Understanding Coexistence and Migration

Co-existence occurs when you have IPv4 nodes or IPv6 nodes communicating via an IPv4 infrastructure, an IPv6 infrastructure, or an infrastructure that contains both IPv4 and IPv6. To communicate with IPv6-only nodes, IPv4-only nodes can use a translation gateway or an IPv4 to IPv6 proxy. Migration is only totally realized when all your IPv4-only nodes are converted to IPv6-only nodes.

In RFC 1752, the following migration standards were specified:installing ipv6

  • You can deploy IPv6-only hosts at any time.
  • You can upgrade an existing IPv4 host to IPv6, irrespective of upgrading your other hosts and routers.
  • An IPv4 host that has IPv6 installed can still use its IPv4 address.

The different node types specified in RFC 2893 are listed below:

  • IPv4-only node: This is a node that is assigned only IPv4 addresses. IPv4-only nodes do not support IPv6.
  • IPv6-only node: This node is assigned IPv6 addresses, and can only communicate with other IPv6 nodes and applications.
  • IPv6/IPv4 node: This node contains an IPv4 and IPv6 implementation.
  • IPv4 node: This node can send and receive only IPv4 packets, and can be either of the following:

    • IPv6/IPv4 node
    • IPv4-only node
  • IPv6 node: This node can send and receive only IPv6 packets, and can be either of the following:

    • IPv6/IPv4 node
    • IPv6-only node

The Compatibility addresses which assist in the coexistence of IPv4 nodes and IPv6 nodes are:

  • IPv4-compatible addresses: IPv6/IPv4 nodes communicating with IPv6 over IPv4 infrastructures use this address.
  • IPv4-mapped addresses: This address is used to represent an IPv4-only node to an IPv6 node. The address is never the source address or destination address of the IPv6 packet.
  • 6over4 addresses: This address contains the following components:

    • Valid 64-bit unicast address prefix
    • The interface identifier

The address is typically used when the automatic tunneling mechanism is used. 6over4 addresses are assigned to IPv6 nodes which are connected to an IPv4 multicast infrastructure.

  • 6to4 addresses: This addresses is used when automatic tunneling is used, to create global address prefixes for sites, and global addresses for IPv6 nodes in the sites.
  • ISATAP addresses: Addresses utilizing ISATAP interface identifiers are assigned to IPv6/IPv4 nodes. ISATAP addresses contain:

    • Valid 64-bit unicast address prefix
    • The interface identifier

The mechanisms which can be used for coexistence with an IPv4 infrastructure are:

  • Dual IP layer: The dual IP layer implementation has the following characteristics:

    • An implementation of the TCP/IP suite that has an IPv4 and an IPv6 Internet layer.
    • Consists of one implementation of the Host-to-Host layer protocols
    • The upper layer protocols can communicate over IPv4, IPv6, or IPv6 tunneled over IPv4.

The Dual IP layer mechanism is used by IPv6/IPv4 nodes to enable communication with IPv4 nodes and IPv6 nodes.

  • IPv6 over IPv4 tunneling: This mechanism deals with encapsulating IPv6 packets with an IPv4 header, to enable these packets to be transmitted over the IPv4 infrastructure. The parameters in the IPv4 header are:

    • IPv4 Protocol field set to 41; this indicates the packet as being an encapsulated IPv6 packet.
    • The Source field and Destination field contain the IPv4 addresses of the tunnel endpoints.
  • DNS infrastucture: This consists of an upgrade to the DNS infrastructure, and involves providing the DNS servers with the necessary AAAA and PTR records required to support IPv6 name resolution. This includes the following resource records:

    • A records for the IPv4-only nodes and the IPv6/IPv4 nodes
    • AAAA records for the IPv6-only nodes and the IPv6/IPv4 nodes.
    • PTR records in the IN-ADDR.ARPA domain for the IPv4-only nodes and the IPv6/IPv4 nodes.
    • PTR records in the IP6.INT domain for the IPv6-only nodes and IPv6/IPv4 nodes.

