Comprehensive Survey of IPv6 Transition Technologies: A Subjective Classification for Security Analysis

Due to the depletion of the public IPv4 address pool, the transition to IPv6 became inevitable. However, this ongoing transition is taking a long time, and the two incompatible versions of the Internet Protocol must coexist. Different IPv6 transition technologies were developed, which can be used to enable communication in various scenarios, but they also involve additional security issues. In this paper, first, we introduce our methodology for analyzing the security of IPv6 transition technologies in a nutshell. Then, we develop a priority classification method for the ranking of different IPv6 transition technologies and their most important implementations, so that the vulnerabilities of the most crucial ones may be examined first. Next, we conduct a comprehensive survey of the existing IPv6 transition technologies by describing their application scenarios and the basics of their operation and we also determine the priorities of their security analysis according to our ranking system. Finally, we show that those IPv6 transition technologies that we gave high priorities, cover the most relevant scenarios. key words: IPv6 transition technologies, network security, survey

[1]  Brian E. Carpenter,et al.  Deprecating the Anycast Prefix for 6to4 Relay Routers , 2015, RFC.

[2]  Paul Kavanagh,et al.  The Open Source Definition , 2004 .

[3]  Hiroaki Hazeyama,et al.  The STRIDE Towards IPv6: A Comprehensive Threat Model for IPv6 Transition Technologies , 2016, ICISSP.

[4]  Jeroen Massar AYIYA: Anything In Anything , 2004 .

[5]  Gábor Lencse,et al.  Performance analysis and comparison of the TAYGA and of the PF NAT64 implementations , 2013, 2013 36th International Conference on Telecommunications and Signal Processing (TSP).

[6]  Naoki Matsuhira Stateless Automatic IPv4 over IPv6 Encapsulation / Decapsulation Technology: Specification , 2015 .

[7]  Marc Blanchet,et al.  Ecdysis : Open-Source DNS 64 and NAT 64 , 2010 .

[8]  Yuji Sekiya,et al.  Designing an IPv6-Oriented Datacenter with IPv4-IPv6 Translation Technology for Future Datacenter Operation , 2012, CLOSER.

[9]  Hui Deng,et al.  Internet Engineering Task Force (ietf) Dual-stack Hosts Using "bump-in-the-host" (bih) , 2022 .

[10]  Olaf Maennel,et al.  IPv4 Address Sharing Mechanism Classification and Tradeoff Analysis , 2014, IEEE/ACM Transactions on Networking.

[11]  Erik Nordmark,et al.  Basic Transition Mechanisms for IPv6 Hosts and Routers , 2005, RFC.

[12]  Youki Kadobayashi,et al.  Benchmarking DNS64 implementations: Theory and practice , 2018, Comput. Commun..

[13]  Youki Kadobayashi,et al.  Benchmarking methodology for DNS64 servers , 2017, Comput. Commun..

[14]  Géza Szabó,et al.  Application agnostic QoE triggered multipath switching for Android devices , 2017, 2017 IEEE International Conference on Communications (ICC).

[15]  Youki Kadobayashi,et al.  Methodology for the identification of potential security issues of different IPv6 transition technologies: Threat analysis of DNS64 and stateful NAT64 , 2018, Comput. Secur..

[16]  Christian Huitema,et al.  Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs) , 2006, RFC.

[17]  Gábor Lencse,et al.  Application compatibility of the NAT64 IPv6 transition technology , 2015, 2015 38th International Conference on Telecommunications and Signal Processing (TSP).

[18]  Ferenc Fejes,et al.  Throughput Performance Comparison of MPT-GRE and MPTCP in the Fast Ethernet IPv4/IPv6 Environment , 2018 .

[19]  Jordi Palet,et al.  Requirements for IPv6 Customer Edge Routers to Support IPv4 Connectivity as-a-Service , 2018 .

[20]  Marcelo Bagnulo,et al.  DNS64: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers , 2011, RFC.

