IPV6 Migration Techniques
When I first learned about this topic when studying for ENSLD it was very hard for me to understand. I'm not sure why, it just hurt my head to learn about so I am going to explain it after doing research into all of these migration techniques and present it in a way that is hopefully easy to digest and understand.
To start off there we have 3 strategies. These are: tunneling, dual stacking in our environment, and ipv4/ipv6 translations. How can these help us achieve our goal?
Tunneling - Usually when you hear tunneling you are thinking of using IPsec or SSL tunnels to secure information when you are transmitting over an untrusted network like the internet. However, it is possible to use tunnels to be able carry IPv6 traffic over an IPv4 network. This blew my mind when I first heard about it. There are 5 tunneling methods. Manual, GRE, 6to4, 6rd, ISATAP. You are probably thinking now, what even do these mean and do? I will explain briefly what each of them are now and I will make a blog post explaining separately for each of them explaining them more in detail and how to configure it.
Manual - Provides a point-to-point IPv6 link over an existing IPv4 network, this only supports IPv6 traffic.
GRE - Also provides a point-to-point IPv6 over an existing IPv4 networking, however instead it supports multiple protocols also including IPv6.
6 to 4 - Used to provide a point-to-multipoint IPv6 link over an already existing IPv4 network. One restriction is that sites must use an IPv6 address from the 2002::/16 range.
6rd - 6 Rapid deployment provides a point to multipoint IPv6 link over an already existing IPv4 network and can use IPv6 address form any range.
ISATAP - This stands for intra site automatic tunnel addressing protocol. It allows us to use a point-to-multipoint IPv6 link over an existing IPv4 network. It is designed to be used between devices inside the same site, not between sites. However there isn't anything stopping you from doing this and it is easy to configure and many clients support it.
Dual Stack - One option we have is to have a dual stack environment meaning each device on our network will have both an IPv4 and IPv6 address. The goal of this is to make it so that once every device has an IPv6 address the IPv4 part can be depreciated. This is a good idea for businesses who want to slowly convert over top IPv6 as it is a long process. If you plan to implement dual stack you will need to configure your routing infrastructure too support both. For example if you are using only OSPFv2 you will need to start using OPSFv3 and for EIGRP you will need to use named EIGRP which you already should be doing in your environment because its way better and recommended!
IPv4 / IPv6 Translation - Sound familiar? We can use NAT to make IPv4 hosts communicate with IPv6 hosts. However, it's not normal NAT, it is instead called NAT64 and it is a little more complicated. With normal IPv4 NAT all we need to translate is the source address, with NAT64 we have to translate EVERYTHING. There are two types of NAT64, stateless and stateful. Not to go too deeply into the differences but here are a few. Stateless NAT64 does a 1:1 translation, does not conserve IPv4 addresses, requires IPv4-translatable IPv6 address assignments, etc. Stateful NAT64 is a 1:Many, conserves IPv4 addresses, has no requirement on the nature of the IPv6 address assignment, etc. It can be configured without DNS64 but stateful NAT64 is used with DNS64 to help us with network translation.
Transition Considerations – After explaining everything there is a lot of things you should consider when you want to migrate. You need to have a good transition strategy and choose the strategy that works best for you and your company. Make sure your network devices support IPv6, and also make sure to update your routing configuration so it can route IPv6. Another thing that might slip peoples mind are IPv4 ACLs, QoS and security policies. Don't forget you will also need to set up DHCPv6 for address assignment to end hosts as well. Also make sure you know what you're doing and lab it out! That's the best way to learn and see how it works!
Going forward I will be showing you how to configure a lot of these things as well as some more Palo Alto posts, and the continued setup guide for my SD-WAN lab. There is a lot I am working on so it will take time but I will stay consistent with my posts.