1. IPv6 技術理論與實務研習班 IPv4/IPv6轉移機制介紹

2. 大綱 簡介 Dual Stack Tunneling Translator 課程內容先對轉移機制作一簡介，
分別一一介紹。

3. 大綱 簡介
Dual Stack
Tunneling
Translator
先看看為什麼需要IPv4/IPv6轉移機制的存在呢？

4. IPv4 Network Network Today (Millions of Nodes) IPv6 Network
(Thousands of Nodes)
目前網路仍是以IPv4的網路為主
IPv6網路只是小部份

5. IPv6 Network Future Network (Trillions of Nodes) IPv4 Network
(Millions of Nodes)
IPv6 Network
(Trillions of Nodes)
IPv6的興起後未來的網路可能是
IPv6為主
IPv4變為小部份

6. IETF NGTrans(v6ops) Working Group
Define the processes by which networks can be transitioned from IPv4 to IPv6
Define & specify the mandatory and optional mechanism that vendors are to implement in Hosts, Routers and other components of the Internet in order for the Transition.
要如何從IPv4跨到IPv6呢
當然不可能一天就全換好了
IETF設置Next Generation Transition(NGTRANS) Working Group專門討論轉移機制的問題
目前已改為IPv6 Operations(v6ops) Working Group繼續轉移機制問題的探討

7. IPv4-IPv6 Transition /Co-Existence
A wide range of techniques have been identified and implemented, basically falling into three categories:
Dual-stack techniques, to allow IPv4 and IPv6 to co-exist in the same devices and networks
Tunneling techniques, to avoid order dependencies when upgrading hosts, routers, or regions
Translator techniques, to allow IPv6-only devices to communicate with IPv4-only devices
Expect all of these to be used, in combination
一般討論轉移機制
可由Dual-stack、Tunneling、 Translator三種技術去探討
Dual-stack：在同一台設備和網路上IPv4與IPv6可共存
Tunneling ：利用tunneling的技術
Translator ：使只支援IPv6與IPv4的設備可互通

8. Transition Mechanisms
從這個圖中可看到Translator、Tunneling 、Dual Stack三種技術共包含了十幾種轉移機制
詳細的運作原理將在下面的投影片中一一介紹

9. 大綱 簡介
Dual Stack
Tunneling
Translator
接下來先介紹Dual Stack

10. RFC 2893 DSTM:Draft-ietf-ngtrans-dstm-08.txt
Dual Stack
RFC 2893
DSTM:Draft-ietf-ngtrans-dstm-08.txt
首先介紹Dual Stack技術
主要介紹RFC 2893中的Dual Stack觀念
以及Draft-ietf-ngtrans-dstm-08.txtDual Stack Transition Mechanism(DSTM)

11. Transition Mechanisms for IPv6 Hosts and Routers
RFC 2893
Transition Mechanisms for IPv6 Hosts and Routers
RFC 2893
Transition Mechanisms for IPv6 Hosts and Routers
是在2000年8月提出的一篇RFC

12. RFC 2893 Applications TCP/UDP IPV4 IPV6 Device Driver
Routing protocols
TCP/UDP
IPV4
IPV6
Device Driver
V6 network
V4/V6 network
雙協定堆疊是大多數轉移機制運作的基礎，此機制之做法是將主機及路由器等網路節點設備更新為提供完整的IPv4與IPv6協定，
同時支援IPv4與IPv6協定之運作。
在這篇RFC中提到IPv6/IPv4 node的觀念，將Host 或 Router implement成同時支援IPv6與IPv4，即可同時與IPv6及IPv4溝通。
如圖中的PC及Router即可支援IPv6與IPv4 ，兩者間可執行IPv4 ，亦可執行IPv6 。
V4 network

13. Dual Stack Transition Mechanism (DSTM)
Draft–ietf–ngtrans–dstm–08.txt
Dual Stack Transition Mechanism (DSTM)
接下來介紹Draft-ietf-ngtrans-dstm-08.txtDual Stack Transition Mechanism(DSTM)
這篇draft是在2002年7月提出

14. Dual Stack Transition Mechanism
What is it for?
DSTM assures communication between IPv4 applications in IPv6 only networks and the rest of the Internet. ?
DSTM機制主要用於提供新佈建的純IPv6網路內的雙協定堆疊主機與既有的IPv4網路互連
DSTM讓在IPv6 only的網路上可以去使用IPv4的applications
IPv4 only
IPv6 only

15. DSTM: Principles Allows IPv6/IPv4 hosts to talk to IPv4 hosts
IPv4 address not initially assigned to dual-stack host
Uses a DHCPv6 server to temporarly assign IPv4 address; and a special DNS server
Requires at least one IPv4 address per site
Allows IPv6/IPv4 hosts to talk to IPv4 hosts
IPv4 address not initially assigned to dual-stack host
Uses a DHCPv6 server to temporarly assign IPv4 address; and a special DNS server
Requires at least one IPv4 address per site

16. DSTM DSTM的運作步驟: 1.DSTM node啟動與純IPv4主機連線時
2.DSTM server 利用DHCPv6/RPCv6指派IPv4位址給DSTM node
3.DSTM node依據上述資訊而採取IPv4-over-IPv6隧接方式，將封包送往DSTM邊緣路由器
4.DSTM 邊緣路由器終結此隧接。經隧接解封裝動作後，取得IPv4封包，再依據IPv4封包目的位址，轉送到IPv4網路。

