers has optional support for clat via the 464xlat package [29]
FreeBSD has implemented NAT64 CLAT since Release 12.1.[30]
Dual-Stack Lite (DS-Lite)
"DS-Lite" redirects here. For the 2006 video game system, see Nintendo DS Lite.
Dual-Stack Lite technology does not involve allocating an IPv4 address to customer-premises equipment (CPE) for providing Internet access.[31] The CPE distributes private IPv4 addresses for the LAN clients, according to the networking requirement in the local area network. The CPE encapsulates IPv4 packets within IPv6 packets. The CPE uses its global IPv6 connection to deliver the packet to the ISP's carrier-grade NAT (CGN), which has a global IPv4 address. The original IPv4 packet is recovered and NAT is performed upon the IPv4 packet and is routed to the public IPv4 Internet. The CGN uniquely identifies traffic flows by recording the CPE public IPv6 address, the private IPv4 address, and TCP or UDP port number as a session.
Lightweight 4over6 extends DS-Lite by moving the NAT functionality from the ISP side to the CPE, eliminating the need to implement carrier-grade NAT.[32] This is accomplished by allocating a port range for a shared IPv4 address to each CPE. Moving the NAT functionality to the CPE allows the ISP to reduce the amount of state tracked for each subscriber, which improves the scalability of the translation infrastructure.
V4-via-v6 routing
V4-via-v6 routing is a technique where IPv4 addresses are assigned to end hosts only while intermediate routers are only assigned IPv6 addresses. IPv4 routes are propagated as usual, and no packet translation or encapsulation is employed, but use an IPv6 next hop. V4-via-v6 reduces the amount of management required, since the core network only needs to be assigned IPv6 addresses, but still requires that the core network be able to forward IPv4 packets.
Mapping of Address and Port (MAP) is a CiscoIPv6 transition proposal which combines A+P port address translation with tunneling of the IPv4 packets over an ISP provider's internal IPv6 network.[37] MAP-T[38] and MAP-E[39] entered standards track in July 2015, and Sky Italia has deployed MAP-T in its internet services as early as year 2021.[40]
Draft proposals
The following mechanisms are still being discussed or have been abandoned by the IETF:
4rd
IPv4 Residual Deployment (4rd) is an experimental mechanism[41] to facilitate residual deployment of the IPv4 service across IPv6 networks. Like 6rd, it uses stateless address mappings between IPv6 and IPv4. It supports an extension of IPv4 addressing based on transport-layer ports. This is a stateless variant of the A+P model.
Deprecated mechanisms
These mechanisms have been deprecated by the IETF:
NAT-PT
Network Address Translation/Protocol Translation (NAT-PT) is defined in RFC 2766, but due to numerous problems, it has been obsoleted by RFC 4966 and deprecated to historic status. It is typically used in conjunction with a DNSapplication-level gateway (DNS-ALG) implementation.
NAPT-PT
While almost identical to NAT-PT, Network Address Port Translation + Protocol Translation, which is also described in RFC 2766, adds translation of the ports as well as the address. This is done primarily to avoid two hosts on one side of the mechanism from using the same exposed port on the other side of the mechanism, which could cause application instability and security flaws. This mechanism has been deprecated by RFC 4966.
Implementations
stone (software), port translator for Windows & Unix-based systems.