Network Working Group M. Xu Internet-Draft C. Xia Intended status: Experimental X. Li Expires: January 7, 2010 Y. Cui J. Wu Tsinghua University July 6, 2009 IVIT(IVI+Tunnel) draft-xu-behave-ivit-00 Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on January 7, 2010. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Xu, et al. Expires January 7, 2010 [Page 1] Internet-Draft IVIT July 2009 Abstract This document proposes a mechanism, IVIT (IVI+Tunnel), to support non-IVI IPv6 hosts to communicate with IPv4 hosts, and vice versa. IVIT combines IVI translation and Tunnel methods with the IVI translation at the core and the tunnel at the edge. In this document, IVIT provides two modes. One is the dual-stack host mode, which supports the communication between a dual-stack host in an IPv4 network and a non-IVI IPv6 host, especially the communication scenario between a dual-stack server in an IPv4 network and a non-IVI IPv6 host. The other is the CPE mode, which supports the communication between an IPv4-only host and a non-IVI IPv6 host, especially the bidirectional communication scenario between a private IPv4 network and a non-IVI IPv6 network. Combined with IVI, IVIT can support the communication between IPv4 networks and IPv6 networks statelessly at the core. Xu, et al. Expires January 7, 2010 [Page 2] Internet-Draft IVIT July 2009 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Dual-Stack Host Mode . . . . . . . . . . . . . . . . . . . . . 6 2.1. Basic Idea of the Dual-Stack Host Mode . . . . . . . . . . 6 2.2. The IPv6 Address Format of the Dual-stack Host . . . . . . 6 2.3. Upgrade of an IPv4 Host . . . . . . . . . . . . . . . . . 7 2.4. Application Scenarios . . . . . . . . . . . . . . . . . . 7 2.5. The Communication Process . . . . . . . . . . . . . . . . 7 2.6. An Example . . . . . . . . . . . . . . . . . . . . . . . . 8 3. CPE Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 3.1. Basic Idea of the CPE Mode . . . . . . . . . . . . . . . . 10 3.2. CPE Modified Operation . . . . . . . . . . . . . . . . . . 10 3.3. The Mapping Rule between the CPE IPv6 address and the IPv4 only address . . . . . . . . . . . . . . . . . . . . 10 3.4. Application Scenarios . . . . . . . . . . . . . . . . . . 11 3.5. The Communication Process . . . . . . . . . . . . . . . . 11 3.6. An Example . . . . . . . . . . . . . . . . . . . . . . . . 13 4. Integrated with IVI . . . . . . . . . . . . . . . . . . . . . 14 5. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 15 6. Security Considerations . . . . . . . . . . . . . . . . . . . 16 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18 8.1. Normative References . . . . . . . . . . . . . . . . . . . 18 8.2. Informative References . . . . . . . . . . . . . . . . . . 18 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 19 Xu, et al. Expires January 7, 2010 [Page 3] Internet-Draft IVIT July 2009 1. Introduction IVI[1] is a simple and stateless translation mechanism for resolving the communication problem between an IPv6 network and an IPv4 network. In IVI, address translation and protocol translation are adopted. In the address translation, IVI defines an address mapping rule, as shown in Figure 1, where bits from 32 to 39 are all identifiers of IVI, and bits from 40 to 71 are embedded global IPv4 space. Because the mapping is 1-to-1 mapping, IVI is stateless and has the feature of end-to-end address transparency. The protocol translation in IVI obeys SIIT[2]. | 0 |32 |40 |72 127| ------------------------------------------------------------------ | |FF | | | ------------------------------------------------------------------ |<- IPv6 prefix ->| |<- IPv4 address ->|<- zero padding ->| Figure 1: IVI Address Mapping Rule IVI is simple and scalable. In IVI, the communication between the IPv4 network and the IVI IPv6 network is stateless. But IVI can't support the stateless