17. 大綱 簡介
Dual Stack
Tunneling
Translator
再來介紹Tunneling

18. Tunneling RFC 2893 RFC 2529 RFC 3053 RFC 3056
ISATAP:Draft-ietf-ngtrans-isatap-13.txt
接下來介紹Tunneling機制包括:
RFC 2893: Configured tunnels、Automatic tunnels
RFC 2529: 6 over 4
RFC 3053: Tunnel Broker
RFC 3056: 6to4
Draft-ietf-ngtrans-isatap-13.txt: ISATAP

19. Transition Mechanisms for IPv6 Hosts and Routers
RFC 2893
Transition Mechanisms for IPv6 Hosts and Routers
RFC 2893中亦提到一些Tunneling的觀念

20. RFC 2893 Configured tunnels Automatic tunnels
Connects IPv6 hosts or networks over an existing IPv4 infrastructure
Generally used between sites exchanging traffic regularly
Automatic tunnels
Tunnel is created then removed after use
Requires IPv4 compatible addresses
RFC 2893中提到tunneling的觀念有:
Configured tunnels
Connects IPv6 hosts or networks over an existing IPv4 infrastructure
Generally used between sites exchanging traffic regularly
Automatic tunnels
Tunnel is created then removed after use
Requires IPv4 compatible addresses

21. Configured Tunnels IPv4 Networks IPv4 Tunnel IPv6 Island Dual-stack
node
IPv4 H
IPv6 H
Payload
IPv6 Island
IPv4 Networks
Configured tunnel的IPv4位址必須以人工方式個別預先設定，不同的IPv6網段及其相對應隧接終點的IPv4位址等資訊均需事先取得，才能夠建立IPv6與IPv6間的連線。
如圖在兩端是IPv6封包，兩個Dual-stack node中加上IPv4 Header成IPv4封包， Dual-stack node做封裝與解封裝。

22. Automatic Tunnel Node is assigned an IPv4 compatible address::
If destination is an IPv4 compatible address, automatic tunneling is used
Routing table redirects ::/96 to automatic tunnel interface
若目的地位址為IPv4 compatible address ，則利用Automatic Tunnel來操作。
IPv4 compatible address是 ::/96+ IPv4 address 及 :: IPv4 address
0000
IPv4 address 80 16 32

23. Automatic Tunnel IPv4 Internet IPv6 Island IPv4 Tunnel 0:0:0:0:0:0
IPv4 Address
Dual-stack
node
Dual-stack
node
IPv6 Island
IPv4 Tunnel
IPv4 Internet
右端目的地位址為IPv4 compatible address，可利用automatic tunnel 將IPv6封包在dual-stack node中自動抽出IPv4 address建立tunnel。
IPv6 H
Payload
IPv4 H
IPv6 H
Payload

24. RFC 2529
6 over 4
RFC 2529: "Transmission of IPv6 over IPv4 Domains without Explicit Tunnels"
1999年3月提出，主要討論6 over 4

25. 6over4 Interconnection of isolated IPv6 domains in an IPv4 world
No explicit tunnels
The egress router of the IPv6 site must
Have a dual stack (IPv4/IPv6)
Have a globally routable IPv4 address
Have an IPv4 multicast infrastructure
Local IPv4 multicast network appears as a single IPv6 subnet
Implement 6over4 on an external interface
6over4是提供孤立的IPv6節點間在IPv4中互相溝通的一種方式
No explicit tunnels
The egress router of the IPv6 site must
Have a dual stack (IPv4/IPv6)
Have a globally routable IPv4 address
Have an IPv4 multicast infrastructure
Local IPv4 multicast network appears as a single IPv6 subnet
Implement 6over4 on an external interface

26. Autoconfiguration and ND Site’s IPv4 routing infrastructure
How 6over4 works
V4/v6
Autoconfiguration and ND
via IPv4 Multicast
System with 6over4 driver
System to System
communication via
IPv6 over IPv4
tunneling using
IPv4 addresses learned
during Autoconfig/ND
6over4 router v4 v4
V4/v6 v4 v4
它使用的方法是把IPv6封包封裝在IPv4封包中，並透過具有群播（Multicast）功能的IPv4網路傳輸。為了支援芳鄰找尋功能，IPv6群播位址被對映到一特別的IPv4群播位址。IPv6節點使用6over4方式時，並不需要直接跟IPv6路由器連接，也可以有完整的IPv6功能，但是如果IPv6節點想要連結到其它的地區時，就必須要有一個IPv6路由器使用6over4的方式連接到這個IPv4網路。
V4/v6
System with 6over4 driver
Site’s IPv4 routing infrastructure
IPv4 Multicast enabled

