You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

#### 518 lines 26 KiB Raw Permalink Normal View History Unescape Escape

 3 years ago \chapter{\label{background}Background}  3 years ago In this chapter we describe the key technologies involved and their  relation to our work.  % ----------------------------------------------------------------------  3 years ago \section{\label{background:p4}P4}  3 years ago P4 is a programming language designed to program inside network  3 years ago equipment. Its main features are protocol and target independence.  3 years ago The \textit{protocol independence} refers to the separation of concerns in  3 years ago terms of language and protocols: P4, generally speaking, operates on  bits that are parsed and then accessible in the self defined  structures called headers. The general flow can be seen in  3 years ago figure \ref{fig:p4fromnsg}: a parser parses the incoming packet and  prepares it for processing in the switching logic. Afterwards the  packets are output and deparsing of the parsed data might follow.  3 years ago In the context of NAT64 this is a very important feature: while the  parser will read and parse in the ingress pipeline one protocol  (f.i. IPv6), the deparser will output a different protocol (f.i. IPv4).  \begin{figure}[htbp]  3 years ago  \includegraphics[scale=0.9]{p4-from-nsg}   \centering   \caption{P4 Protocol Independence~\cite{vanbever:_progr_networ_data_planes}}  3 years ago  \label{fig:p4fromnsg}  \end{figure}  3 years ago The \textit{target independence} is the second major feature  3 years ago of P4: it allows code to be compiled to different targets. While in  3 years ago theory the P4 code should be completely target independent, in reality,  3 years ago there are some modifications needed on a per-target basis and each  target faces different restrictions. The challenges arising from this  are discussed in section \ref{results:p4}.  3 years ago   As opposed to general purpose programming languages, P4 lacks some  3 years ago features. Most notably loops, floating point operations and  modulo operations.  3 years ago However, within its constraints, P4 can guarantee  3 years ago operation at line speed, which general purpose programming languages  3 years ago cannot guarantee and also fail to achieve in reality  3 years ago (see section \ref{results:softwarenat64} for details).  3 years ago % ok  3 years ago % ----------------------------------------------------------------------  3 years ago \section{\label{background:ip}IPv6, IPv4 and Ethernet}  3 years ago The first IPv6 RFC was published in 1998~\cite{rfc2460}. Both IPv6 and  3 years ago IPv4 operate on layer 3 of the OSI model. In this thesis we only  consider transmission via Ethernet, which operates at  layer 2. Inside the Ethernet frame a field named type'' specifies  3 years ago the higher level protocol identifier.\footnote{   0x0800 for IPv4~\cite{rfc894} and 0x86DD for IPv6~\cite{rfc2464}.}  3 years ago This is important because  3 years ago Ethernet can only reference one protocol, which makes IPv4 and IPv6  mutually exclusive.  3 years ago In the figures \ref{fig:ipv4header} and \ref{fig:ipv6header} we  show the packet headers of IPv4 and IPv6 for showing the in-protocol  differences. The most notable differences between  3 years ago the two protocols for this thesis are:  3 years ago \begin{itemize}  3 years ago \item Different address lengths  \begin{itemize}  \item IPv4: 32 bit  \item IPv6: 128 bit  \end{itemize}  \item Lack of a checksum in IPv6  3 years ago \item Format of Pseudo headers (see section \ref{background:checksums})  \end{itemize}  3 years ago   3 years ago % ----------------------------------------------------------------------  3 years ago \section{\label{background:arpndp}ARP and NDP, ICMP and ICMP6}  While IPv6 and IPv4 are primarily used as a shell'' to support  addressing for protocols that have no or limited addressing support  3 years ago (like TCP or UDP), protocols like ARP~\cite{rfc826} and  NDP~\cite{rfc4861} provide support for resolving IPv6 and IPv4  3 years ago addresses to hardware (MAC) addresses. While both ARP and NDP are only  3 years ago used prior to establishing a connection and their results are  cached, their availability is crucial for operating a switch, because  without ARP or NDP no connection will every be established.  3 years ago Figure \ref{fig:arpndp} illustrates a typical address resolution process.  \begin{figure}[htbp]  3 years ago  \includegraphics[scale=0.4]{arp-ndp}  3 years ago  \centering   \caption{ARP and NDP}   \label{fig:arpndp}  \end{figure}  3 years ago The major differences between ARP and NDP in relation to P4 are  3 years ago \begin{itemize}  \item ARP is a separate protocol on the same layer as IPv6 and IPv4,  \item NDP operates below ICMP6 which operates below IPv6,  \item NDP contains checksums over payload,  3 years ago \item and NDP in ICMP6 contains optional, non-referenced option fields  3 years ago  (specifically: ICMP6 link layer address option).  \end{itemize}  ARP is required to be a separate protocol, because IPv4 hosts don't  3 years ago know how to communicate with each other yet, as they don't have a  3 years ago way to communicate to the target IPv4 address (The chicken and the  egg problem'').  NDP on the other hand already works within IPv6, as every IPv6 host is  required to have a self-assigned link local IPv6 address from the  3 years ago IPv6 network \texttt{fe80::/10} (compare  RFC4291~\cite{rfc4291}). While ARP uses broadcasting for address  resolution, NDP uses multicasting. IPv6 hosts automatically  3 years ago join multicast groups that embed parts of their  3 years ago IPv6 addresses~\cite{rfc2710},~\cite{wikipedia:_solic}. This way the  3 years ago collision domain is significantly reduced in IPv6, compared to IPv4.    As seen later in this document (compare  3 years ago section \ref{results:netpfga:features}), the requirement to generate checksums  3 years ago over payload poses difficult problems for some hardware targets. Even  3 years ago more difficult is the use of options within ICMP6.  \begin{figure}[htbp]  3 years ago  \includegraphics[scale=0.4]{icmp6ndp}  3 years ago  \centering   \caption{ICMP6 Option Fields}  3 years ago  \label{fig:icmp6ndp}  \end{figure}  3 years ago The problem arises from the layout of the options, as seen  in figure \ref{fig:icmp6ndp} and the following quote:  3 years ago \begin{quote}  3 years ago Neighbor Discovery messages include zero or more options, some of  3 years ago which may appear multiple times in the same message. Options should  be padded when necessary to ensure that they end on their natural  3 years ago 64-bit boundaries''.\footnote{Quote from \cite{rfc4861}.}  3 years ago \end{quote}    ICMP6 and ICMP are primarily used to signal errors in  3 years ago communication. Specifically, signalling that a packet is too big to  3 years ago pass a certain link and needs fragmentation is a common functionality  3 years ago of both protocols. For a host (or a switch) to be able to emit ICMP6 and  3 years ago ICMP messages, the host requires a valid IPv6 / IPv4 address.  3 years ago Without ICMP6 / ICMP support path MTU  discovery~\cite{rfc1191},~\cite{rfc8201}  does not work and the sender needs to determine  3 years ago different ways of finding out the maximum MTU on the path.  3 years ago % ----------------------------------------------------------------------  3 years ago \section{\label{background:transition}IPv6 Translation Mechanisms}  3 years ago While in this thesis we focus on NAT64 as a translation mechanism,  3 years ago there are a variety of different approaches, some of which we would  like to portray here.  3 years ago % ----------------------------------------------------------------------  3 years ago \subsection{\label{background:transition:stateless}Stateless NAT64}  Stateless NAT64 describes static mappings between IPv6 and IPv4  3 years ago addresses. This can be based on longest prefix matching (LPM),  3 years ago ranges, bitmasks or individual entries.  3 years ago   3 years ago NAT64 translations as described in this thesis modify multiple layers  in the translation process:  \begin{itemize}  \item Ethernet (changing the type field)  \item IPv4 / IPv6 (changing the protocol, changing the fields)  \item TCP/UDP/ICMP/ICMP6 checksums  \end{itemize}  3 years ago Figures \ref{fig:ipv6header} and \ref{fig:ipv4header} show the headers  of IPv4 and IPv6. As can be seen in the diagrams not only are the  addresses of different size, but fields have also been changed or  removed when the version changed. Depending on the NAT64  translation direction, a translator will need to re-arrange fields to  a different position, remove fields and add fields.  \begin{figure}[htbp]  3 years ago \begin{verbatim}  3 years ago  0 1 2 3   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  |Version| Traffic Class | Flow Label |  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  | Payload Length | Next Header | Hop Limit |  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  | |  + +  | |  + Source Address +  | |  + +  | |  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  | |  + +  | |  + Destination Address +  | |  + +  | |  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  3 years ago \end{verbatim}   \centering   \caption{IPv6 Header~\cite{rfc2460}}   \label{fig:ipv6header}  \end{figure}  3 years ago This in turn causes the packet size for standard headers  to differ by 160 Bit.