communication between the non-IVI IPv6 network and the IPv4 network. NAT-PT[3] can support the stateful communication between the non-IVI IPv6 network and the IPv4 network. However, NAT-PT has been obsolete. The Non-IVI IPv6 networks account for a large proportion of the total IPv6 networks. So providing a simple method to communicate between a non-IVI IPv6 network and an IPv4 network is important. In this document, IVIT (IVI+Tunnel) mechanism is proposed for supporting the communication between a non-IVI IPv6 network and an IPv4 network. The basic idea of IVIT is the combination of IVI and Tunnel, which mixes IVI address mapping rule, ISATAP[4] tunnel mechanism and 6to4 [5][6]tunnel mechanism together. IVIT has two modes. One is dual- stack host mode, in which IPv4-only hosts are upgraded to dual-stack hosts which can support encapsulation and decapsulation. The dual- stack host mode mainly borrows the idea from ISATAP tunnel mechanism to construct the IPv6 in IPv4 tunnel between the dual-stack host in an IPv4 network and the IVI gateway. The other is CPE mode. In this mode, CPEs are upgraded from IPv4 only to dual-stack, and support encapsulation/decapsulation and address mapping. The CPE mode uses Xu, et al. Expires January 7, 2010 [Page 4] Internet-Draft IVIT July 2009 the 6to4 tunnel mechanism for reference to construct the tunnel between the CPE and the IVI Gateway. Whichever mode, the IVI Gateway has no change in the address and protocol translation. Of course, IVI gateway needs to support tunnel encapsulation and decapsulation. So IVIT is stateless at the core. Xu, et al. Expires January 7, 2010 [Page 5] Internet-Draft IVIT July 2009 2. Dual-Stack Host Mode 2.1. Basic Idea of the Dual-Stack Host Mode IPv4 network IPv6 network /-----\ /-----\ ( +-+ ) ------------- ( +-+ ) ( |H|==)==========//=====>| IVI gateway |----//---------- ( |H| ) ( +-+ ) ------------- ( +-+ ) \-----/ \-----/ a a Dual-stack non-IVI Host IPv6 Host -------IPv6 in IPv4-----------> Tunnel Tunnel IPv6 in IPv4 Tunnel between the dual-stack host in an IPv4 network and the IVI gateway Figure 2: Dual-stack host mode Figure 2 shows the basic idea of the dual-stack host mode. If a dual-stack host in an IPv4 network communicates with a non-IVI IPv6 host, the dual-stack host firstly constructs the IPv6 packets where the Src address is local IPv6 address and the Dst address is the IPv6 address of the non-IVI IPv6 host. For transmitting the IPv6 packets over the IPv4 network, the IPv6 in IPv4 tunnel is built with the IVI gateway and the dual-stack host as its endpoints. The IPv6 packets are encapsulated into the IPv4 packets, which arrive at the IVI gateway and are decapsulated into the IPv6 packets. The IVI gateway forwards the IPv6 packets to the non-IVI IPv6 host. The reverse communication is similar. 2.2. The IPv6 Address Format of the Dual-stack Host In IVIT, we still use the IVI address mapping rule to assign or configure the IPv6 address of the dual-stack host. But we change the eight bits from 32 to 39 for differentiating IVI feature into eight zeros to identify IVIT mapping, as shown in Figure 3. During the communication, we can distinguish the IPv4 address from the IVI address. Xu, et al. Expires January 7, 2010 [Page 6] Internet-Draft IVIT July 2009 | 0 |32 |40 |72 127| ------------------------------------------------------------------ | |00 | | | ------------------------------------------------------------------ |<- IPv6 prefix ->| |<- IPv4 address ->|<- zero padding ->| Figure 3: The IPv6 address format of the dual-stack host 2.3. Upgrade of an IPv4 Host If an IPv4-only host wants to communicate with a non-IVI IPv6 host, it must upgrade to a dual-stack host. In the dual-stack host, the IPv6 address is assigned or configured as 2.2 format, so we can extract the IPv4 address from the IPv6 address to build the IPv6 in IPv4 tunnel automatically. In this mode, the modified host may construct the IPv6 packets. Meanwhile, it must support encapsulation/decapsulation in order to build the tunnel between the dual-stack host and the IVI gateway. 