27. RFC 3053
IPv6 Tunnel Broker
RFC 3053: IPv6 Tunnel Broker
2001年1月提出

28. Motivation
IPv6 tunneling over the internet requires heavy manual configuration
Network administrators are faced with overwhelming management load
Getting connected to the IPv6 world is not an easy task for IPv6 beginners
The Tunnel Broker approach is an opportunity to solve the problem
The basic idea is to provide tunnel broker servers to automatically manage tunnel requests coming from the users
Benefits
Stimulate the growth of IPv6 interconnected hosts
Allow to early IPv6 network providers the provision of easy access to their IPv6 networks
Tunnel Broker提出的動機有:
IPv6 tunneling over the internet requires heavy manual configuration
Network administrators are faced with overwhelming management load
Getting connected to the IPv6 world is not an easy task for IPv6 beginners
The Tunnel Broker approach is an opportunity to solve the problem
The basic idea is to provide tunnel broker servers to automatically manage tunnel requests coming from the users
Benefits
Stimulate the growth of IPv6 interconnected hosts
Allow to early IPv6 network providers the provision of easy access to their IPv6 networks

29. Tunnel broker
Tunnel broker automatically manages tunnel requests coming from the users
The Tunnel Broker fits well for small isolated IPv6 sites, especially isolated IPv6 hosts on the IPv4 Internet
Client node must be dual stack (IPv4/IPv6)
The client IPv4 address must be globally routable (no NAT)
使用Tunnel Broker需注意下列幾點:
Tunnel broker automatically manages tunnel requests coming from the users
Client node must be dual stack (IPv4/IPv6)
The client IPv4 address must be globally routable (no NAT)

30. Tunnel broker 隧道代理 IPv6 DNS 伺服器 (3) (2) (1) 使用者 隧道伺服器 IPv6 Island (4)
隧道終點
隧道伺服器
IPv6 Island
IPv6
IPv6 over IPv4 隧道
Tunnel Broker操作步驟:
使用者向Tunnel Broker提出申請
Tunnel Broker替使用者指派合適的tunnel server
Tunnel Broker通知使用者、 tunnel server及DNS server如何設定
使用者與tunnel server建立tunnel

31. Connection of IPv6 Domains via IPv4 Clouds(6to4)
RFC 3056
Connection of IPv6 Domains via IPv4 Clouds(6to4)
RFC 3056: “Connection of IPv6 Domains via IPv4 Clouds(6to4)”
2001年2月提出

32. 6to4
Allows communication of isolated IPv6 domains over an IPv4 infrastructure
Minimal manual configuration
Uses globally unique prefix comprised of the unique 6to4 TLA and the globally unique IPv4 address of the exit router. FP
001
TLA
0x0002
V4 address
SLA ID
Interface ID 3 13 16 32 64
Allows communication of isolated IPv6 domains over an IPv4 infrastructure
Minimal manual configuration
Uses globally unique prefix comprised of the unique 6to4 TLA and the globally unique IPv4 address of the exit router.
TLA value : 0x0002
NLA value : V4 address
Prefix length :48 bits
Format prefix : 001

33. 6to4
IPv6 addressing
Any isolated IPv6 domain can autonomously build its own globally unique IPv6 prefix.
The globally unique IPv4 address of the domain border router is used for this purpose.
Public IPv4 address of dual-stack GW
2002
IPv4
SLA
Interface ID
ISPv4 assigned
managed
auto-configured
6to4 prefix
Any isolated IPv6 domain can autonomously build its own globally unique IPv6 prefix.
The globally unique IPv4 address of the domain border router is used for this purpose
internet
Router 4/6
Well known
0x2002
IPv6 island

34. 6to4 Communication among 6to4 sites
The egress router automatically creates a tunnel to the destination domain
The IPv4 endpoint is extracted from the destination IPv6 prefix
Only the egress router has to be 6to4 capable.
internet
tunnel
Router 6to4
6to4 site
Communication among 6to4 sites
The egress router automatically creates a tunnel to the destination domain
The IPv4 endpoint is extracted from the destination IPv6 prefix
Only the egress router has to be 6to4 capable.

35. 6to4 Communication with the native IPv6 world Based on 6to4 relays
A 6to4 router must be able to locate at least one 6to4 relay (e.g. manual conf.)
internet
tunnel
Router 6to4
ISP
site
2002::/16
Communication with the native IPv6 world
Based on 6to4 relays
A 6to4 router must be able to locate at least one 6to4 relay (e.g. manual conf.)

36. Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
Draft-ietf-ngtrans-isatap-13.txt
Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
Draft-ietf-ngtrans-isatap-13.txt: “Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)”
2003年3月提出

37. ISATAP
The primary function of ISATAP is to allow hosts that are multiple IPv4 hops away from an IPv6 router to participate in the IPv6 network by automatically tunneling IPv6 packets over IPv4 to the next-hop address.
Example: ISATAP host communicates with IPv6 host (no ISATAP support).
The ISATAP host is isolated in an IPv4 network whereas the IPv6 host is a IPv6 network
IPv4
Infrastructure
HOST B
ISATAP
Supported
IPv6 Network
IPv6
HOST
The primary function of ISATAP is to allow hosts that are multiple IPv4 hops away from an IPv6 router to participate in the IPv6 network by automatically tunneling IPv6 packets over IPv4 to the next-hop address.
Example: ISATAP host communicates with IPv6 host (no ISATAP support).
The ISATAP host is isolated in an IPv4 network whereas the IPv6 host is a IPv6 network

38. ISATAP
In the reverse direction, the ISATAP router automatically performs IPv6-in-IPv4 tunneling for packets from the native IPv6 host to the ISATAP host even though the native IPv6 host has no knowledge of the legacy IPv4 infrastructure or addressing architecture.
IPv4
Infrastructure
HOST B
ISATAP
Supported
IPv6 Network
IPv6
HOST
In the reverse direction, the ISATAP router automatically performs IPv6-in-IPv4 tunneling for packets from the native IPv6 host to the ISATAP host even though the native IPv6 host has no knowledge of the legacy IPv4 infrastructure or addressing architecture.

