For IPv6 translation, the new saying is: "The Dual stack can be used where the dual stack can be used, and the tunnel is used where the tunnel has to be used ."
Users are concerned about how to migrate data from IPv4 to IPv6. In the current application, IPv6 mainly uses the migration technology that covers every IPv4 upgrade case, however, many migration technologies are eventually rejected. Therefore, the upgrade from IPv4 to IPv6 becomes a threshold that affects the IPv6 General-level and application.
A technology called dual-stack can run both IPv4 and IPv6 on an existing network. The end node and the vro/switch run two Protocols at the same time, and IPv6 communication is the preferred protocol for the entire network transmission.
The common double stack migration method is to migrate from the core to the edge. This involves implementing two TCP/IP protocol stacks on the WAN core router, followed by the peripheral router and firewall, followed by the server group router, and finally the desktop access router. After IPv6 and IPv4 protocols are supported, this process implements dual-stack on the server, followed by the edge computer system.
Another approach is to transmit another protocol within one protocol using a tunnel. This type of tunnel encapsulates an IPv6 package in an IPv4 packet and transmits it in the network section that is not upgraded to IPv6. Tunnels can be established in different network application environments with IPv6 isolated from the IPv4 ocean. This is common in the early stages of IPv6 migration. However, in the future, this approach will bring IPv4 islands that need to be connected across the IPv6 ocean.
Another technology, such as network address translation protocol conversion (NAT-PT), simply converts an IPv6 packet to an IPv4 packet. This type of conversion technology is much more complex than IPv4 NAT because these protocols have different headers. Conversion technology is generally used only when there is no choice. The use of dual-stack and tunneling technology is superior to the use of NAT-PT.
There are currently two types of tunnels: Manual Tunnel and dynamic tunnel. The manual IPv6 tunnel must be configured at both ends of the tunnel. The dynamic tunnel is automatically created based on the destination address and route of the data packet. Compared with the static tunnel, the dynamic tunnel technology simplifies maintenance, but the static tunnel provides traffic information for each terminal, thus providing additional security against injecting transmission streams.
In fact, there are concerns about the security of tunneling technology. For example, when using a dynamic tunnel, it is not easy to track transparent tunnel communication and do not know the tunnel's purpose or destination. This is a terrible problem when the router communicates with another unauthenticated router. It is also possible to send a forged transmission stream to the destination of the tunnel, and receive a transmission stream inserted in the tunnel falsely. Tunnel Technology encapsulates the transmission stream, and many firewalls do not check the transmission stream in the tunnel. It is not a best practice to allow the IP protocol to encapsulate IPv6. This is like setting a super rule in the firewall.
As migration develops, tunnels must be constantly changed and monitored. When the IPv6 ocean is too large or migrated to full IPv6, the tunnel must also be deleted. Therefore, tunneling is only a transitional technology, and troubleshooting becomes a challenge in an environment filled with tunnels.
The dynamic tunneling technology does not provide tunnel interfaces that can be monitored using SNMP. The dynamic tunnel technology uses the 2002:/16 address, which means that as part of the conversion to IPv6, the network must be reassigned twice. Many dynamic tunneling technologies cannot forward multicast transmission streams or pass through IPv4 NAT in the center of the network.
Currently, users can first try to use the dual-stack mode for transfer. After a period of time, it will be easier to delete the IPv4 protocol. At present, there are not many systems developed for pure IPv6 communication, but there are many systems running in dual-stack mode. For example, Microsoft's new operating system uses a dual-layer architecture that helps the two protocols run seamlessly. Therefore, the migration plan should use dual-stack to a greater extent and use tunneling technology as little as possible. It should also be noted that the use of dual stack is not the ultimate goal, and full migration to IPv6 is the ultimate goal.
In the 1990s S, the network industry had the following sentence: "switch between areas that can be exchanged, and route between areas that have to be routed ". However, with the development of time, the performance gap between routing and switching technologies has been closed. For IPv6 translation, the new saying is "Using Dual stacks where dual stacks can be used, and using tunnels where tunnel is not required ."