Mixed IPV4 And IPV6?

Long time no post, Merry Christmas and Happy Holidays to all here.

Have any of you gurus done a mixed IPV4 and IPV6 deployment? I’m writing an article for an industry trade magazine and this question keeps arising. Let me use our own broadcast facilities as an example. This will be in place by April, 2012 (we’ve already installed two of the microwave links).

(Besides, it’s another chance for me to “draw” an ASCII diagram!) lol!

Here goes:


                              -> NAT to IPV4 devices (ex. VNC, security cameras, remote control systems)
Internet -> Firewall/Router  -> Selected Audio Workstations, IPV4 only (see my comments below)
                              -> IPV4 Microwave Link -> Transmitter site 1, which relays to:
                                            -> IPV4 Microwave Link -> Transmitter site 2
                                            -> IPV4 Microwave Link -> Transmitter site 3
                                            -> IPV4 Microwave Link -> Transmitter site 4, which then relays to:
                                                        -> IPV4 Microwave Link -> Transmitter site 5

Hopefully that makes sense. The microwave links are the big problem; they’re IPV4 only, and we send everything to the main transmitter site ("#1"), then relay with other dishes to the others. These are licensed 70 Megabit links (the one to #1 is a 300 Megabit, to handle the increased throughput) that operate at 18 and 24 GHz.

(And yes, poor ol’ site #5 is at the tail end of everything, 50 miles from our studio complex!) :slight_smile:

Our audio workstations, while on Windows computers that support IPV6, run proprietary software that only “speaks” IPV4. (The servers for the network must know the actual IPV4 addresses of each workstation; that’s not flexible at all. You enter the actual IP number in the config, not the computer name or anything like that. This system has never heard of DNS, either.)

The Internet access could be IPV6; that’s not a problem. Our firewall/router will handle that for us.

The question is, when someone like me is told, “you should convert your entire internal network to IPV6 where ever possible,” I see those IPV4 microwave links and IPV4 audio workstations and think, “is it worth it?” The way we’d have to implement it is to do a mix of IPV4 and IPV6 on the same network. I know that there are mechanisms for this; any ideas? Is it really worth the bother in my case?

The overall network is a mix of Windows XP, Windows 7 and Linux devices (primarily Opensuse). (Of course.) :slight_smile:

Hope this helps because I am no guru in this aspect, but I could offer some strains of thought.

  1. It is not IPV4 and IPV6, but IPv4 and IPv6 (and that makes it at least optical easier to find the subject in texts in the Internet).

  2. IMHO the highest level where IPv6 plays a role is in name resolving (DNS). Thus being IPv6 capable means you can at least resolve hostnames to IPv6 addresses and back (when applicable). Also important to know is that mostly the software first tries to resolve a hostname to an IPv6 address, when that fails, an IPv4 resolve is tried. Thus any DNS servers you use from an IPv6 capable system must also be IPv6 capable.

  3. Once the address, IPv4 or IPv6, is known (either direct or by resolving a hostname), TCP and UDP packages can be exchanged when all partners in the chain are capable of handling them. For IPv6 this means that the end systems and all (possible) routers in between must be IPv6 capable for connecting IPv6 systems.

My conclusions (please anybody extends and/or correct this):

  1. Any IPv4 only system you have can connect to any other IPv4 system (IPv6 capable or not) in your LAN or outside (Internet) but not to any IPv6 only system.

  2. An IPv6 capable system using a DNS server that can not resolve IPv6 questions will have time-outs on it’s IPv6 try before a IPv4 resolve is tried. This is why in many threads here the advise is to switch of IPv6 on your openSUSE. As soon as you have an ISP that is IPv6 capable and thus offers an IPv6 capable DNS, you can switch on IPv6 in openSUSE without having the time-outs.

That again means, that when you have an IPv4 only system in your LAN, that is no problem. It will only try to resolve to/from IPv4 addresses as it allways did. When it tries to resolve a host that has an IPv6 address only, it will simply fail. (Those IPv6 only systems may be rare in the Internet ATM, but their number will grow).