39. Construction of ISATAP address
ISATAP interface identifier can be combined with any 64-bit prefix (including 6to4 prefixes) to form an RFC 2373 compliant IPv6 globally aggregatable unicast address.
IPv4 address inside EUI-64 interface identifier
::0:5EFE:A.B.C.D for IPv4 address A.B.C.D
The 0:5EFE portion is formed from the combination of the
Oganizational Unit Identifier (OUI) that is assigned to IANA,
and a type that indicates an embedded IPv4 address (FE).
ISATAP interface identifier can be combined with any 64-bit prefix (including 6to4 prefixes) to form an RFC 2373 compliant IPv6 globally aggregatable unicast address.
IPv4 address inside EUI-64 interface identifier
::0:5EFE:A.B.C.D for IPv4 address A.B.C.D
The 0:5EFE portion is formed from the combination of the Oganizational Unit Identifier (OUI) that is assigned to IANA,
and a type that indicates an embedded IPv4 address (FE).
Interface Identifier
Prefix
ISATAP Prefix
Specially constructed EUI64 Interface ID
64-bits
ISATAP Address Format

40. ISATAP Address Example
If TYPE = 0xFF and TSE = 0xFE, TSD contains legacy EUI48 (TSE = 0xFF reserved by IEEE).
If TYPE = 0xFE, TSE and TSD together contain embedded IPv4 address.
IPv4 address is:
routing prefix is: 3FFE:1A05:510:2412
ISATAP IPv6 address is:
EUI-64 Format Interface Identifier 00 5e
TYPE
TSE
TSD
24-bits
40-bits
OUI
Extension ID
If TYPE = 0xFF and TSE = 0xFE, TSD contains legacy EUI48 (TSE = 0xFF reserved by IEEE).
If TYPE = 0xFE, TSE and TSD together contain embedded IPv4 address.
IPv4 address is:
routing prefix is: 3FFE:1A05:510:2412
ISATAP IPv6 address is: 3FFE:1A05:510: :5EFE:
Link-local variant is: FE80::0:5EFE:
Specially constructed EUI64 Interface ID
3FFE:1A05:510:2412
:0:5EFE:
Link-local variant is: FE80::0:5EFE:

41. ISATAP Operation Simple Deployment Scenario of ISATAP (Hosts….)
The Automatic Tunneling Pseudo-Interface uses the link-local ISATAP address assigned to the interface as a source, and uses the last 32 bits in the source and destination IPv6 addresses (corresponding to the embedded IPv4 addresses) as the source and destination IPv4 addresses
HOST A
ISATAP
Supported
HOST B
ISATAP
Supported
IPv4
Infrastructure
FE80:5EFE:
FE80:5EFE:
Simple Deployment Scenario of ISATAP (Hosts….)
The Automatic Tunneling Pseudo-Interface uses the link-local ISATAP address assigned to the interface as a source, and uses the last 32 bits in the source and destination IPv6 addresses (corresponding to the embedded IPv4 addresses) as the source and destination IPv4 addresses
IPv6
Header
Data
IPv6
Header
Data
Src = FE80:5EFE:
Dst = FE80:5EFE:
IPv6
Header
Data
IPv4
Src = FE80:5EFE:
Dst = FE80:5EFE:
Src =
Dst =

42. ISATAP Operation Simple Deployment Scenario of ISATAP (Routers…)
HOST
IPv4 Network
IPv6 Network
IPv6
HOST
ISATAP
IPv6 in IPv4
3FFE:1A05: :5EFE:
3FFE:1A05: :5EFE:
Simple Deployment Scenario of ISATAP (Routers…)
由右邊 透過ISATAP( )到左邊3FFE:3600:8::1
IPv6
Header
Data
IPv4
IPv6
Header
Data
IPv6
Header
Data
Src =
Dst =
Src = 3FFE:1A05: :5EFE:
Dst = 3FFE:3600:8::1
Src = 3FFE:1A05: :5EFE:
Next = 3FFE:1A05: :5EFE:
Dst = 3FFE:3600:8::1

43. 大綱 簡介
Dual Stack
Tunneling
Translator
最後介紹Translator

44. Translator RFC 2765 RFC 2766 RFC 2767 RFC 3338 RFC 3089 RFC 3142
RFC 2765: Stateless IP/ICMP Translation Algorithm (SIIT)
RFC 2766: Network Address Translation - Protocol Translation (NAT-PT)
RFC 2767: Dual Stack Hosts using the Bump-in-the-Stack technique
RFC 3338: Dual Stack Hosts Using "Bump-in-the-API (BIA)
RFC 3089: A SOCKS-based IPv6/IPv4 Gateway Mechanism
RFC 3142: An IPv6-to-IPv4 transport relay translator

