IPv4-to-IPv6 Transitional Technologies

In this section, you will learn to:

Configure a Windows Server 2016 as an ISATAP router.
Tunnel an IPv6 address through the IPv4 version of the internet using 6to4.
Configure Teredo to allow tunneling through a NAT router.

Key terms for this section include the following:

Term	Definition
Tunneling	The process of wrapping or embedding one type of IP packet (such as IPv6) within another type of IP packet (such as IPv4) to allow hosts to communicate over different IP infrastructures.
Network Address Translation (NAT)	Translates private or unregistered IP address to a public IP address, allowing those using private addresses to access the internet.
Netsh	A command line scripting utility that allows you to display or modify the network configuration of a currently running computer remotely or locally.
Intra-site Automatic Tunnel Addressing Protocol (ISATAP)	A tunneling method for use within a site to provide IPv6 communication over a private IPv4 network by encapsulating IPv6 packets with an IPv4 header.
6to4 Tunneling	A transitional technology that's used to dynamically tunnel an IPv6 address through the IPv4 version of the internet. Cannot be used between IPv4-only hosts and IPv6-only hosts.
Teredo Tunneling	Establishes the tunnel between individual IPv6 hosts so they can communicate through a private or public IPv4 network. This tunneling method works through a NAT.

Term

Definition

Tunneling

The process of wrapping or embedding one type of IP packet (such as IPv6) within another type of IP packet (such as IPv4) to allow hosts to communicate over different IP infrastructures.

Network Address Translation (NAT)

Translates private or unregistered IP address to a public IP address, allowing those using private addresses to access the internet.

Netsh

A command line scripting utility that allows you to display or modify the network configuration of a currently running computer remotely or locally.

Intra-site Automatic Tunnel Addressing Protocol (ISATAP)

A tunneling method for use within a site to provide IPv6 communication over a private IPv4 network by encapsulating IPv6 packets with an IPv4 header.

6to4 Tunneling

A transitional technology that's used to dynamically tunnel an IPv6 address through the IPv4 version of the internet. Cannot be used between IPv4-only hosts and IPv6-only hosts.

Teredo Tunneling

Establishes the tunnel between individual IPv6 hosts so they can communicate through a private or public IPv4 network. This tunneling method works through a NAT.

Transitioning Rules

Transitioning to IPv6 requires time and dedication. While planning and implementing a transition to IPv6, consider the following:

IPv6 is not backwards compatible with IPv4.
IPv4-only hosts and IPv4 routers do not support IPv6 traffic.
IPv6-only hosts and IPv6 routers do not support IPv4 traffic.

Transitioning Strategies

The following table lists various strategies for deploying IPv6.

