IVI/MAP-T/MAP-E:Unified IPv4/IPv6 Stateless Translation and Encapsulation Technologies

(Network Scienceand Cyberspace Research Center,Tsinghua University,Beijing100084,China)

Abstract Stateless translation and stateless double translation/encapsula⁃tion technologies(IVI/MAP-T/MAP-E)define the address map⁃ping and protocol translation/encapsulation algorithms between IPv4 and IPv6.IVI/MAP-T/MAP-E technologies maintain end-to-end address transparency between IPv4 and IPv6 and support communication initiated by IPv4-only or IPv6-only end systems.Therefore,they are the very critical techniques for the IPv4/IPv6 coexistence and transition.

Keyw ords stateless translation;address mapping;protocol translation

1 Introduction

I t is well-known that the 232addresses in the IPv4 ad⁃dress space have been exhausted.Two methods can be used to solve this problem:IPv4 address translation(NAT44)and IPv6.NAT44 translation technology is used between public and private IPv4 addresses.It is a mature technology;however,it destroys end-to-end address transpar⁃ency and only supports private IPv4 initiated communication.NAT44 has been widely used on the user end for many years.However,when it is used in the core network,bulk states must be maintained on NAT44 translators.In addition,there are on⁃ly about 16 million 10.0.0.0/8 private addresses available for each site on the IPv4 Internet.It has already shown that the use of NAT44 and 10.0.0.0/8 causes problems in terms of net⁃work interconnection,manageability,and security.To solve IP address problemsfor the longer term,IPv6 must be developed.

The problem of IPv4 address exhaustion was first raised about a decade ago,and the IPv6 protocol,which provides an address space of 2128,was proposed.Initially,the Internet En⁃gineering Task Force(IETF)recommended dual-stack technol⁃ogy for transitioning from IPv4 to IPv6.Several carriers all over the world have trialed IPv6 in different scales,and some Internet Content Providers have also offered IPv6 services[1].However,by 2012,traffic in global IPv6 networks was lower than 1%of that in IPv4 networks.This indicates that du⁃al-stack technology does not directly benefit operations,and even worse,does downgrade the user's experience.This is why dual-stack technologies have not really promoted the tran⁃sition to IPv6 over the past decade.

The value of a network fundamentally relies in the number of people who use it.Currently,the number of people using new IPv6 networks is much less than the number of people us⁃ing IPv4 networks.If people using IPv6 networks cannot con⁃nect to IPv4 networks,then IPv6 has no value at all.Hence,the most crtical problem with transition is the interconnection between new IPv6 networks and old IPv4 networks.Intercon⁃nection can only be implemented through translation technolo⁃gy.However,because the IPv4 and IPv6 protocols were not compatibility,interconnection is technically very difficult.With the construction of more IPv6-only networks and more re⁃search being done on IPv6,in 2010 the IETF has made break⁃throughs in IPv4 and IPv6 interconnection technologies,espe⁃cially in stateless translation technology(IVI1).The IETF has released a series of RFC standards and working group drafts for new IPv4/IPv6 transition solutionsin therecent years.

2 Stateless IPv4/IPv6 Translation Technology

The Internet has a connectionless architecture,and routers donot need tomaintain session states.Becausethe IVItransla⁃tor is actually a router,stateless IVItranslation has great value to the carriers for its highly scalability,manageability,and se⁃curity.It also supports communication initiated from both the IPv4 and IPv6 sides.

2.1 Applicationsof IVITranslation Technology

The IPv6 address space is much bigger than the IPv4 ad⁃dress space.Therefore,stateless IVItranslators are theoretical⁃ly unfeasible without constraints.IETF RFC 6144 defines eight scenarios of IVI translation.IPv4 networks are on one side of the translator and IPv6 networks are on the other.One of the differences between these scenarios is which side the ISP's network and the Internet are located.Another difference is the side on which communication is initiated.Fig.1 shows the scenarios of stateless IVItranslation technology[2].In sce⁃nario one,IPv6 clients in the ISP's network access the server in IPv4 Internet.In scenario two,IPv4 clientsin the IPv4 Inter⁃net accesstheserver in IPv6 network.