45. Stateless IP/ICMP Tanslation algorithm (SIIT)
RFC 2765
Stateless IP/ICMP Tanslation algorithm (SIIT)
RFC 2765: Stateless IP/ICMP Tanslation algorithm (SIIT)
2000年2月提出

46. SIIT
SIIT與接下來要提到的NAT-PT在協定架構所在位置如圖

47. SIIT Allows IPv6-only hosts to talk to IPv4 hosts
Translation on IP packet header (including ICMP headers) in separate translator boxes in the network without requiring any per-connection state in those boxes.
Use IPv4-translatable IPv6 address (0::ffff:0:a.b.c.d)
Most option fields can not be translated
Requires one temporary IPv4 address per host
Allows IPv6-only hosts to talk to IPv4 hosts
Translation on IP packet header (including ICMP headers) in separate translator boxes in the network without requiring any per-connection state in those boxes.
Use IPv4-translatable IPv6 address (0::ffff:0:a.b.c.d)
Most option fields can not be translated
Requires one temporary IPv4 address per host

48. SIIT
SIIT主要是將IPv4 header與IPv6 header及ICMPv4 header與ICMPv6 header做轉換

49. Network Address Translation – Protocol Translation (NAT-PT)
RFC 2766
Network Address Translation – Protocol Translation (NAT-PT)
RFC 2766: Network Address Translation – Protocol Translation (NAT-PT)
2000年2月提出

50. Introduction
Allows IPv6-only hosts to talk to IPv4 hosts and vice-versa
Stateful translation
Requires at least one IPv4 address per site
Traditional NAT-PT
Sessions are unidirectional, outbound from the v6 network
Two variations: Basic-NAT-PT and NAPT-PT
Bi-directional-NAT-PT
Session can be initiated from hosts in v4 network as well as the v6 network
A DNS-ALG must be employed to facilitate name to address mapping
similar to NAT in IPv4 network
Allows IPv6-only hosts to talk to IPv4 hosts and vice-versa
Stateful translation
Requires at least one IPv4 address per site
Traditional NAT-PT
Sessions are unidirectional, outbound from the v6 network
Two variations: Basic-NAT-PT and NAPT-PT
Bi-directional-NAT-PT
Session can be initiated from hosts in v4 network as well as the v6 network
A DNS-ALG must be employed to facilitate name to address mapping
similar to NAT in IPv4 network

51. Limitations
all requests and responses pertaining to session should be routed via the same NAT-PT router.
A number of IPv4 fields have changed meaning in IPv6 and translation is not straightforward.
Ex. Option headers, details found in [SIIT]
Applications that carry the IP address in the high layer will not work. In this case ALG need to be incorporated to provide support for these applications.
Lack of end-to-end security
all requests and responses pertaining to session should be routed via the same NAT-PT router.
A number of IPv4 fields have changed meaning in IPv6 and translation is not straightforward.
Ex. Option headers, details found in [SIIT]
Applications that carry the IP address in the high layer will not work. In this case ALG need to be incorporated to provide support for these applications.
Lack of end-to-end security

52. Address Translation (IPv4 -> IPv6)
DA:2001:230::2
SA:aaaa::
DA:
SA:
DNS(v4)
DNS(v6)
2001:230::2
TRANSLATOR
prefix aaaa::/96
resource data
(2001:230::1)
DNS response
resource data( )
IPv6
IPv4
v6.opicom.co.kr ?
DA is changed to mappied address
SA is added and removed prefix/96
DA:
SA:
DA:2001:230::1
SA:aaaa::
v6.opicom.co.kr
2001:230::1
v4.etri.re.kr
接下來由2個例子看NAT-PT的操作方式
先看由IPv4到IPv6的例子
2001:230::2
DNS static Mapping
0001
2001:230::1
0002
Mapping table
POOL of IPv4 ADDRESS
After mapping is verified either it is existed or not,
DNS-ALG makes the mapping table of IPv4 inside resource data

53. Address Translation (IPv6 -> IPv4)
DA:
SA:
DA:aaaa::
SA:2001:230::2
DNS(v4)
resource data
( )
TRANSLATOR
prefix aaaa::/96
DNS(v6)
2001:230::2
resource data
(aaaa:: )
IPv6
IPv4
v4.etri.re.kr ?
SA is changed to mappied address
DA is added and removed prefix/96
DA:
SA:
DA:aaaa::
SA:2001:230::1
v6.opicom.co.kr
2001:230::1
v4.etri.re.kr
接下來看由IPv6到IPv4的例子
2001:230::2
DNS static Mapping
0001
2001:230::1
0002
Mapping table
POOL of IPv4 ADDRESS
After mapping is verified either it is existed or not,
NAT-PT makes the mapping table of IPv6 source address

54. Dual Stack Hosts using the “Bump-In-the-Stack” Technique (BIS)
RFC 2767
Dual Stack Hosts using the “Bump-In-the-Stack” Technique (BIS)
RFC 2767: Dual Stack Hosts using the “Bump-In-the-Stack” Technique (BIS)
2000年2月提出