2.4. Application Scenarios The dual-stack host mode mainly supports the application scenarios of a non-IVI IPv6 host accessing a dual-stack server. Giving an IPv4- only server in an IPv4 network, the server might be accessed by all IPv6 hosts if upgraded into dual-stack host mode. Of course, the mode supports the communication between a dual-stack host in an IPv4 network and a non-IVI IPv6 server. 2.5. The Communication Process Giving a communication between an IPv6 host and an IPv4-only host, if the IPv6 host is an IVI IPv6 host, we take the IVI mechanism to realize the communication. However, if the IPv6 host is a non-IVI IPv6 host, we adopt the IVIT mechanism instead. That is to say, the IVI and IVIT's integration may solve the communication problem between an IPv4 network and an IPv6 network and ensure statelessness at the core without DNS-ALG. In this section, we mainly give a detailed description about the communication between a non-IVI Ipv6 host and a dual-stack host in an IPv4 network. First of all, we describe the communication between a dual-stack host in an IPv4 network and a non-IVI IPv6 host. If a non-IVI IPv6 host H accesses a dual-stack server S in an IPv4 network, which is a main application scenario of dual-stack host mode, S's IPv6 address is according to 2.2 format. Meanwhile, S and the IVI gateway support encapsulation/decapsulation. Xu, et al. Expires January 7, 2010 [Page 7] Internet-Draft IVIT July 2009 The communication from H to S is as follows. H queries DNS server for S address and DNS server returns the S's IPv6 address. Then, H sends the IPv6 packets where Src IPv6 address is H's address and Dst IPv6 address is S's IPv6 address of the dual-stack server to the IVI gateway. The IVI gateway extracts the destination's IPv4 address from the Dst IPv6 address and encapsulates the IPv6 packets into IPv4 packets since the eight bits from 32 to 39 are all zeros (IVIT ID), where Src IPv4 address is IVI gateway's IPv4 address and Dst IPv4 address is S's IPv4 address obtained from the Dst IPv6 address, and then forwards the IPv4 packets to S. S decapsulates the IPv4 packets and hands the IPv6 packets to the upper layer. The response is as follows. S constructs the IPv6 packets where Src IPv6 address is local IPv6 address and Dst IPv6 address is H's address. Then S encapsulates IPv6 packets into IPv4 packets where Src IPv4 address is S's IPv4 address and Dst IPv4 address is IVI gateway's IPv4 address, and then sends the IPv4 packets to IVI gateway. IVI gateway decapsulates IPv4 packets and forwards the IPv6 packets to H. If a dual-stack host H in an IPv4 network communicates with a non-IVI IPv6 server S, H's IPv6 addresses are 2.2 format. H and IVI gateway support encapsulation/decapsulation. The communication is as follows. H queries DNS server for S address and DNS server returns S's address. H constructs the IPv6 packets where Src IPv6 address is local IPv6 address and Dst IPv6 address is S's address. Then H encapsulates IPv6 packets into IPv4 packets where Src IPv4 address is H's IPv4 address and Dst IPv4 address is IVI gateway's IPv4 address, and sends the IPv4 packets to IVI gateway. IVI gateway decapsulates the IPv4 packets and forwards the IPv6 packets to S. The response is as follows. S sends the IPv6 packets where Src IPv6 address is S's address and Dst IPv6 address is H's IPv6 address. IVI gateway encapsulates the IPv6 packets into IPv4 packets where Src IPv4 address is IVI gateway's IPv4 address and Dst IPv4 address is H's IPv4 address obtained from the Dst IPv6 address, and forwards the IPv4 packets to H. H decapsulates the IPv4 packets and hands the IPv6 packets to the upper layer. 