Method	Description
Dual Stack	A common method for moving from IPv4 to IPv6 is dual stack configuration. In this method, both the IPv4 and IPv6 protocol stacks run concurrently on a single host. IPv4 is used to communicate with IPv4 hosts, and IPv6 is used to communicate with IPv6 hosts. Microsoft uses two methods to create a dual stack host: Windows 2003/XP uses a dual stack implementation, where IPv4 and IPv6 are separate protocols. Windows Vista and later, as well as Windows Server 2008 and later, use a dual architecture protocol stack, where IPv4 and IPv6 use common transport and framing layers. By default, Windows uses IPv6 whenever possible. The dual layer architecture means you cannot uninstall either IPv4 or IPv6; however, you can disable the programs or change their order of priority.
Tunneling	Tunneling wraps an IPv6 packet within an IPv4 packet, allowing IPv6 hosts or sites to communicate over the existing IPv4 infrastructure. Tunneling encapsulates IPv6 packets in IPv4 packets for transmission across an IPv4 network, and then the packets are de-encapsulated by the device at the other end. You can configure the following tunnel types, and tunnels can be configured manually or automatically: Router-to-router Host-to-router Router-to-host Host-to-host (also known as end-to-end) Windows Server 2008 and later and Windows clients support the tunneling solutions listed below.
Manually Configured Tunnel	With a manually configured tunnel, tunnel endpoints are configured as point-to-point connections between devices. Manual tunneling: Is configured between routers at different sites. Requires dual layer routers as the tunnel endpoints. Hosts can be IPv6-only hosts. Works through NAT. Uses a static (manual) association of an IPv6 address with the IPv4 address of the destination tunnel endpoint. Is configured using Netsh. Because of the time and effort required for configuration, use manually configured tunnels only when you have a few sites that need to connect through the IPv4 internet or when you want to configure secure site-to-site associations.
Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)	The Intra-site Automatic Tunnel Addressing Protocol (ISATAP) is a tunneling method for use within a site to provide IPv6 communication over a private IPv4 network. ISATAP tunneling: Is configured between individual hosts and an ISATAP router. Requires an IPv6 router to perform tunneling and dual layer or IPv6-only clients. Routers and hosts perform tunneling when communicating on the IPv4 network. Does not work through NAT. Automatically generates link-local addresses that includes the IPv4 address of each host: The prefix is the well-known link-local prefix, FE80::/16. The remaining prefix values are set to 0. The first two quartets of the interface ID are set to 0000:5EFE. The remaining two quartets use the IPv4 address written in either dotted-decimal or hexadecimal notation. A host with an IPv4 address of 192.168.12.155 would have the following IPv6 address when using ISATAP: FE80::5EFE:C0A8:0C9B (also designated as FE80::5EFE:192.168.12.155). Use ISATAP to begin a transition to IPv6 within a site. You can start by adding a single ISATAP router and configuring each host as an ISATAP client. Vista clients use ISATAP automatically if they can find the ISATAP router. Vista clients query the DNS server for a router named ISATAP. When using ISATAP, be sure to use this name for the server or create an A or CNAME record in DNS using ISATAP as the name and pointing to the ISATAP router.
6to4 Tunneling	6to4 tunneling endpoints are configured automatically between devices. 6to4 tunneling: Is configured between routers at different sites. Requires routers that provide dual layer support as the tunnel endpoints. Hosts can be IPv6-only hosts. Works through NAT. Uses a dynamic association of an IPv6 site prefix to the IPv4 address of the destination tunnel endpoint. Automatically generates an IPv6 address for the site using the 2002::/16 prefix followed by the public IPv4 address of the tunnel endpoint router. For example, a router with the IPv4 address of 207.142.131.202 would serve the site with the following prefix: 2002:CF8E:83CA::/48 (CF8E:83CA is the hexadecimal equivalent of 207.142.131.202). Use 6to4 tunneling to dynamically connect multiple sites through the IPv4 internet. Because of its dynamic configuration, 6-o4 tunneling is easier to administer than manual tunneling.
Teredo Tunneling	Teredo (also known as NAT traversal or NAT-T) establishes the tunnel between individual IPv6 hosts so they can communicate through a private or public IPv4 network. Teredo is a last resort tunneling technology; it is used only when there is no native IPv6, ISATAP, or 6to4 connectivity present between hosts. Teredo tunneling: Is configured between individual hosts. Has dual layer hosts that tunnel IPv6 packets for transmission on the IPv4 network. Works through NAT. Uses a 2001::/32 prefix followed by the IPv4 public address converted to hexadecimal. For example, the IPv4 public address 207.142.131.202 would provide clients with the prefix 2001:0:CF8E:83CA::/64. For Windows Vista and Windows 7, the Teredo component is enabled but inactive by default. In Windows Server 2012, Teredo is enabled by default only on non-domain networks (it is disabled by default on Windows Server 2008 and 2003 SP1). To use Teredo, a user must either install an application that needs to use Teredo or configure the advanced settings on a Windows Firewall exception to use edge traversal. Teredo behavior differs when machines are members of a domain. Teredo is disabled on XP and Server 2003 machines that belong to a domain. Teredo is enabled on Vista and 2008 machines that belong to a domain. Teredo is disabled by default on Windows 8 and Windows Server 2012 machines that are part of a domain.
PortProxy	PortProxy is a TCP proxy that allows an IPv4-only host to communicate with an IPv6-only host. PortProxy transmits TCP traffic for application-layer protocols that do not embed address or port information in the TCP segment. An application like FTP does not work across a PortProxy computer because FTP embeds addresses when using the FTP Port command. To configure PortProxy, use the Netsh interface portproxy command with the necessary parameters.
IPv4-Compatible Address	An IPv4 address that is compatible with IPv6 has ten octets. The last four octets are the IPv4 address of the device. The format is 0:0:0:0:0:0:w:x:y:z.
IPv4 Mapped Address	If a device is not compatible with IPv6, you can use an IPv4 mapped address. This address is used to represent an IPv4-only node to an IPv6 node. The sixth octet contains FFFF with the last four octets as the IPv4 address of the device. The format is 0:0:0:0:0:FFFF:w:x:y:z. ::FFFF:w.x.y.z is a simplified version.
IPv6-to-IPv4 Address	An IPv6 to IPv4 address allows IPv6 packets to travel over an IPv4 network, such as the IPv4 internet, without additional configuration or tunneling. This type of addressing works best when an IPv6-to-IPv4 router is used. The first octet is 2002. The second octet contains the first two bytes of the IPv4 address, and the third octet contains the second two bytes of the IPv4 address. The format is 2002:u:v::/16.