55. BIS
Allow existing IPv4 applications communicate with other IPv6 hosts (There are few applications for IPv6)
Make hosts as if dual stack with applications for both IPv4 and IPv6
BIS adds new modules to the local IPv4 stack
On the BIS host, the IPv6 destination address is mapped into a local private IPv4 address
Same limitation as Protocol translation(SIIT): overhead/limitations of SIIT
2 layer interface dependant
Allow existing IPv4 applications communicate with other IPv6 hosts (There are few applications for IPv6)
Make hosts as if dual stack with applications for both IPv4 and IPv6
BIS adds new modules to the local IPv4 stack
On the BIS host, the IPv6 destination address is mapped into a local private IPv4 address
Same limitation as Protocol translation(SIIT): overhead/limitations of SIIT
2 layer interface dependant

56. Structure of the proposed dual stack host
IPv4 applications
TCP/IPv4
Extension name resolver
translator
Address mapper
IPv6
BIS的協定架構圖
Network card drivers
Network card

57. Action of the Originator
R: extension name resolver
M: address mapper
T: translator
Network Driver
IPv4 Application
IPv4
IPv6 R M T
2. A record
3. A/AAAA record
DNS
Server
When initialization, register its own IPv4/IPv6 address into table
2. IPv4 application summits a query for A record
3. Extension name resolver snoops the query,
and creates another query for both A and AAAA record
1. When initialization, register its own IPv4/IPv6 address into table
2. IPv4 application summits a query for A record
3. Extension name resolver snoops the query,
and creates another query for both A and AAAA record

58. Action of the Originator
R: extension name resolver
M: address mapper
T: translator
DNS
Server
IPv4 Application
6a. Data
5a.
IPv4
4a. A record R M T
IPv4
IPv6
Network Driver
4a. And 5a. If A record is replied =>
resolver returns the A record to the Application
6a. No need for the IP conversion by the translator
4a. And 5a. If A record is replied =>
resolver returns the A record to the Application
6a. No need for the IP conversion by the translator

59. Action of the Originator
R: extension name resolver
M: address mapper
T: translator
Action of the Originator
IPv4 Application
IPv4
IPv6
Network Driver R M T
4b. AAAA record
5b.
6.b
7b.
DNS
Server
8b.
IPv6
4b. And 5b. and 6b. If AAAA record is replied, resolver requests the
mapper to assign an IPv4 address corresponding to IPv6 address
7b. Resolver return A record to application
8b. Application sends IPv4 packets to IPv6 hosts through translator.
The translator querys the mapper to provide IPv6 addresses
4b. And 5b. and 6b. If AAAA record is replied, resolver requests the
mapper to assign an IPv4 address corresponding to IPv6 address
7b. Resolver return A record to application
8b. Application sends IPv4 packets to IPv6 hosts through translator.
The translator querys the mapper to provide IPv6 addresses

60. Action of the recipient
IPv4 Application
IPv4 2. R M 4. T
IPv6 1.
IPv6
Network Driver
1. IPv6 packet reaches translator
2. Translator requests mapper to provide mapping entries
3. Mapper checks the table to find the IPv4 address for the src
If no entry, mapper selects an IPv4 address from the pool
4. Mapper returns IPv4 source/dest address to the translator
1. IPv6 packet reaches translator
2. Translator requests mapper to provide mapping entries
3. Mapper checks the table to find the IPv4 address for the src
If no entry, mapper selects an IPv4 address from the pool
4. Mapper returns IPv4 source/dest address to the translator

61. Action of the recipient
IPv4 Application 5.
IPv4 R M T
IPv6
IPv6
Network Driver
5. Translator translates the IPv6 packet into an IPv4 packet and
tosses it up to the application
5. Translator translates the IPv6 packet into an IPv4 packet and
tosses it up to the application

62. Dual Stack Hosts Using “Bump-in-the-API(BIA)”
RFC 3338
Dual Stack Hosts Using “Bump-in-the-API(BIA)”
RFC 3338: Dual Stack Hosts Using “Bump-in-the-API(BIA)”
2002年10月提出

63. BIA (Bump-in-the-API)
Allow existing IPv4 applications communicate with other IPv6 hosts (There are few applications for IPv6)
Socket API level translation rather than the IP level translation
No overhead for protocol translation
2 layer interface independent
Dual stack: IPv6 application available also!
Allow existing IPv4 applications communicate with other IPv6 hosts (There are few applications for IPv6)
Socket API level translation rather than the IP level translation
No overhead for protocol translation
2 layer interface independent
Dual stack: IPv6 application available also!

64. BIA IPv4 applications Socket API (IPv4, IPv6) Name Resolver Address
Mapper
Function
API Translator
TCP(UDP)/IPv4
TCP(UDP)/IPv6
BIA的協定架構圖

65. BIA IPv4 applications Socket API (IPv6) TCP(UDP)/IPv6
API Translator (IPv4 <-> IPv6)
TCP(UDP)/IPv4
IPv6 applications
IPv4 applications
IPv6 applications
Socket API (IPv4)
Socket API (IPv6)
API Translator
(IPv4 <-> IPv6)
BIA的操作模式:
IPv4與IPv6分別使用IPv4與IPv6的applications則不用透過Translator
IPv6使用IPv4的applications則需透過Translator
TCP(UDP)/IPv4
TCP(UDP)/IPv6

66. A SOCKS-based IPv6/IPv4 Gateway Mechanism
RFC 3089
A SOCKS-based IPv6/IPv4 Gateway Mechanism
RFC 3089: A SOCKS-based IPv6/IPv4 Gateway Mechanism
2001年4月提出