In both scenarios,IPv6-only networks are constructed,and IPv6 hosts can access the IPv4 Internet through the XLAT translator.The stateless IVItranslation technology can be used in both scenarios,but the stateful NAT64 translation technolo⁃gy can only be used in scenario one.IVI translation technolo⁃gies include address mapping and protocol translation mecha⁃nisms.

2.2 Address Mapping and Domain Name Translation

Because there is a large difference between IPv4 and IPv6 address space,stateless mapping can be used to convert IPv4 into IPv6 addresses,which are called IPv4-converted IPv6 ad⁃dresses.Mapping from IPv6 to IPv4 is difficult.Mapping ta⁃bles can be maintained dynamically for stateful address map⁃ping,or a sub IPv6 address space can be selected for stateless mapping to IPv4 addresses.Mapped IPv6 addresses are called IPv4-translatable IPv6 addresses.The address-mapping algo⁃rithms are defined in IETF RFC 6052.Fig.2 shows the IPv4-embedded IPv6 addressformat[3].

An IPv4-embedded IPv6 address comprises a vari⁃able-length IPv6 network prefix,the embedded IPv4 address,and a variable-length suffix.Bits 64 to 71 of the address are reserved for compatibility with theu-bit in the IPv6 addressar⁃chitecture and must be set to zero.The suffix,with all the bits set to zero in basic address mapping,is reserved for coding of the transport layer ports to map one IPv4 address onto several IPv6 addresses.In this way,scarce public IPv4 addresses can be statelessly multiplexed and can be used by many IPv6 hosts.In addition,RFC 6052 requires IPv4-converted IPv6 ad⁃dresses and IPv4-translatable IPv6 addresses to have the sameprefix sothat thebest routecan beautomatically chosen.

When an IPv6-only client accesses the IPv4 Internet,a DNS64 with above mapping rule must be imple⁃mented,which is defined in RFC 6147[4].DNS64 is the domain name server(DNS)con⁃nected to both the IPv4 and IPv6 networks,and it can translate A records into AAAA records dy⁃namically.The IPv6-only client queries the AAAA record of the domain name through DNS64.If the AAAA record exists,DNS64 re⁃turns the AAAA record to the IPv6-only client.If the AAAA record doesnot exist,DNS64 gener⁃ates the AAAA record(based on the mapping al⁃gorithms defined in RFC 6052),and returns the AAAA record to the IPv6-only client.Stateless translators support communi⁃cation initiated from the IPv4 Internet side.In this case,DNS46 should be statically configured.When a client in the IPv4 internet accesses an IPv6 server,DNS46 returns an A re⁃cord based on the AAAA record of the IPv6 server[5].

2.3 Protocol Translation

The second issue for interconnection between two different protocol stacks is protocol translation.Fortunately,the IPv4 and IPv6 protocols are translatable.RFC 6145 defines the pro⁃tocol translation algorithms,including[6]

·version number mapping

·mappingfrom IPv4 typeof service(TOS)to IPv6 traffic class·mappingfrom IPv4 total length to IPv6 payload length

·mappingfrom IPv4 timetoliveto IPv6 hop limit

·mapping from IPv4 transport layer protocol to IPv6 next header

·mappingfrom IPv4 addressto IPv6 address.

The most difficult part of the protocol translation is fragmen⁃tation.IPv4 supports router fragmentation(DF=0)and end-system fragmentation(DF=1),but IPv6 only supports end-system fragmentation(implies DF=1).An IPv6 header should be added so that fragmented IPv4 packets can be reas⁃sembled in the end systems.In addition,IPv4 and IPv6 net⁃works support different maximum transmission units(MTUs).Because an IPv4 header is 20 bytes and an IPv6 header is 40 bytes,packets size will be increased/decreased during the translation.There are also many differences between Internet Control Message Protocol version 4(ICMPv4)and ICMPv6,which needstobehandled in adifferent way.

An IPv6 router does not generally use translatable address⁃es.This means that if the translator fails to find the relevant IPv4 address when the router returns an ICMPv6 packet,the source address of the translated ICMP packet cannot be traced.IETF RFC 6791 defines the method for handling this problem[7].