2.6. An Example Suppose a non-IVI IPv6 host with the address 3FFE:3600:8::1 access a dual-stack server in an IPv4 network whose IPv4 and IPv6 addresses are 163.162.1.1 and 2001:da8:00a3:a201:0100::0/72, where 2001:da8 is the ISP's IVI IPv6 prefix. The IVI gateway has the IPv4 address 140.125.1.3 and the IPv6 address 2001:da8:ff8c:7d01:0300::0/72(the IVI address). The non-IVI IPv6 host sends the IPv6 packets where the Src address is 3FFE:3600:8::1 and the Dst address is 2001:da8:00a3: Xu, et al. Expires January 7, 2010 [Page 8] Internet-Draft IVIT July 2009 a201:0100::0/72. When the IPv6 packets arrive at the IVI gateway, the IVI gateway encapsulates the IPv6 packets into the IPv4 packets where the Src address is 140.125.1.1 and the Dst address is 163.162.1.1 obtained from the Dst IPv6 address. Then, forward the IPv4 packets to the dual-stack server. The dual-stack server receives these packets and decapsulates the IPv4 packets into the IPv6 packets, then sends to the upper layer. The response process is as follows. The dual-stack server sends the IPv6 packets where Src address is 2001:da8:00a3:a201:0100::0/72 and Dst address is 3FFE:3600:8::1. For transmitting the IPv6 packets in the IPv4 network, the dual-stack server then encapsulates the IPv6 packets into the IPv4 packets where the Src address is 163.162.1.1 and the Dst address is 140.125.1.3. When the encapsulation packets arrive at the IVI gateway, the IVI gateway decapsulates the packets and gets the IPv6 packets. Then, the IVI gateway forwards the IPv6 packets to the destination 3FFE:3600:8::1. Xu, et al. Expires January 7, 2010 [Page 9] Internet-Draft IVIT July 2009 3. CPE Mode 3.1. Basic Idea of the CPE Mode The basic idea of the CPE Mode is similar to that of the dual-stack host mode. But, in this mode, the IPv4-only host needs no change and the CPE is modified into dual-stack and becomes the endpoint of the tunnel. 3.2. CPE Modified Operation In the CPE mode, the IPv4-only host has no change and the CPE is upgraded to dual-stack. The modified CPE supports encapsulation/ decapsulation and mapping. For mapping, the CPE has an IPv4 address pool. The CPE maintains the mapping between the IPv6 host's IPv6 address and an IPv4 address in the IPv4 address pool. Since the IPv4 addresses mapped from the IPv6 host's IPv6 address are used locally, private IPv4 addresses can be used to in the IPv4 address pool. The IPv4 hosts' IPv4 addresses can also be private addresses. The IVI extended IPv6 address of the dual-stack CPE is according to section 3.2. Constructing the IPv6 packets and establishing the tunnel on the CPE resemble the dual-stack host mode. But there are some differences as follows. 1) When an IPv4-only host wants to access an IPv6 host, the IPv4-only host does DNS query and the DNS server returns the IPv6 address of the IPv6 host. The CPE can capture the DNS response, and map the IPv6 host's IPv6 address into one IPv4 address from the IPv4 address pool, then send the IPv4 address to the IPv4-only host. The IPv4- only host uses the IPv4 address as the Dst IPv4 address to construct IPv4 packets. 2) When constructing the IPv6 packets, CPE uses the IVI extended IPv6 address as Src address, and uses the IPv6 address mapped from Dst IPv4 address in IPv4 packets as Dst address. 3.3. The Mapping Rule between the CPE IPv6 address and the IPv4 only address We need a mapping rule between the CPE's IPv6 address and the IPv4- only address in two cases. One is that the CPE translates the IPv4 packets into the IPv6 packets where the Src IPv6 address is created by the mapping rule. The other is that an IPv6 address accesses a private IPv4 address where the mapping rule is adopted to differentiate the private IPv4 address from the Dst CPE IPv6 address. The mapping rule is shown in Figure 4. Xu, et al. Expires January 7, 2010 [Page 10] Internet-Draft IVIT July 2009 | 0 |32 |40 |72 |104 