[21]  Christian Jacquenet,et al.  Deployment Considerations for Dual-Stack Lite , 2013, RFC.

[22]  Marcelo Bagnulo,et al.  Internet Engineering Task Force (ietf) Stateful Nat64: Network Address and Protocol Translation from Ipv6 Clients to Ipv4 Servers , 2011 .

[23]  Jun-ichiro itojun Hagino,et al.  An IPv6-to-IPv4 Transport Relay Translator , 2001, RFC.

[24]  Cedric Aoun,et al.  Reasons to Move the Network Address Translator - Protocol Translator (NAT-PT) to Historic Status , 2007, RFC.

[25]  Chris Metz,et al.  Transition from IPv4 to IPv6: A State-of-the-Art Survey , 2013, IEEE Communications Surveys & Tutorials.

[26]  David Schinazi,et al.  Happy Eyeballs Version 2: Better Connectivity Using Concurrency , 2017, RFC.

[27]  Remco van Mook,et al.  Measures for Making DNS More Resilient against Forged Answers , 2009, RFC.

[28]  Brian E. Carpenter,et al.  Connection of IPv6 Domains via IPv4 Clouds , 2001, RFC.

[29]  George Tsirtsis,et al.  Network Address Translation - Protocol Translation (NAT-PT) , 2000, RFC.

[30]  Xing Li,et al.  Mapping of Address and Port using Translation (MAP-T) , 2015, RFC.

[31]  Gábor Lencse,et al.  Pros and Cons of IPv6 Transition Technologies for IPv4aaS , 2000 .

[32]  Naoki Matsuhira,et al.  SA46T Address Translator , 2015 .

[33]  Li Yu-ke Survey of IPv6 Transition Mechanisms and Security Review , 2010 .

[34]  Gábor Lencse,et al.  Benchmarking Methodology for IPv6 Transition Technologies , 2017, RFC.

[35]  Stephen E. Deering,et al.  Generic Packet Tunneling in IPv6 Specification , 1998, RFC.

[36]  Christian Huitema,et al.  IPv6 Addressing of IPv4/IPv6 Translators , 2010, RFC.

[37]  Fulvio Risso,et al.  Transition from IPv 4 to IPv 6 , 2017 .

[38]  Jianping Wu,et al.  The China Education and Research Network (CERNET) IVI Translation Design and Deployment for the IPv4/IPv6 Coexistence and Transition , 2011, RFC.

[39]  Shin Miyakawa IPv4 to IPv6 Transformation Schemes , 2010, IEICE Trans. Commun..

[40]  Gábor Lencse,et al.  MPT Network Layer Multipath Library , 2019 .

[41]  Tore Anderson SIIT-DC: Stateless IP/ICMP Translation for IPv6 Data Center Environments , 2016, RFC.

[42]  Glen Zorn,et al.  Layer Two Tunneling Protocol "L2TP" , 1999, RFC.

[43]  Biju Issac,et al.  Analysis of IPv6 Transition Technologies , 2014, ArXiv.

[44]  Ralph E. Droms,et al.  Dual-Stack Lite Broadband Deployments Following IPv4 Exhaustion , 2011, RFC.

[45]  Akira Nakagawa,et al.  Common Requirements for Carrier-Grade NATs (CGNs) , 2013, RFC.

[46]  Kadobayashi Youki,et al.  Survey of IPv6 transition technologies for security analysis , 2017 .

[47]  Deng Hui,et al.  Dual Stack Hosts using the "Bump-In-the-Stack" Technique (BIS) , 2010 .

[48]  Masanobu Kawashima,et al.  464XLAT: Combination of Stateful and Stateless Translation , 2013, RFC.

[49]  Ferenc Fejes,et al.  Multipath strategies and solutions in multihomed mobile environments , 2016, 2016 7th IEEE International Conference on Cognitive Infocommunications (CogInfoCom).

