New protocol sneaks IPv6 traffic over the Net

In its battle to get IPv6 widely deployed, the Internet engineering community is pursuing an infiltration strategy reminiscent of the Trojan War.

The Internet Engineering Task Force (IETF) is developing a protocol, called 6to4, that hides IPv6 packets inside IPv4 packets, allowing IPv6 traffic to run over an IPv4 backbone. The new protocol is aimed at working around one of the biggest stumbling blocks to the deployment of IPv6: the ISP industry's lack of interest in migrating the core of the Internet to IPv6, an enhanced version of IP. The 6to4 protocol lets network executives migrate to IPv6 whenever they want, regardless of whether their ISPs support IPv6.

The 6to4 protocol is the latest in a series of tools being developed by the IETF to aid in the transition of the Net from IPv4 to IPv6. Based on 30-year-old technology, IPv4 is causing an Internet address shortage because it assigns 32-bit addresses.

IPv6 solves this problem by using 128-bit addresses, therefore supporting a virtually limitless supply of Internet addresses. While the Net address shortage isn't as severe in the US, Internet addresses are hard to get elsewhere.

The main criticism of IPv6 is that it requires a difficult and time-consuming migration from IPv4. Network professionals have to reconfigure every device with Net access to support IPv6. Originally, the IETF thought ISPs would want to move to IPv6 to meet customer demand for new Internet addresses. However, ISPs have so widely deployed network address translation (NAT) devices, which coordinate multiple intranet addresses through a single Internet address, that they're in no hurry to move to IPv6.

The IETF's latest thinking is that corporate networks at the edge of the Internet will migrate to IPv6 first, when they start running into address shortages. Network executives also may move to IPv6 because of configuration problems and the high costs associated with NAT devices.

At a recent meeting of the IETF, the 6to4 protocol garnered much attention as one solution to the chicken-and-egg problem of IPv6 migration. Part of the reason for 6to4's high profile is that its authors are two IETF heavyweights: Brian Carpenter, head of the Internet Architecture Board, and applications area director Keith Moore.

`6to4 is the single most important thing on our plate,' says Bob Fink, co-chair of the IETF's Next Generation Transition Working Group and an engineer with the Department of Energy. `In terms of what's hot at this meeting, 6to4 is almost ready to boil over.'

`There's a lot of support for 6to4,' says co-author Moore, who works for the University of Tennessee. `It's a breakthrough because it deals with the tough nut of the ISPs. It gets around the fact that the core of the Net is not going to update to IPv6 for some time.'

With 6to4, network managers can assign IPv6 addresses to all of their users and devices that access the Internet. The protocol, which resides on a router at the edge of an IPv6 network, assigns a prefix to each IPv6 address to identify it as a 6to4 address. The protocol then automatically sets up a tunnel over IPv4 to carry communications to other users with IPv6 addresses. Without 6to4, network professionals would have to manually configure these tunnels, which would be difficult and time consuming.

The 6to4 protocol also helps resolve some of the application problems that network managers run into with NAT devices. For example, the IP Security protocol, which doesn't work well through NAT devices, will work fine with 6to4, proponents say.

Currently in early draft form, 6to4 is expected to be approved as a proposed standard in the next few weeks. If it makes progress as a standard, 6to4 is likely to be supported in router software later next year.

While 6to4 allows IPv6 users to talk to other IPv6 users over an IPv4 backbone, other protocols including NAT Protocol Translator support communications between IPv6 and IPv4 users. Also in development by the IETF is 6over4, which handles communications between IPv6 users on a LAN running IPv4 multicast.