Maximizing IPv4 Utilization with IPv6-Only Data Centers and SIIT-DC

A SIIT-DC translator contains a table with IPv4 and IPv6 address pairs, for example:

…and so on.

When the SIIT-DC translator receives an IPv4 packet destined for one of the IPv4 addresses in the table, it will remove the IPv4 header and replace it with an IPv6 header where the destination address is swapped according to the table. The source address of the IPv6 header will be the original IPv4 address of the end user, with a special 96-bit IPv6 prefix prepended.

This special prefix could be drawn from the data center operator’s own address pool, or use one of the special-use prefixes set aside in RFC 6052 and RFC 8215, such as 64:ff9b:1::/96.

For example: the IPv4 end user 203.0.113.123 wants to open www.example.org, which has a DNS IN A record of 198.51.100.1. The resulting TCP SYN packet is routed to a SIIT-DC translator, which translates it into an IPv6 packet with source address 64:ff9b:1::203.0.113.123 (64:ff9b:1::cb00:717b) and destination address 2001:db8:abcd::42.

The translated packet is forwarded to the IPv6 network, responded to normally by the web server, and routed back to a SIIT-DC translator, which performs the reverse translation. Connection established!

(What about IPv6-capable end users, though? They will of course instead connect directly to 2001:db8:abcd::42 according to www.example.org’s IN AAAA DNS record, bypassing the SIIT-DC translation system completely.)

Since SIIT-DC is stateless, there is no requirement that the IPv4→IPv6 translation is handled by the same device as the reverse IPv6→IPv4 translation. As long as they are all configured with the same IPv4/IPv6 translation table and 96-bit prefix, any number of them can be involved. They do not even have to be located in the same data center or network – there is no reason why one could not offer SIIT-DC as a service to other organizations across the public Internet.

Finally, SIIT-DC allows for maximum utilization of the available IPv4 addresses. You might have noticed that the example translation table started with a «.0» address – that was no mistake. SIIT-DC can use every single address assigned to it, there is no overhead caused by network and broadcast addresses and so on. Considering how scarce public IPv4 addresses are nowadays, it is important to make the most of the public IPv4 addresses one has access to.

If you are planning on building a data center in the future, I hope you will consider making it an IPv6-only one, and that SIIT-DC will be able to help you accomplish this.

If you would like to play around with SIIT-DC, a good place to start is by downloading Jool, an open-source implementation for Linux developed at NIC México and Tecnológico de Monterrey.

*Tore Anderson is a senior network architect at Norwegian cloud provider Redpill Linpro. He has long taken a special interest in IPv6 and data center networking, subjects he has authored several RFCs about.