I hope this helps in adapting to your situation. But I must say that it aludes to me that you have that “proprietry software” that “only speaks IPv4”. When that software is not an OS (and you say that there is a Windows OS underneath it), it is an application. And the application never “speaks” IPv4. It is on a higher level in the OSI model and should only handle the Aplication Level data.

As I understand it IPv6 is supposed to be backwards compatible, but IPv4 is not (of course) forward compatible (go figure). To do an IPv4 to IPv6 you’d need a tunnel. Other than that, you should be fine.

The application does have to be IPv6 ready because it’s the application that issues calls for IPv4 or the new extended versions for IPv6. For example in the BSD network API there are new functions like getaddrinfo() which can handle both IPv4 and IPv6 addresses. However once the address is bound to a socket, etc, there is no difference in the data transfer code.

A lot of Linux services and apps are already IPv6 capable. If you have IPv6 enabled and Apache running, you might find that this works:

telnet ::1 80

Thanks to everyone for the responses.

The issues that you’ve raised are valid ones. But go back to the “tunneling” thing. That doesn’t happen automagically; something has to actually do it. Further, how does the fact that IPV6 requires IPsec play into it? I did several Web searches over the past few days, trying to get a handle on this thing.

An amusing note: there were dozens of requests from programmers asking, “how do I write tunnel code? Anyone have any examples?” :slight_smile:

Another observation: the consensus among those who’ve done it was, yes, you can mix IPV4 and IPV6 on the same network, but it’s not perfect; you will have problems – particularly when an IPV4-only host wants to contact an IPV6 network. (Obviously.)

For another (though I cannot claim to be a guru on this!), those who are actually doing it say that it’s easier to tunnel IPV4 over IPV6 than the opposite case. If you tunnel the '6 over the '4 and there’s fragmentation, strange things can occur.

For the record, my final conclusion was that, for smaller networks, if the IPV4 is working fine, you’re in no hurry to upgrade. I tried to be fair and point out some of the advantages of IPV6, but – just to name another example – we’re using VLANs now with IPV4. My investigation showed that we’d have to replace several (expensive) network switches and upgrade the software to support this.

I wanted some opinions from the gurus and geniuses here, and if anyone else wants to pipe in, I’m all ears and no mouth. And you good folks should know, by the way, that I’ve not only recommended OpenSuse in my articles, I have praised this forum to high heaven. I still say this is the most helpful place in Linux-dom. :slight_smile:

I think it isn’t that IPv6 requires IPsec, but that it’s integrated into IPv6 from ground up rather than tacked on as an afterthought in IPv4 causing headaches with routing and networking software.

Yes, taking on IPv6 is going to be an expensive exercise for many enterprises, and they will have to run in mixed mode for a long time. Job security for some I suppose. Some enterprises will have to take it on sooner than others, e.g. those with customer facing sites. Especially in the developing world, there’s no way IPv4 will be able to handle the explosive demand for IP addresses from mobile devices.

Right. I understand that. My use of the term “requires” comes from the specification, which states that IPsec is “mandatory.” That’s why IPsec is built in.

Yes, taking on IPv6 is going to be an expensive exercise for many enterprises, and they will have to run in mixed mode for a long time. Job security for some I suppose. Some enterprises will have to take it on sooner than others, e.g. those with customer facing sites. Especially in the developing world, there’s no way IPv4 will be able to handle the explosive demand for IP addresses from mobile devices.

Right again. The conclusion that I reached was that the most cost-effective approach for us was as follows:

  1. Internet, IPv6. We’re securing IPv6 static addresses and creating the DNS “AAA” entries for our publicly-exposed sites.

  2. Equipment that communicates over the Internet should be IPv6-ready. Not surprisingly, we’re ferrying a lot of audio over IP nowadays. Remote broadcasts are often done now by plugging into the site’s Internet, rather than using a POTS or ISDN line.

  3. But on the isolated, internal networks, we’ll stay IPv4 for now. It’s just not worth the bother, time and expense even to go mixed mode, and each network isn’t large enough to really benefit from IPv6. We’d get more of a performance boost from upgrading the Gig Ethernet, if we really needed some optimization.

Thanks again for the responses.

Perhaps this will help; IPv6 Internals