Method

Description

Dual Stack

A common method for moving from IPv4 to IPv6 is dual stack configuration. In this method, both the IPv4 and IPv6 protocol stacks run concurrently on a single host. IPv4 is used to communicate with IPv4 hosts, and IPv6 is used to communicate with IPv6 hosts. Microsoft uses two methods to create a dual stack host:

Windows 2003/XP uses a dual stack implementation, where IPv4 and IPv6 are separate protocols.
Windows Vista and later, as well as Windows Server 2008 and later, use a dual architecture protocol stack, where IPv4 and IPv6 use common transport and framing layers. By default, Windows uses IPv6 whenever possible. The dual layer architecture means you cannot uninstall either IPv4 or IPv6; however, you can disable the programs or change their order of priority.

Tunneling

Tunneling wraps an IPv6 packet within an IPv4 packet, allowing IPv6 hosts or sites to communicate over the existing IPv4 infrastructure. Tunneling encapsulates IPv6 packets in IPv4 packets for transmission across an IPv4 network, and then the packets are de-encapsulated by the device at the other end.

You can configure the following tunnel types, and tunnels can be configured manually or automatically:

Router-to-router
Host-to-router
Router-to-host
Host-to-host (also known as end-to-end)

Windows Server 2008 and later and Windows clients support the tunneling solutions listed below.

Manually Configured Tunnel

With a manually configured tunnel, tunnel endpoints are configured as point-to-point connections between devices. Manual tunneling:

Is configured between routers at different sites.
Requires dual layer routers as the tunnel endpoints. Hosts can be IPv6-only hosts.
Works through NAT.
Uses a static (manual) association of an IPv6 address with the IPv4 address of the destination tunnel endpoint.
Is configured using Netsh.

Because of the time and effort required for configuration, use manually configured tunnels only when you have a few sites that need to connect through the IPv4 internet or when you want to configure secure site-to-site associations.

Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)

The Intra-site Automatic Tunnel Addressing Protocol (ISATAP) is a tunneling method for use within a site to provide IPv6 communication over a private IPv4 network. ISATAP tunneling:

Is configured between individual hosts and an ISATAP router.
Requires an IPv6 router to perform tunneling and dual layer or IPv6-only clients. Routers and hosts perform tunneling when communicating on the IPv4 network.
Does not work through NAT.
Automatically generates link-local addresses that includes the IPv4 address of each host:
- The prefix is the well-known link-local prefix, FE80::/16.
- The remaining prefix values are set to 0.
- The first two quartets of the interface ID are set to 0000:5EFE.
- The remaining two quartets use the IPv4 address written in either dotted-decimal or hexadecimal notation.
A host with an IPv4 address of 192.168.12.155 would have the following IPv6 address when using ISATAP: FE80::5EFE:C0A8:0C9B (also designated as FE80::5EFE:192.168.12.155).