127| ------------------------------------------------------------------ | |00 | | | | ------------------------------------------------------------------ |<-IPv6 prefix->| |<-IPv4 address->|<-IPv4 address->|<- zero ->| of CPE of the IPv4 host padding Figure 4: The mapping rule between the IPv4 address and the CPE's IPv6 address In this 1-to-1 mapping, the bits from 72 to 103 are IPv4 address of the IPv4-only host. Accordingly, we can identify the address of the IPv4-only host from the CPE's IPv6 address. Meanwhile, the DNS server creates a mapping in the DNS. For example, if the IPv4 address of an IPv4-only host is 10.10.20.1 and the CPE's IPv6 address is 2001:da8:000A:0A0A:0100::0/72, the mapped IPv6 address is 2001: da8:000A:0A0A:010A:0A14:0100::0/104. If another IPv4 address is 10.10.30.1, the mapped IPv6 address is 2001:da8:000A:0A0A:010A:0A1E: 0100::0/104. When the IPv6 address 2001:da8:000A:0A0A:010A:0A14: 0100::0/104 is received, we can map into the 10.10.20.1 IPv4 address. And if the address 2001:da8:000A:0A0A:010A:0A1E:0100::0/104 is received, we can map into the 10.10.30.1 IPv4 address. Contrarily, if the address 10.10.30.1 is received, the CPE translates the IPv4 address into 2001:da8:000A:0A0A:010A:0A1E:0100::0/104. 3.4. Application Scenarios The CPE mode supports the communication between an IPv4 network and an IPv6 network, especially the bidirectional communications between a private IPv4 host and a non-IVI IPv6 host. 3.5. The Communication Process Giving a communication between an IPv6 host and an IPv4-only host, if the IPv6 host is an IVI IPv6 host, we take the IVI mechanism to realize the communication. However, if the IPv6 host is a non-IVI IPv6 host, we adopt the IVIT mechanism instead. That is to say, the IVI and IVIT's integration may solve the communication problem between an IPv4 network and an IPv6 network, and ensure statelessness at the core without DNS-ALG. In this section, we mainly give a detailed description about the communication between a non-IVI Ipv6 host and a private IPv4 host in an IPv4 network. If a private IPv4 host H accesses a non-IVI IPv6 server S, the communication process is as follows. H queries the Dst address from DNS server. At first, H sends the query packets, and DNS server returns the S's address to CPE. CPE then receives the returned Xu, et al. Expires January 7, 2010 [Page 11] Internet-Draft IVIT July 2009 packets and identifies that the address is an IPv6 address and extracts an IPv4 address from the address pool to map the IPv6 address, and then returns the selected IPv4 address to H. H sends the IPv4 packets where the src address is local address and the Dst address is the mapped IPv4 address from the CPE. The CPE receives the IPv4 packets, constructs the IPv6 packets where Src IPv6 address is obtained from the mapping rule described in Section 3.3 and the Dst IPv6 address is S's address (query the mapping list, get the corresponding IPv6 address from the Dst IPv4 address in the IPv4 packets). CPE encapsulates IPv6 packets into IPv4 packets where Src IPv4 address is CPE's IPv4 address and Dst IPv4 address is IVI gateway's IPv4 address and sends the IPv4 packets to IVI gateway. IVI gateway decapsulates IPv4 packets and forwards the IPv6 packets to S. The responding packets are as follows. S sends the IPv6 packets where Src IPv6 address is S's address and Dst IPv6 address is the received IPv6 address to IVI gateway. IVI gateway encapsulates the IPv6 packets into IPv4 packets where Src IPv4 address is IVI gateway's IPv4 address and Dst IPv4 address is CPE's IPv4 address obtained from the Dst Ipv6 address, and forwards the IPv4 packets to CPE. CPE decapsulates the IPv4 packets, translates the IPv6 packets into the IPv4 packets(query the mapping table, use the mapping rule described in Section 3.3 and get the corresponding address information) and sends the IPv4 packets to