67. SOCKS gateway
SOCKS server relays two "terminated" IPv4 and IPv6 connections at the "application layer"
Each socksified application has its own *Socks Lib*.
replace applications' socket APIs and DNS name resolving APIs
an enhanced SOCKS server that enables any types of protocol combination relays between Client C (IPvX) and Destination D (IPvY).
Application proxy
Clients must be “socksified”
SOCKS server relays two "terminated" IPv4 and IPv6 connections at the "application layer"
Each socksified application has its own *Socks Lib*.
replace applications' socket APIs and DNS name resolving APIs
an enhanced SOCKS server that enables any types of protocol combination relays between Client C (IPvX) and Destination D (IPvY).
Application proxy
Clients must be “socksified”

68. Basic SOCKS-based Gateway

69. Advanced SOCKS-based Gateway
中間可有多個gateways
如圖有2個gateway

70. An IPv6-to-IPv4 Transport Relay Translator
RFC 3142
An IPv6-to-IPv4 Transport Relay Translator
RFC 3142: An IPv6-to-IPv4 Transport Relay Translator
2001年6月提出

71. Transport Relay Translator
At the transport level
Between the IPv6 host and IPv4 host
Receives the IPv6 TCP connection from the origination node
Makes an IPv4 TCP connection to the destination node
TRT提供TCP/UDPv6與TCP/UDPv4交談間的轉譯功能。TRT主要的特點是不需額外的修改純IPv6主機（交談啟動端），也不需修改純IPv4的目的端主機，即可藉由TRT達成IPv6 to IPv4的通訊，而其它機制則需要修改交談啟動端的純IPv6主機，方能達成IPv6 to IPv4的通訊。

72. IPv6-to-IPv4 transport relay translator
Inner network
outer network
TRT system – dummy prefix
fec0:0:0:1::/64
fec0:0:0:1::
Initiating host
IPv6 only
Destination host
IPv4 only
TCP/IPv6: the initiating host --> the TRT system
address on IPv6 header: A6 -> C6::X4
TCP/IPv4: the TRT system --> the destination host
address on IPv4 header: Y4 -> X4 A6 B6 Y4 X4
左邊IPv6 only的Initiating host與右邊IPv4 only的Destination host溝通需透過:
TCP/IPv6: the initiating host --> the TRT system address on IPv6 header: A6 -> C6::X4
TCP/IPv4: the TRT system --> the destination host address on IPv4 header: Y4 -> X4

73. Implementers
In a large site, it is possible to have multiple TRT systems in a site. By the following steps:
Configure multiple TRT systems
Configure different dummy prefix to them
Let the initiating host pick a dummy prefix randomly for load-balancing
Install special DNS server to the site
Configure DNS servers differently to return different dummy prefixes and tell initiating hosts of different DNS servers
Let DNS server pick a dummy prefix randomly for load-balancing.
Implementers:
In a large site, it is possible to have multiple TRT systems in a site. By the following steps:
Configure multiple TRT systems
Configure different dummy prefix to them
Let the initiating host pick a dummy prefix randomly for load-balancing
Install special DNS server to the site
Configure DNS servers differently to return different dummy prefixes and tell initiating hosts of different DNS servers
Let DNS server pick a dummy prefix randomly for load-balancing.

74. Advantages of TRT
TRT is designed to require no extra modification on IPv6-only initiating hosts, nor that on IPv4-only destination hosts.
Some other translation mechanisms need extra modifications on IPv6-only initiating hosts, limiting possibility of deployment.
The IPv6-to-IPv4 header converters have to take care of path MTU and fragmentation issues. However, TRT is free from this problem.
Advantages:
TRT is designed to require no extra modification on IPv6-only initiating hosts, nor that on IPv4-only destination hosts.
Some other translation mechanisms need extra modifications on IPv6-only initiating hosts, limiting possibility of deployment.
The IPv6-to-IPv4 header converters have to take care of path MTU and fragmentation issues. However, TRT is free from this problem.

75. Disadvantages of TRT
TRT supports bi-directional traffic only. The IPv6-to-IPv4 header converters may be able to support other cases, such as unidirectional multicast datagrams.
TRT needs a stateful TRT system between the communicating peers, just like NAT systems. It is possible to place multiple TRT systems in a site, a transport layer connection goes through particular, a single TRT system.
Disadvantages:
TRT supports bi-directional traffic only. The IPv6-to-IPv4 header converters may be able to support other cases, such as unidirectional multicast datagrams.
TRT needs a stateful TRT system between the communicating peers, just like NAT systems. It is possible to place multiple TRT systems in a site, a transport layer connection goes through particular, a single TRT system.

76. Disadvantages of TRT
Special code is necessary to relay NAT-unfriendly protocols. Some of NAT-unfriendly protocols, including IPSec, cannot be used across TRT system.
Disadvantages:
Special code is necessary to relay NAT-unfriendly protocols. Some of NAT-unfriendly protocols, including IPSec, cannot be used across TRT system.

