In 2007 the IETF deprecated the NAT-PT translation solution (RFC4966) because translation was considered harmful. Less than two years later translation it is back in the IETF and back with force. During the 75th IETF meeting in Stockholm this week translation was one of the big topics and one of the topics with a great sense of urgency. The replacement for NAT-PT is now called NAT64 and offers a translation between IPv6 and IPv4 in much of the same ways as NAT-PT. There are of course differences to address the major issues that were brought up when NAT-PT was deprecated but it doesn’t address the issue with translation being in issue in general and that it might create some of the problems we are seeing today with NAT.
NAT64 is combined with DNS64 to create the complete translation package to allow IPv6 clients to access IPv4 servers. One major issue with NAT-PT was the fact that it broke DNSSec. This has been address with DNS64 which moves the generation of IPv6 addresses into the clients trusted domain.
In addition to NAT64 there are other translation solutions that are more focused on translating IPv4 to provide a greater IPv4 address independence by increasing the use of private IPv4 addresses. This was also considered bad just a few years ago but is now part of the central discussion with the IETF. Large scale NATs, or carrier grade NATs as they were called before people realised that NAT would never become carrier grade, are requested by some operators who aren’t concerned by the operational issues of running large private networks. Other translation proposals such as DS-lite try to run IPv4 on top of IPv6 in order not to have to care about IPv4 addressing.
All this translation is scary but some of it is inevitable as we quickly are getting close to the end of IPv4 and everybody agrees that we need to maintain supports for IPv4 clients at the edge one way or the other. Let’s just hope that the more sensible approaches as DS-lite prevail or we might end up with tons of nested NATs and no IPv6 and no more peer to peer communication.

I want to address a few interesting comments made on my last blog.  I agree with Dan’s sentiment – there needs to be more than simple supply and demand capitalism to solve the migration problem as we define it because ideally, supply should precede demand but the question is: who’s going to foot the bill?

Within service provider organizations there are at least two groups who are personally rewarded for a winning IPv6 strategy – those who are charged with implementing it and those who are charged with paying for it.  The implementers we meet with are in sync with Dan’s view.  They know it is going to take 12 – 18 months to get it right after all, it is a huge network undertaking that involves all equipment/OSs/services/apps from the core all the way into the home/handset.  The payers however are not willing to spend one $/yen/won that will not return 1.2 $s/yens/wons until the last possible moment but the question is: when is the last possible moment?  Theoretically it equals: depletion date (is that ICANN or RIR depletion?) minus 12 to 18 months.  Unfortunately, as many have discussed before, it is an under constrained problem.  No one knows the depletion date for sure so until someone discovers it or it becomes blatantly obvious, no significant $s/yens/wons are going to flow into IPv6.

So, what does all this mean?  Well I think it means one of two things: either there will be some sort of external force to accelerate operators on their path, as demonstrated by various governments around the world, or the transition to IPv6 will be different than we originally envisioned.

If no form of external intervention is applied the transition to IPv6 will not be orderly, it will not be pretty and it will all be done at the last minute.  An important question is: how will it be done?  As Geoff points out there are numerous distasteful possible outcomes.  You know what they say about “The best laid schemes o’ mice an’ men”…  The IETF had the best laid scheme, years ago.  It was simple; from now until the depletion date, convert your networks to dual stack using tunneling as a tool to get you there.  Once you have two parallel operating networks, turn the v4 one off and you’re done.  Oh, and if you have to, perhaps you will need to use translation somewhere along the way but we’re not going to standardize that.  But because of the proverbial outstretched hat, no (few) network operators followed this advice.  The result is the IETF is now revising things because both technical solutions in their scheme require IPv4 addresses and if these address run out or are in very short supply (due to the service providers waiting until the last minute) then there will be a need for other technical solutions.  So now they are studying transition solutions that involve translation in one form or another.  Two hot topics right now being discussed in the IPv6 working groups are NAT-PT (welcome back) and Dual-stack Lite – whether or not they will be standardized in time remains to be seen.  In addition to transition/migration the focus also includes interoperability because the reality is that the Internet will soon become a heterogeneous hotchpotch of v4, v6 and yes, dual stack networks.

I believe the transition will be ugly but ultimately beautifully efficient.  Through the heterogeneous worldwide solution set someone is going to get it right – satisfying the implementers (technically sound and scalable), the payers (with a working business model) and governments (in the best national interest) and when this happens the momentum of this Darwinian sharpened solution will lead the way for everyone else to fall in line.

Bruce Sinclair

Having been following IPv6 at the IETF meetings for a couple of years it is clear that IPv6 now is back as a hot topic after having been dormant for a while. Just a year or so ago it seemed IPv6 was becoming an integrated part in daily routine and all the IPv6 specific work was done, but now it has changed. All the IPv6 related meetings are packed with people and there are plenty new things that have been brought to the table. It seems that the community has suddenly come to realise that there actually will be a need for interoperability solutions that allow operators to rid themselves of their IPv4 dependence. This is something that shouldn’t come as a surprise to anyone, but still, here we are just two years from the end of IPv4 and work is more or less just starting on solutions to allow networks to run without IPv4. It seems reality has caught up with the purist who always envisioned the perfect migration to IPv6 where everybody moved to dual stack networks and eventually phased out IPv4 when it wasn’t needed any longer.
It is not only the interoperability that has renewed attention, it is IPv6 in general. The attention seems to be directed towards solving operational and deployment issues, which is a perfect sign that people finally are starting to think of how to actually run IPv6 networks and are starting to learn from what is already deployed. This shows that the larger community is starting to care about IPv6 and not just the IPv6 aficionados. Finally!