Network processors applied to IPv4/IPv6 transition

We describe a high-speed IPv6-IPv4 gateway on an experimental board containing a pair of Intel IXP network processor chips, an FPGA, and a pair of TCAMs. The device is capable of supporting several hundreds of thousands of concurrent TCP/UDP sessions and sustaining close to the line rate on a GbE link. It provides an order of magnitude improvement in packet throughput over an implementation of the same functionality on a commodity PC. IPv6 is beginning to be adopted by organizations and countries that expect to run critically short of IPv4 addresses. Small-scale trials can rely on dual-stock transition mechanisms, in which both an IPv4 and an IPv6 address are assigned to new hosts, which can therefore talk directly to old and new networks. But full deployment must use network address/port/protocol translation (NAPT-PT), in which new hosts are given only IPv6 addresses and must talk through a gateway in order to speak to old networks. The natural location for these NAPT-PT gateways will gradually shift from very local subnets to the edge of a provider network as IPv6 becomes more widely deployed, increasing the demands on the capacity and availability of such gateways. Network processors have the flexibility custom silicon lacks and the speed generic microprocessors lack, and hence are especially well suited for early implementation of network elements such as this gateway between IPv6 islands and the IPv4 ocean. A major challenge in building a scalable middlebox is redundancy support for stateful failover and load balancing, again putting a premium on programmability.