RFC 6145 also defines the protocol translation algorithms used by stateful NAT64 translators.Beside RFC6145,RFC 6146 defines state maintenance technologies in these stateful translators,including the generation,maintenance,and de⁃struction algorithms of dynamic mapping tables from IPv6 to IPv4 addressesand ports[8].

▲Figure2.IPv4-embedded IPv6addressformat.

▲Figure1.Application of stateless IVItranslation technology.

3 Stateless Double Translation/Encapsulation Technologies(MAPSeries)

IVI translation technologies allow the interconnection be⁃tween IPv4 and IPv6.However,three problems still need to be addressed.First,IPv4 addresses are being exhausted.In state⁃less IVI translation,public IPv4 addresses must be multi⁃plexed so that IPv4 address resources can be used efficiently.Second,some applications(e.g.Skype)do not support IPv6,and some other applications(e.g.FTP)have embedded ad⁃dresses.Third,customer edge is often assigned a 64-bit prefix rather than a single IPv6 address.MAP-Translation(MAP-T)and MAP-Encapsulation(MAP-E)are the stateless double translation and encapsulation technologies to solve above prob⁃lems.MAP-T and MAP-E were proposed by IEFT in[9]and[10].DHCPv6 options[11]and deployment considerations[12]havealsobeen detailed by IEFT.

3.1 Application of Double Translation Mode

Fig.3 shows an application of stateless double IVI transla⁃tion(MAP-T).

The BR in Fig.3 is the core translator.To IPv6,the BR is a router.To IPv4,the BR is an IVItranslator using IPv4 address multiplexing.The second translation is done on the customer edge(CE).To IPv6,the CE is a router.To IPv4,the CE is an IVI translator and maps the ports at the transport layer accord⁃ing to the algorithms shown in subsection 2.3.The IPv6 access network deploys the AAA and DHCPv6 server for authentica⁃tion and IPv6 prefix allocation.The IPv6-only server,which uses translatable addresses,can be deployed in the IPv6 ac⁃cess network.Through CE or BR translation,this server can provide services to IPv4-only clients.The user devices may be IPv4-only,dual-stack,or IPv6-only clients and are connected to the IPv6 access network through the CEs.If the user device is an IPv4-only client,it can access resources on the IPv6-on⁃ly server through CE translation;it can access resources in the IPv4 internet through CE and BR with double translation;and it can visit other clients.If the user device is a dual-stack cli⁃ent,it can directly access Intranet and IPv6 internet resources;it can access resources in the IPv4 internet through CE and BR with double translation;and it can visit other clients.If the user device is an IPv6-only client,it can access iIntranet and IPv6 Internet resources;it can access resources in the IPv4 In⁃ternet through BRtranslation;and it can visit other clients.

▲Figure3.Application of statelessdouble IVItranslation.

3.2 Application of Encapsulation Mode

Fig.4 showsan application of MAP-E.

The BR in Fig.4 is the core encapsulator/decapsulator.To IPv6,the BR and CE are both routers.To IPv4,the BR is an IPv4 over IPv6 encapsulator/decapsulator with IPv4 address multiplexing;and the CEis an IPv4 over IPv6 encapsulator/de⁃capsulator for mapping the ports at the transport layer.The IPv6 access network deploys the AAA and DHCPv6 server for authentication and IPv6 prefix allocation.User devicesarecon⁃nected to the IPv6 access network through the CEs.A user de⁃vice that is an IPv4-only client can access the IPv4 internet through CE encapsulation and BR decapsulation,and visit oth⁃er clients.A user device that is an IPv4/IPv6 dual-stack client can access intranet and IPv6 internet resources;it can access resources in the IPv4 Internet(through CE encapsulation and BR decapsulation);and it can visit other clients.However,MAP-E does not support the deployment of IPv6-only servers in IPv6 access networks nor does it allow IPv6-only clients to connect to the IPv4 internet.

3.3 Port Mapping

▲Figure4.MAP-Eapplication scenario.