H. If a non-IVI IPv6 host H communicates with a private IPv4 server S in an IPv4 network. The communication is as follows. At first, H queries the address information of S. DNS server returns the IPv6 address according to the mapping rule described in Section 3.3. H receives the response and sends the IPv6 packets where Src IPv6 address is H's address and Dst IPv6 address is the returned IPv6 address to IVI gateway. IVI gateway encapsulates the IPv6 packets into IPv4 packets where Src IPv4 address is IVI gateway's IPv4 address and Dst IPv4 address is CPE's IPv4 address, and forwards the IPv4 packets to CPE. CPE decapsulates the IPv4 packets, translates the IPv6 packets into the IPv4 packets and sends the IPv4 packets to S. The responding packets are as follows. S sends the IPv4 packets according to the sent address information. CPE constructs the IPv6 packets according to the address mapping table. Then CPE encapsulates IPv6 packets into IPv4 packets where Src IPv4 address is CPE's IPv4 address and Dst IPv4 address is IVI gsteway's IPv4 address, and sends the IPv4 packets to IVI gateway. IVI gateway decapsulates IPv4 packets and forwards the IPv6 packets to H. Xu, et al. Expires January 7, 2010 [Page 12] Internet-Draft IVIT July 2009 3.6. An Example Suppose a non-IVI IPv6 host with the address 3FFE:3600:8::1 communicates with a private IPv4-only host whose IP address is 10.10.20.3. In this communication, the IP addresses of the corresponding CPE are 163.162.1.1 and 2001:da8:00a3:a201:0100::0/72. The CPE establishes the mapping 192.168.5.12<->3FFE:3600:8::1. The IVI gateway has the IPv4 address 140.125.1.3 and the IPv6 address 2001:da8:ff8c:7d01:0300::0/72(the IVI address). Firstly, the non-IVI IPv6 host queries the Dst IP address, and DNS server returns the IPv6 address 2001:da8:00a3:a201:010A:0A14:0300::0/ 104. The IPv6 host sends the IPv6 packets where the Src address is 3FFE:3600:8::1 and the Dst address is 2001:da8:00a3:a201:010A:0A14: 0300::0/104. When the IPv6 packets arrive at the IVI gateway, it encapsulates the IPv6 packets into the IPv4 packets where the Src address is 140.125.1.1 and the Dst address is 163.162.1.1 obtained from the Dst IPv6 address, and forwards the IPv4 Packets to the dual- stack CPE. The dual-stack CPE receives these packets and decapsulates the IPv4 packets into the IPv6 packets where the Src address is 3FFE:3600:8::1 and the Dst address is 2001:da8:00a3:a201: 010A:0A14:0300::0/104. Then the CPE queries the mapping table bases on the mapping rule described in Section 4.2, and obtains the corresponding mapping. At last, it sends the IPv4 packets where the src address is 192.168.5.12 and the dst address is 10.10.20.3 to the private IPv4 server. The response process is as follows. The private IPv4 server sends the IPv4 packets where the Src address is 10.10.20.1 and the Dst address is 192.168.5.12. The dual-stack CPE receives the IPv4 packets and constructs the IPv6 packets where the Src address is 2001:da8:00a3:a201:010A:0A14:0300::0/104, and the Dst address is 3FFE:3600:8::1. For transmitting the IPv6 packets in the IPv4 network, the dual-stack CPE then encapsulates the IPv6 packets into the IPv4 packets where the Src address is 163.162.1.1 and the Dst address is 140.125.1.3. When the encapsulation packets arrive at the IVI gateway, it decapsulates the packets and gets the IPv6 packets. Then, the IVI gateway forwards the translated IPv6 packets to the Dst address 3FFE:3600:8::1. Xu, et al. Expires January 7, 2010 [Page 13] Internet-Draft IVIT July 2009 4. Integrated with IVI Owing to IVIT, the IVI gateway must identify IVIT from IVI. The identification mechanism should be adopted in The IVI gateway. In the identification mechanism, the operation of the IVI gateway should be classified into the following two cases. 