The different tunneling configurations which can be used to tunnel IPv6 traffic between IPv6/IPv4 nodes over an IPv4 infrastructure are:

  • Router-to-router tunneling configuration: Here, two IP infrastructures (IPv4, IPv6, or both) are connected by two IPv6/IPv4 routers over the IPv4 infrastructure. The endpoints of the tunnel span a logical link in the path between the source and destination. The single hop is basically the IPv6 over IPv4 tunnel between the two routers. All routes in the IPv4 or IPv6 infrastructure point to the IPv6/IPv4 router.
  • Host-to-router tunneling configuration: Here, the IPv6/IPv4 node in the IPv4 infrastructure creates an IPv6 over IPv4 tunnel to the IPv6/IPv4 router. The single hop is basically the IPv6 over IPv4 tunnel between the IPv6/IPv4 node and the IPv6/IPv4 router.
  • Router-to-host tunneling configuration: In this configuration, the IPv6/IPv4 router creates the IPv6 over IPv4 tunnel, over the IPv4 infrastructure, to the IPv6/IPv4 node. The single hop is basically the IPv6 over IPv4 tunnel between the IPv6/IPv4 router and IPv6/IPv4 node.
  • Host-to-host tunneling configuration: In this configuration, the IPv6/IPv4 node in the IPv4 infrastructure creates the IPv6 over IPv4 tunnel to a different IPv6/IPv4 node in the IPv4 infrastructure. The single hop is basically the IPv6 over IPv4 tunnel between the IPv6/IPv4 nodes.

The process for migrating from IPv4 to IPv6 is outlined below:

  • Upgrade the applications running in your environment so that they are independent of a specific version of IP. Windows Sockets applications should be enabled to use new application programming interfaces (APIs).
  • The DNS infrastructure must be upgraded to support IPv6 addresses, PTR records, and AAAA records.
  • Hosts must be upgraded to IPv6/IPv4 nodes.
  • Your routers must be upgraded to support native IPv6 routing, and the IPv6-specific routing protocols.
  • Convert all your IPv6/IPv4 nodes to IPv6-only nodes.

How to install IPv6

To install IPv6 on a Windows Server 2003 computer,

  1. Open Network Connections.
  2. Double-click Local Area Network
  3. When the Local Area Connection Status dialog box opens, click Properties.
  4. When the Local Area Network Connection Properties dialog box opens, click Install.
  5. The Select Network Component Type dialog box opens.
  6. Select Protocol, and then click Add.
  7. The Select Network Protocol dialog box opens.
  8. Select Microsoft TCP/IP version 6.
  9. Click OK.
  10. In the Local Area Connection Properties dialog box, verify that Microsoft TCP/IP version 6 is actually installed.
  11. Click Close.

How to configure IPv6 using the netsh commands

Because there are no graphical user interface (GUI) applications which can be used to configure IPv6, you have to use the netsh command-line utility to configure IPv6.

  • To place the netsh command into IPv6 context, enternetsh at the command prompt, and then enterinterface ipv6at the neth prompt.

The IPv6 context commands that you can use are:

  • Install, to install IPv6.
  • Uninstall, to uninstall IPv6.
  • Add, to add a configuration entry
  • Delete, to delete a configuration entry.
  • Dump, to list the configuration script.
  • Set, to set the configuration information.
  • Renew, to restart the IPv6 interfaces.
  • Reset, to reset the IPv6 configuration
  • Show, to display information.
  • 6to4, to move to 6to4 context.
  • Isatap, to move to the isatap subcontext in IPv6 context.

How to configure IPSec security policies and security associations for IPv6

The Ipsec6.exe utility is used to configure IPSec security policies (SPs) and security associations (SAs) for IPv6. You can use Ipsec6.exe to both save and load SPs and SAs to file, which you use a Text Editor application to edit.

The ipsec6 commands which can be used to configure SPs and SAs are:

  • ipsec6 s FilenameWithNoExtension, saves the configuration.
  • ipsec6 l FilenameWithNoExtension, loads the configuration for SPs from FileName.spd, and SAs from FileName.sad
  • ipsec6 sa; to list the security associations.
  • ipsec6 sp [Interface]; to check what the existing security policies are.
  • ipsec6 d [{sp | sa}] [Index]; to delete SPs and SAs.

How to verify connectivity via IPv6 PING

  1. Enternetsh interface ipv6 show interface from a command prompt.
  2. Locate the Idx value for Local Area Connection.
  3. Enternetsh interface ipv6 show interface Idx.
  4. Right-click in the command window, and select Mark.
  5. Next, select (highlight) the address, right-click in the command window again.
  6. After the mouse button is released, the selected address is copied to Clipboard.
  7. The Zone ID for Link should correspond to the Idx number.
  8. Exit the netsh command.
  9. Enterping from a command prompt.
  10. Right-click in the command window and choose Paste.
  11. Enter%<ZoneID>, and press Enter.
  12. You should receive four successful replies.
  13. You can test external host connectivity by pinging the global address of a different node.