The stateless mapping algorithm of addresses and ports is one of the key algorithms in MAPSeries.It uses 16-bit ports of transmission control protocol(TCP)and user datagram proto⁃col(UDP)to expand IPv4 addresses.For non-multiplexed IPv4 addresses,65,536 concurrent TCP/UDP ports are avail⁃able for each client.If the multiplexing ratio is 16,then 4096 concurrent TCP/UDPports are available for each client.If the multiplexing ratio is 128,then 512 concurrent TCP/UDPports are available for each client.Experimental data shows that 200 to 500 concurrent TCP/UDPportsare enough for a normal con⁃nection for each common client.Therefore,the stateless map⁃ping algorithm of addresses and ports can be used for efficient⁃ly multiplexing public IPv4 address resources.When the state⁃less mapping algorithm of addresses and ports is used,a port-set ID(PSID)should be defined for each client.The map⁃ping relationshipsbetween PSIDsand availableportsaredeter⁃mined by theextended modulusalgorithm,defined as

·Given a PSID,the number of ports Pat the transport layer available for the end system is P=R×M×j+M×K+i,where R is the multiplexing ratio,M is the number of con⁃tinuous ports,and i and j are integer variables.

·Given P,the PSID of the system is PSID=floor(P/M)%R,where floor means that the number is rounded down to the nearest integer,and%isthemodulusoperator.

The extended modulus algorithm allows the transport-layer ports that are used by the clients with different PSIDs to be dis⁃tributed evenly in the port space or in blocks.The algorithm al⁃so adjusts the number of continuous ports in each block and supports address clustering similar to classless interdomain routing.The PSID length can be defined for clustering avail⁃ableports.

If the multiplexing ratio,number of continuous ports,and port clustering length are given,the extended modulus algo⁃rithm can be used to calculate the total number of TCP/UDP ports available for a specific client through the PSID.The PSID can also be calculated from the ports given vice versa.In this way,management overhead can be significantly reduced,and security and traceability can be significantly improved by stateless multiplexing of public IPv4 addresses.Because the ICMP and ICMPv6 packets only have ID number and no source and destination port number,the extended modulus al⁃gorithmshould beused for the IDnumber.

3.4 Address Format

Fig.5 shows the MAPaddress format,which is an extension of RFC6052.Themain additionsto RFC 6052 are:

·The MAPaddress format includes a 64-bit prefix that con⁃tainsan IPv6 prefix,EA-bits,and subnet-id.EA-bits com⁃prise an IPv4 subnet ID and a PSID and are used for identi⁃fying different clients.Subnet-id identifies an IPv6 subnet used by aclient,and thesubnet prefix noshorter than/64.

·The suffix in MAPis not zero,PSID is embedded in the suf⁃fix.

·Different prefixesareused for converted and translatablead⁃dresses in MAPto assign prefixes to clients.

The EA-bits give each CE a unique prefix.Different prefix⁃es can also be assigned to CEs without using EA-bits.The ad⁃vantages of using EA-bits are address clustering and good ex⁃tensibility.However,if the EA-bits are not used,the IPv6 pre⁃fixes are independent from the IPv4 addresses.Both methods have advantagesand can be selected as required.

3.5 Unified Mechanism for Double Translation and Encapsulation Modes

Stateless double translation supports both IPv4-only appli⁃cations,such as Skype and applications with embedded IPad⁃dresses,such as FTP without application-layer gateways be⁃tween IPv4 and IPv6.In addition,double translation does not require DNS64 or DNS46.From another perspective,stateless double translation can be presented as an IPv4 over IPv6 en⁃capsulation technology with header compression.MAP-T and MAP-E technologies use the same extended modulus algo⁃rithm and address format(BR prefix is reduced to a single ad⁃dress in encapsulation mode)and are therefore very similar.The only difference is in the packet processing method.With MAP-T,data packets are translated as defined in RFC 6145.With MAP-E,data packets are encapsulated as defined in RFC 2473[13].

