IPv6 Issue

Яцко Эллад Геннадьевич e.yatsko at vpktelecom.ru
Thu May 20 11:50:08 UTC 2010 

Dear colleagues!

I've studying IPv6 during BSCI exam preparation, and I tryed to simulate 
some cases (see attachment).
Suddenly I have encountered the lack of information about possibility of 
standalone LAN migration
onto IPv6 behind the NAT like IPv4 networks were. Is it really possible? 
Or do I simply not realize some
things about IPv6? I found many articles about tunneling technologies 
and even about NAT-PT, but
there are no examples on how to do what I want. I describe it in detail 
later in this message.

I. Is it possible in some ways? Fundamental question.
===================================================================
1) Let's take a look on IPv6toIPv4 interconnection.emf.
2) Firstly I suggest to understand what I meant above. I have a LAN 
(it's no matter what LAN and
where it is - at home, or it is corporate network. The main idea it is 
"stub"), and I want to migrate it
on IPv6 keeping connectivity to sites in "legacy" IPv4 Internet.
3) So, I assigned some arbitrary IPv6 address space to Workstations and 
Servers of LAN. And
of course to Internet Gateway (on its internal interface). Internet 
Gateway is DNS-, Mail-server,
HTTP-proxy and Firewall for LAN. This scheme is traditional for most of 
small business companies
as I think.
4) It is assumed that NAT-PT (or similar) technology is already set up 
on Gateway.
5) User on Windows XP is trying to connect to Yandex-site typing in his 
FireFox browser "yandex.ru".
Windows worstation is forming DNS request to Gateway: "who is 
yandex.ru?" These steps are (1) and
(2) on drawing in attachment.
6) Gateway has no IPv6 records for Yandex so it is translating request 
to its forwarder. In this example
forwarder for our Gateway is Yandex's NS (their IP). This step 
corresponds to (3) on my drawing.
7) From here the two ways are possible (I'm not sure that one of them is 
correct):
- Gateway immidiately sends to its forwarder A-query due to settings in 
named.conf:
        forwarders {
                213.180.193.1;    # - it is IPv4-address!
        };
- or firstly Gateway tries translate AAAA-query from Workstation to 
Forwarder, and then converts it to
   A-query (because of "no answer"/"error" for AAAA-query from 
Forwarder). I'm not sure that this
   mechanism is good idea. These steps are (4a) and/or (4b) on drawing.
8) Forwarder answers with A=IPv4 - it's because yandex is still in IPv4 
network (Internet). This is step (5),
and there is no questions - it is usual answer for IPv4 network.
9) Gateway receiving answer from Forwarder has two alternatives:
    - translate IPv4 to Workstation already with addition "::ffff:" - 
IPv4-mapped to IPv6 which is
      immediately acceptable for IPv6;
    - resend "pure" IP to asking Workstation, and it's Workstation's 
task to convert received IPv4 to IPv6
      "mapped"-form. It's the worst and, indeed, is most preferred case.
These steps are (6a) or (6b).
10) The step (7) is major. It's very important that IPv6-only 
Workstation is capable recognize "pure" IPv4
and map it to IPv6 of form: ::ffff:xxx.xxx.xxx.xxx If it can do in such 
way the task of DNS is much simplified
- it can just translate answer of Forwarder to Workstation. And one more 
important problem is resolved
automatically: if I wish to type exactly "87.250.251.11" in address line 
of a browser (not "::ffff:87.250.251.11"!)
it will work!
Workstation send http-request to address ::ffff:87.250.251.1 which is 
unreachable via its internal routing
table - so it is sent to Default Gateway for IPv6 network - that is to 
Gateway (2001:0:0:1677::1).
11) Here the task of Gateway is to translate via NAT-PT IPv6 
::ffff:87.250.251.1 from Workstation
onto IPv4 85:21.249.124 and is to remember NAT port for this session. It 
is much similar to IPv4 Private
to IPv4 Public translation. Steps are (8), (9) and (10).
===================================================================

II. If we have a positive answer on the first question, there are some 
consequences. The main of which
is that we have additional way to world-wide migration on IPv6. I could 
say for myself that there is one
cause that prevents to my own home migration on IPv6 - the lack of IPv6 
resources in Web that I need.
If my guess is true - there are many administrator will be ready to 
migrate their networks on IPv6.
And in a short time there will be many administrators familiar with 
IPv6. The readiness to migration will be
much more high.

P. s. Please, don't judge me strictly! :-) Maybe somebody goes this way 
already. So help me, please. :-)

Kind regards,
Ellad Yatsko
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IPv6toIPv4 interconnection.emf
Type: application/octet-stream
Size: 502980 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20100520/6311e331/attachment.obj>

More information about the Ubuntu-devel-discuss mailing list