1) When the IVI gateway receives the IPv6 packets, if the dst address in the IPv6 packets is an IVI IPv6 address, the IVI gateway implements the IVI function, if the dst address isn't an IVI IPv6 address, the IVI gateway implements the IVIT function. 2) When the IVI gateway receives the IPv4 packets, if the dst address in the IPv4 packets isn't the IVI gateway's address, the IVI gateway implements the IVI function, if the dst address is the IVI gateway's address, the IVI gateway implements the IVIT function. Xu, et al. Expires January 7, 2010 [Page 14] Internet-Draft IVIT July 2009 5. Conclusion In this draft, we proposed an IVI+Tunnel mechanism to solve the communication problem between a non-IVI IPv6 network and an IPv4 network. IVIT has evident advantages in the following three aspects. 1) In the dual-stack host mode, all IPv6 hosts may access the dual- stack servers in an IPv4 network. 2) In the CPE mode, the address pool of a CPE may use the private addresses, which saves more global IPv4 addresses. 3) In the CPE mode, IVIT may support the bidirectional communication between a private IPv4 network and an IPv6 network. Integrating IVI and IVIT may resolve the communication problem between an IPv4 network and an IPv6 network. IVI and IVIT union is stateless at the core and without DNS-ALG related issues. So IVIT has high scalability and effectiveness. Xu, et al. Expires January 7, 2010 [Page 15] Internet-Draft IVIT July 2009 6. Security Considerations This document presents IVIT (IVI+Tunnel) for the communication between an IPv4 network and a non-IVI IPv6 network. The IPv4 security and IPv6 security issues should be addressed using related documents of each address family and are not included in this document. Xu, et al. Expires January 7, 2010 [Page 16] Internet-Draft IVIT July 2009 7. IANA Considerations Xu, et al. Expires January 7, 2010 [Page 17] Internet-Draft IVIT July 2009 8. References 8.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2765] Nordmark, E., "Stateless IP/ICMP Translation Algorithm (SIIT)", RFC 2765, February 2000. [RFC2766] Tsirtsis, G. and P. Srisuresh, "Network Address Translation - Protocol Translation (NAT-PT)", RFC 2766, February 2000. [RFC5214] Templin, F., Gleeson, T., and D. Thaler, "Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)", RFC 5214, March 2008. [RFC3056] Carpenter, B. and K. Moore, "Connection of IPv6 Domains via IPv4 Clouds", RFC 3056, February 2001. [RFC3068] Huitema, C., "An Anycast Prefix for 6to4 Relay Routers", RFC 3068, June 2001. [RFC4966] Aoun, C. and E. Davies, "Reasons to Move the Network Address Translator - Protocol Translator (NAT-PT) to Historic Status", RFC 4966, July 2007. 8.2. Informative References [I-D.xli-behave-ivi] Li, X., Bao, C., Chen, M., Zhang, H., and J. Wu, "The CERNET IVI Translation Design and Deployment for the IPv4/ IPv6 Coexistence and Transition", draft-xli-behave-ivi-02 (work in progress), June 2009. Xu, et al. Expires January 7, 2010 [Page 18] Internet-Draft IVIT July 2009 Authors' Addresses Mingwei Xu Tsinghua University Department of Computer Science, Tsinghua University Beijing 100084 P.R.China Phone: +86-10-6278-5822 Email: xmw@csnet1.cs.tsinghua.edu.cn Chunmei Xia Tsinghua University Department of Computer Science, Tsinghua University Beijing 100084 P.R.China Phone: +86-10-6278-5822 Email: xcm1977@sina.com Xing Li Tsinghua University Department of Electronic Engineering, Tsinghua University Beijing 100084 P.R.China Phone: +86-10-6278-5983 Email: xing@cernet.edu.cn Yong Cui Tsinghua University Department of Computer Science, Tsinghua University Beijing 100084 P.R.China Phone: +86-10-6278-5822 Email: cuiyong@tsinghua.edu.cn Xu, et al. Expires January 7, 2010 [Page 19] Internet-Draft IVIT July 2009 Jianping Wu Tsinghua University Department of Computer Science, Tsinghua University Beijing 100084 P.R.China Phone: +86-10-6278-5983 Email: jianping@cernet.edu.cn Xu, et al. Expires January 7, 2010 [Page 20]