The advantage of MAP-T is seamless evolution to single translation,which can promote transition to IPv6-only net⁃worksbut keep interconnection with the IPv4 Internet.In addi⁃tion,with MAP-T,the IPv6 packets in an IPv6 access network do not have an encapsulated data structure and can use all the management and control functions at the network and transport layers on IPv6 routers.MAP-E,however,can only manage and control packets after decapsulation.The advantage of MAP-E is that all the information in the IPv4 packets can be kept,and the checksum at the transport layer does not need to be modi⁃fied.The encapsulation modes defined in RFC 2473 and the TCP and UDP protocols at the transport layer are all defined by the next header in the IPv6 header structure,so the deci⁃

sion to use translation or encapsulation mode will be made only for packets transmitted from IPv4 to IPv6.For packets transmitted from IPv6 to IPv4,the translation or encapsu⁃lation mode is automatically selected accord⁃ing to the value of the IPv6 next header.Therefore,MAP-T and MAP-E mode can be configured flexibly[14].

▲Figure5.MAPaddressformat.

3.6 Unified Stateless/Client State/Stateful

Stateless means that the mapping relation⁃ships between IPv4 and IPv6 addresses and ports are entirely determined by algorithms,and mapping ta⁃bles are not maintained on devices.Stateful means that the mapping relationships between IPv4 and IPv6 addresses and ports are generated dynamically according to the five-tuples of sessions,and the mapping tables are maintained on devices.Client's state means that the mapping relationships between IPv4 and IPv6 addresses and ports are defined according to dif⁃ferent clients(called semi-stateful),and only client-orientated mapping tables are maintained on devices.MAP-T can be used together with MAP-E,NAT64,and Dual-Stack Lite[15].Therefore,the MAP-T/MAP-E CE can work with NAT64 translator and Dual-Stack Lite AFTR without any modifica⁃tions.Because stateless and stateful are two extremes,the MAP-T/MAP-E CE can support client state scenario without any modifications.

4 Transition Roadmap

Although IPv4 addresses have been exhausted,IPv6 are still seldom used.To ensure the healthy and sustainable develop⁃ment of the Internet,a transition roadmap should be formulat⁃ed.We should rethink policies that favor dual stack over trans⁃lation proposed by IETF a decade ago,because former policies have failed to promote the transition from IPv4 to IPv6 over the past decade.Also,in China,no more public IPv4 addresses are available for dual stack,and implementing dual stack by using private addresses through NAT44 does not encourage IPv6 transition.

Because IVI and MAP technologies are becoming increas⁃ingly sophisticated,we suggest building IPv6-only networks and formulatingpoliciesthat favor translation and double trans⁃lation/encapsulation over dual stack.The specific technical so⁃lutionsare:

·IPv6 should be used for communication with peer IPv6 net⁃works.

·Stateless IVItranslation technology should be used for com⁃munication with IPv4 networks on the peer side.

·Stateless double translation technology should be used if the application programs do not support IPv6 or have embedded IPv4 addresses.

·Encapsulation technology should be used if all the informa⁃tion in IPv4 packets need to be kept or the encrypted pack⁃etsat the transport layer needs tobe processed.

In the middle and later stages of transition,double transla⁃tion will seamlessly evolve into single translation,and then evolve into the stage that translators will eventually be re⁃moved.This is when the transition ends and the IPv6-only era begins.

5 Conclusion

The recommended roadmap can be used for transitioning China'snetworksto IPv6 and interconnection with the IPv4 in⁃ternet,with highly usage of existing IPv4 public address.In this way,China can take the initiative in IPv4/IPv6 transition.This technical solution conforms to China's government road⁃map and schedule for next-generation Internet.It has already been specified that,from 2011 to 2015,the government will guide the transition to IPv6 networks and allow the coexistence of IPv4 and IPv6 networks.However,IPv6-only networks must beconstructed and interconnected with IPv4 networks.At pres⁃ent,five IETFRFCstandards have been released for IVItech⁃nology,and four IETFworkinggroup draftshavebeen formulat⁃ed for MAP technologies.IVI technology has been supported by equipment manufacturers such as Cisco,ZTE,and Huawei and has been running properly in CNGI-CERNET2 for more than two years.MAPtechnologies have been released by Cisco and other equipment manufacturers and have attracted the at⁃tention of international carriers such as Telecom Italia,Soft⁃Bank,Deutsche Telekom,and Charter Communications.The industry chain is slowly being shaped.IVI and MAPtechnolo⁃gies are the only stateless translation and double translation technologies for IPv4/IPv6 interconnection and will develop in leapsand boundsover thenext fewyears.