Use ISATAP to begin a transition to IPv6 within a site.

You can start by adding a single ISATAP router and configuring each host as an ISATAP client.
Vista clients use ISATAP automatically if they can find the ISATAP router.
Vista clients query the DNS server for a router named ISATAP. When using ISATAP, be sure to use this name for the server or create an A or CNAME record in DNS using ISATAP as the name and pointing to the ISATAP router.

6to4 Tunneling

6to4 tunneling endpoints are configured automatically between devices. 6to4 tunneling:

Is configured between routers at different sites.
Requires routers that provide dual layer support as the tunnel endpoints. Hosts can be IPv6-only hosts.
Works through NAT.
Uses a dynamic association of an IPv6 site prefix to the IPv4 address of the destination tunnel endpoint.
Automatically generates an IPv6 address for the site using the 2002::/16 prefix followed by the public IPv4 address of the tunnel endpoint router. For example, a router with the IPv4 address of 207.142.131.202 would serve the site with the following prefix: 2002:CF8E:83CA::/48 (CF8E:83CA is the hexadecimal equivalent of 207.142.131.202).

Use 6to4 tunneling to dynamically connect multiple sites through the IPv4 internet. Because of its dynamic configuration, 6-o4 tunneling is easier to administer than manual tunneling.

Teredo Tunneling

Teredo (also known as NAT traversal or NAT-T) establishes the tunnel between individual IPv6 hosts so they can communicate through a private or public IPv4 network. Teredo is a last resort tunneling technology; it is used only when there is no native IPv6, ISATAP, or 6to4 connectivity present between hosts. Teredo tunneling:

Is configured between individual hosts.
Has dual layer hosts that tunnel IPv6 packets for transmission on the IPv4 network.
Works through NAT.
Uses a 2001::/32 prefix followed by the IPv4 public address converted to hexadecimal. For example, the IPv4 public address 207.142.131.202 would provide clients with the prefix 2001:0:CF8E:83CA::/64.

For Windows Vista and Windows 7, the Teredo component is enabled but inactive by default. In Windows Server 2012, Teredo is enabled by default only on non-domain networks (it is disabled by default on Windows Server 2008 and 2003 SP1). To use Teredo, a user must either install an application that needs to use Teredo or configure the advanced settings on a Windows Firewall exception to use edge traversal.

Teredo behavior differs when machines are members of a domain. Teredo is disabled on XP and Server 2003 machines that belong to a domain. Teredo is enabled on Vista and 2008 machines that belong to a domain. Teredo is disabled by default on Windows 8 and Windows Server 2012 machines that are part of a domain.

PortProxy

PortProxy is a TCP proxy that allows an IPv4-only host to communicate with an IPv6-only host. PortProxy transmits TCP traffic for application-layer protocols that do not embed address or port information in the TCP segment. An application like FTP does not work across a PortProxy computer because FTP embeds addresses when using the FTP Port command. To configure PortProxy, use the Netsh interface portproxy command with the necessary parameters.

IPv4-Compatible Address

An IPv4 address that is compatible with IPv6 has ten octets. The last four octets are the IPv4 address of the device. The format is 0:0:0:0:0:0:w:x:y:z.

IPv4 Mapped Address

If a device is not compatible with IPv6, you can use an IPv4 mapped address. This address is used to represent an IPv4-only node to an IPv6 node. The sixth octet contains FFFF with the last four octets as the IPv4 address of the device. The format is 0:0:0:0:0:FFFF:w:x:y:z. ::FFFF:w.x.y.z is a simplified version.

IPv6-to-IPv4 Address

An IPv6 to IPv4 address allows IPv6 packets to travel over an IPv4 network, such as the IPv4 internet, without additional configuration or tunneling. This type of addressing works best when an IPv6-to-IPv4 router is used. The first octet is 2002. The second octet contains the first two bytes of the IPv4 address, and the third octet contains the second two bytes of the IPv4 address. The format is 2002:u:v::/16.

PreviousIPv6 NextDHCP

Last updated 4 months ago