[50]  Gábor Lencse,et al.  Design and Implementation of a Test Program for Benchmarking DNS64 Servers , 2017, IEICE Trans. Commun..

[51]  Saadullah Kalwar,et al.  A survey of transition mechanisms from IPv4 to IPv6 — Simulated test bed and analysis , 2015, 2015 Third International Conference on Digital Information, Networking, and Wireless Communications (DINWC).

[52]  Fernando Gont,et al.  IP/ICMP Translation Algorithm , 2016, RFC.

[53]  Brian E. Carpenter,et al.  Advisory Guidelines for 6to4 Deployment , 2011, RFC.

[54]  Hui Deng,et al.  Dual Stack Hosts Using "Bump-in-the-API" (BIA) , 2010 .

[55]  Peter Balint,et al.  Test software design and implemetation for benchmarking of stateless IPv4/IPv6 translation implementations , 2017, 2017 40th International Conference on Telecommunications and Signal Processing (TSP).

[56]  Akos Kovacs Comparing the aggregation capability of the MPT communications library and multipath TCP , 2016, 2016 7th IEEE International Conference on Cognitive Infocommunications (CogInfoCom).

[57]  Jeremy De Clercq,et al.  Connecting IPv6 Islands over IPv4 MPLS Using IPv6 Provider Edge Routers (6PE) , 2007, RFC.

[58]  Mohamed Boucadair,et al.  Lightweight 4over6: An Extension to the Dual-Stack Lite Architecture , 2015, RFC.

[59]  Gábor Lencse,et al.  Investigating the multipath extension of the GRE in UDP technology , 2017, Comput. Commun..

[60]  Hiroaki Hazeyama,et al.  Empirical Analysis of IPv6 Transition Technologies Using the IPv6 Network Evaluation Testbed , 2014, TRIDENTCOM.

[61]  Gábor Lencse Estimation of the Port Number Consumption of Web Browsing , 2015, IEICE Trans. Commun..

[62]  Stephen E. Deering,et al.  Internet Protocol, Version 6 (IPv6) Specification , 1995, RFC.

[63]  Y. Kadobayashi,et al.  Methodology for DNS Cache Poisoning Vulnerability Analysis of DNS 64 Implementations , 2018 .

[64]  Marco Carugi,et al.  BGP-MPLS IP Virtual Private Network (VPN) Extension for IPv6 VPN , 2006, RFC.

[65]  Xing Li,et al.  Mapping of Address and Port with Encapsulation (MAP-E) , 2015, RFC.

[66]  Olivier Vautrin,et al.  6to4 Provider Managed Tunnels , 2012, RFC.

[67]  David Thaler,et al.  Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) , 2005, RFC.

[68]  Yang Jia Survey and analysis on IPv6 transition technologies , 2011 .

[69]  Roch Guérin,et al.  Migrating the Internet to IPv6: An Exploration of the When and Why , 2016, IEEE/ACM Transactions on Networking.

[70]  Jianping Wu,et al.  Public IPv4-over-IPv6 Access Network , 2013, RFC.

[71]  Cui Yong Survey of Internet IPv6 Transition Technologies , 2006 .

[72]  Gang Chen,et al.  IPv4 Residual Deployment via IPv6 - A Stateless Solution (4rd) , 2015, RFC.

[73]  Ignacio Goyret,et al.  Layer Two Tunneling Protocol - Version 3 (L2TPv3) , 2005, RFC.

[74]  Ole Troan,et al.  IPv6 Rapid Deployment on IPv4 Infrastructures (6rd) - Protocol Specification , 2010, RFC.

[75]  Brian E. Carpenter,et al.  Transmission of IPv6 over IPv4 Domains without Explicit Tunnels , 1999, RFC.

[76]  Xing Li,et al.  dIVI: Dual-Stateless IPv4/IPv6 Translation , 2017 .

[77]  Alain Durand,et al.  IPv6 Tunnel Broker , 2001, RFC.