77. Application Layer Gateway
DNS ALG
FTP ALG
Application Layer Gateway(ALG)
在這裡要介紹DNS ALG與FTP ALG

78. ALG
　ALG 是對應於特定應用程式的代理人，用來讓V6 node 可以和V4 node 互相溝通。有些應用程式會把網路位址存在封包的payload 中，可是NAT-PT 本身並無法得知payload 裡存的是什麼。ALG 可以協助NAT-PT 來達到這個功能。
ALG 是對應於特定應用程式的代理人，用來讓V6 node 可以和V4 node 互相溝通。有些應用程式會把網路位址存在封包的payload 中，可是NAT-PT 本身並無法得知payload 裡存的是什麼。ALG 可以協助NAT-PT 來達到這個功能。

79. 有無DNS-ALG之比較 沒有DNS-ALG
　在沒有DNS-ALG 的情況下，NAT-PT 只能做到v6 建立連線到v4，v4 無法透過NAT-PT 向v6建立連線。
在沒有DNS-ALG 的情況下，NAT-PT 只能做到v6 建立連線到v4，v4 無法透過NAT-PT 向v6建立連線。

80. 有無DNS-ALG之比較 這是假設從v6 網路到v4 網路的狀況，其實v4 到v6 是一樣的狀況，只是IPv4 和IPv6 角色反過來。

81. Ｗhy???
V4之所以需要透過NAT-PT 向v6 建立連線需要DNS-ALG 的協助，是因為一開始，v4 node 並不知道NAT-PT 會給v6 node 替代的v4 address 是什麼。所以得利用namelookup 來取得該v6 node 對應的v4 address mapping，以建立連線。
V4之所以需要透過NAT-PT 向v6 建立連線需要DNS-ALG 的協助，是因為一開始，v4 node 並不知道NAT-PT 會給v6 node 替代的v4 address 是什麼。所以得利用namelookup 來取得該v6 node 對應的v4 address mapping，以建立連線。

82. FTP-ALG Support
　FTP control message 中會攜帶IP address 以及TCP port 資訊，FTP-ALG 可以支援NAT-PT 使得FTP在application level 的轉換沒有問題。在RFC2428中建議利用EPRT和EPSV兩個指令分別替代PORT和PASV 指令。
FTP control message 中會攜帶IP address 以及TCP port 資訊，FTP-ALG 可以支援NAT-PT 使得FTP在application level 的轉換沒有問題。在RFC2428中建議利用EPRT和EPSV兩個指令分別替代PORT和PASV 指令。

83. FTP-ALG Support 由V4 node 產生FTP session 的情況
　 V4 node 可能有implement EPRT 和EPSV 也可能沒有。如果V4 node 利用PORT 和PASV 送出FTPSession Request 的話，FTP-ALG 會將指令分別轉換成EPRT 和EPSV。
由V4 node 產生FTP session 的情況:
V4 node 可能有implement EPRT 和EPSV 也可能沒有。如果V4 node 利用PORT 和PASV 送出FTPSession Request 的話，FTP-ALG 會將指令分別轉換成EPRT 和EPSV。

84. FTP-ALG Support 由V6 node 產生FTP session 的情況
第一種方法：FTP-ALG 不改變EPRT 和EPSV，而只是轉換<net-prt><net-addr><tcp-port>成NAT-PT 或NAPT-PT 所指定的IPv4 相對應資訊。但在這種方法下，IPv4 端的FTP application 必須upgrade to support EPRT and EPSV。
第二種方法： FTP-ALG 把EPRT 和EPSV 分別轉換成PORT 和PASV。同時也對<net-prt><net-addr><tcp-port>這幾個參數做轉換。好處是IPv4 端的FTP 不需upgrade。壞處是，FTP-ALG 無法對EPSV<space>ALL 這個指令做對應的轉換，這個情況下，IPv4 端的FTP app 會傳回error。
由V6 node 產生FTP session 的情況:
第一種方法：FTP-ALG 不改變EPRT 和EPSV，而只是轉換<net-prt><net-addr><tcp-port>成NAT-PT 或NAPT-PT 所指定的IPv4 相對應資訊。但在這種方法下，IPv4 端的FTP application 必須upgrade to support EPRT and EPSV。
第二種方法： FTP-ALG 把EPRT 和EPSV 分別轉換成PORT 和PASV。同時也對<net-prt><net-addr><tcp-port>這幾個參數做轉換。好處是IPv4 端的FTP 不需upgrade。壞處是，FTP-ALG 無法對EPSV<space>ALL 這個指令做對應的轉換，這個情況下，IPv4 端的FTP app 會傳回error。

85. 結論：Internet Transition Trend
IPv4
Ocean
IPv4
Ocean
IPv4
Island
Only IPv4 TB
6to4
6over4
NAT-PT
Multi
mechanism
NAT-PT
DSTM
4to6
IPv6
Ocean
IPv6
Ocean
下面介紹了十幾種轉移機制，每一種都有它適合的環境，並沒有一項轉移機制可通吃。
究竟各個轉移機制何時適用，配合網路的演進在這裡提出建議:
IPv4 Ocean & IPv6 Island: TB、6to4 、6over4 、NAT-PT
IPv4 Ocean & IPv6 Ocean: Multi-mechanism
IPv4 Island & IPv6 Ocean: 、 NAT-PT、DSTM 、4to6
IPv6
Island

86. Question?