This document is a summary of the SIIT-DC architecture, and a small walkthrough that builds it using Jool.
SIIT-DC is an improvement over traditional SIIT where EAMs are introduced and standardized. With this, IPv4 address usage is optimized and IPv4 address embedding (in IPv6 servers) becomes redundant.
This is the sample architecture from RFC 7755 section 3:
n6 is a random IPv6 client. s6 is one of your Data Centre servers (IPv6). n4 is a random IPv4 client. BR (“Border Relay”) is an SIIT.
2001:db8:46::/96 is routed to BR’s Data Centre-facing interface, and similarly,
192.0.2.1/32 (or covering aggregate) is routed to its IPv4 Internet-facing interface. This is done using standard IP routing techniques.
The jist of SIIT-DC is n6 can use s6’s IPv6-only service using normal IPv6 connectivity, while n4 can use it via BR.
This will be the expected packet flow for n6:
And this will be the expected packet flow for n4:
n4’s source is translated by means of the traditional RFC 6052 prefix. Of course, this is not limited to n4: Any v4 Internet node address will be translated this way. The net result is that, from the Data Centre’s perspective, the whole v4 Internet is nothing more than just another network named “
On the other hand, s6’s address is translated via the EAMT. This is done so you don’t have to embed an IPv4 address in s6’s IPv6 address. (Which could become a significant pain when you’re designing your network.)
In general, some properties of SIIT-DC are:
- Mostly Single (IPv6) Stack operation (in the Data Centre). This simplifies maintenance as running one protocol is simpler than two.
- Native IPv6 traffic is never modified at all.
- Scales elegantly (Fully stateless operation, which can be painlessly replicated for redundancy).
- Can optimize IPv4 address usage within the Data Centre (because it doesn’t impose restrictions on the servers’ IPv6 addresses).
- Promotes IPv6 deployment (IPv4 end-user connectivity becomes a service provided by the network).
- If you want to stop needing IPv4 in the future, all you need to do is shut down BR.
The DNS is expected to work the same way as if you were dual stacking: If a node requests s6’s IPv4 address, the DNS server should return
192.0.2.1. If a node requests s6’s IPv6 address, the DNS should return
Obviating networking commands, this is Jool on BR:
sysctlcommands have been skipped here for the sake of reducing clutter. Please add them in any serviceable environments.
For every server you want to publish on IPv4, you add one EAMT entry (as done above for s6) and appropriate DNS records.