\footnote{IPv6: 320 Bit, IPv4 160 Bit}  3 years ago % ----------------------------------------------------------------------  3 years ago \subsection{\label{background:transition:statefulnat64}Stateful NAT64}  3 years ago Stateful NAT64 as defined in RFC6146~\cite{rfc6146} defines how to  3 years ago create 1:n mappings between IPv6 and IPv4 hosts. The motivation for  3 years ago stateful NAT64 is similar to stateful NAT44~\cite{rfc3022}: while  NAT44 allows translating many (private) IPv4 addresses to one  (public) IPv4 address,  NAT64 allows translating many IPv6 addresses to one IPv4 address.  While the opposite stateful translation, mapping many IPv4 addresses  to one IPv6 address, is also technically possible,  the differences in address space size don't justify its use in general.  \begin{figure}[htbp]  3 years ago \begin{verbatim}  3 years ago  0 1 2 3   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  |Version| IHL |Type of Service| Total Length |  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  | Identification |Flags| Fragment Offset |  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  | Time to Live | Protocol | Header Checksum |  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  | Source Address |  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  | Destination Address |  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  | Options | Padding |  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  3 years ago \end{verbatim}   \caption{IPv4 Header~\cite{rfc791}}   \label{fig:ipv4header}  \end{figure}      3 years ago Stateful NAT64 in particular uses information in higher level  3 years ago protocols to multiplex connections: Given one IPv4 address and the TCP  3 years ago protocol, outgoing connections from IPv6 hosts can dynamically mapped  3 years ago to the range of possible TCP ports. After a session is closed, the  3 years ago port can be reused again.  \begin{figure}[htbp]  3 years ago  \includegraphics[scale=0.5]{statefulnat64}  3 years ago  \centering   \caption{Stateful NAT64}   \label{fig:statefulnat64}  \end{figure}  3 years ago The selection of mapped ports is usually based on the availability of  3 years ago the IPv4 side and not related to the original port. To support  3 years ago stateful NAT64, the translator needs to store the mapping  in a table and purge entries regularly.  3 years ago   3 years ago Stateful NAT64 usually uses information found in protocols at layer 4  3 years ago like TCP~\cite{rfc793} or UDP~\cite{rfc768}. However, it can also  3 years ago support ICMP~\cite{rfc792} and ICMP6~\cite{rfc4443}.  3 years ago % ----------------------------------------------------------------------  3 years ago \subsection{\label{background:transition:Protocol dependent}Higher  3 years ago  Layer Protocol Dependent Translation}  3 years ago Further translation can be achieved by using information in higher  3 years ago level protocols like HTTP~\cite{rfc2616} or TLS~\cite{rfc4366}.  Application proxies like  nginx~\cite{nginx:_nginx_high_perfor_load_balan}  3 years ago use layer 7 protocol information, like the requested hostname,  to proxy towards backends.    Within this proxying method, the underlying IP protocol can be changed  from IPv6 to IPv4 and vice versa. However, if using HTTPS with TLS  1.3~\cite{rfc8446}, the requested hostname that is usually used for  selecting the backend can be encrypted, which poses a challenge for  implementations.  3 years ago   While protocol dependent translation has the highest amount of  information to choose from for translation, complex parsers or even  cryptographic methods are required for it. That reduces the  3 years ago opportunities for) protocol dependent translations to run on devices  3 years ago with less sophisticated devices.  % ----------------------------------------------------------------------  3 years ago \subsection{\label{background:transition:prefixnat}Mapping IPv4  Addresses in IPv6}  As described in section \ref{background:ip}, one of the major  differences between IPv6 and IPv4 is the address length. As the whole  IPv4 Internet can be represented in only 32 bits, it is a common  practice to assign an IPv6 prefix for IPv6 hosts that represents a  3 years ago mapping to the whole IPv4 Internet. In RFC6052~\cite{rfc6052} the well  3 years ago known prefix \textit{64:ff9b::/96} is defined that can be used for  this purpose. One possibility to map  3 years ago an IPv4 address into the prefix is by adding its integer value to the  3 years ago prefix, treating it as an offset. In figure \ref{fig:ipv4embed}  we show example python code of how this can be done.  \begin{figure}[htbp]  3 years ago \begin{verbatim}  >>> import ipaddress  >>> prefix=ipaddress.IPv6Network("64:ff9b::/96")  >>> ipv4address=ipaddress.IPv4Address("192.0.2.0")  >>> int(ipv4address)  3221225984  >>> hex(3221225984)  '0xc0000200'  >>> prefix[int(ipv4address)]  IPv6Address('64:ff9b::c000:200')  \end{verbatim}   \centering   \caption{Representing an IPv4 address in an IPv6 Prefix}  3 years ago  \label{fig:ipv4embed}  \end{figure}  Network administrators can choose to use either the well known prefix  or to use a network block of their own to map the  Internet.\footnote{For instance  3 years ago  2a0a:e5c0:0:1::/96~\cite{ungleich:networkinfrastructure}.}  3 years ago While a /96 prefix seems a natural selection (it provides exactly 32 bit),  other prefix lengths are defined in RFC6052 (see figure  \ref{fig:prefixlen}) that allow flexible embedding of the IPv4 address.  \begin{figure}[htbp]  \begin{verbatim}  3 years ago +--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+  |PL| 0-------------32--40--48--56--64--72--80--88--96--104---------|  +--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+  |32| prefix |v4(32) | u | suffix |  +--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+  |40| prefix |v4(24) | u |(8)| suffix |  +--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+  |48| prefix |v4(16) | u | (16) | suffix |  +--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+  |56| prefix |(8)| u | v4(24) | suffix |  +--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+  |64| prefix | u | v4(32) | suffix |  +--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+  |96| prefix | v4(32) |  +--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+  \end{verbatim}  3 years ago  \centering   \caption{IPv4 Embedding Depending on the Prefix Length}  3 years ago  \label{fig:prefixlen}  \end{figure}  RFC6146, which describes stateful NAT64, states that  IPv4 addresses of IPv4 hosts are algorithmically  translated to and from IPv6 addresses by using the algorithm defined  3 years ago in [RFC6052]''~\cite{rfc6146} While this sentence does not use the  3 years ago typical RFC keywords like SHALL, REQUIRED, etc.~\cite{rfc2119}, we  interpret this sentence in the meaning of a stateful NAT64  translator SHALL implement IPv4 address embedding as described in the  algorithm of RFC6052''.  % ----------------------------------------------------------------------  \subsection{\label{background:transition:dns64}DNS64}  Tightly related to NAT64 is a technology known as  3 years ago DNS64~\cite{rfc6147}. DNS64 tries to solve the problem of addressing  3 years ago IPv4 only hosts from IPv6 only hosts  by adding a fake'' IPv6 (AAAA) DNS resource record, as shown in  figure \ref{fig:dns64}.  \begin{figure}[h]   \includegraphics[scale=0.4]{dns64}   \centering   \caption{Illustration of DNS64}   \label{fig:dns64}  \end{figure}  3 years ago The DNS64 DNS server will query the authoritative DNS server for an AAAA  3 years ago record. However as the host \textit{ipv4onlyhost.example.com} is only  reachable by IPv4, it also only has an A entry. After receiving the  answer that there is no AAAA record, the DNS64 server will ask for an  3 years ago A record and will get an answer that the name  3 years ago \textit{ipv4onlyhost.example.com} resolves to the IPv4 address  \textit{192.0.2.0}. The DNS64 server then embeds the IPv4 address in  the configured IPv6 prefix (\textit{64:ff9b::/96} in this case) and  3 years ago returns a fake AAAA record to the IPv6 only host (pointing to  \textit{64:ff9b::c000:200} in this case). The IPv6 only host  3 years ago then will use the address to connect to. The NAT64 translator recognises  3 years ago either that the address is part of a configured prefix or that it has  a dedicated table entry for mapping this IPv6 address to an IPv4  address and translates it accordingly.  3 years ago % ok  3 years ago % ----------------------------------------------------------------------  \section{\label{background:checksums}Protocol Checksums}  3 years ago One challenge for translating IPv6 to IPv4 are checksums of higher level  3 years ago protocols like TCP and UDP that incorporate information from the lower  level protocols. The pseudo header for upper layer protocols for  3 years ago IPv6 is defined in RFC2460~\cite{rfc2460} and shown in figure  3 years ago \ref{fig:ipv6pseudoheader}, the IPv4 pseudo header for TCP and UDP are  defined in RFC768 and RFC793 and are shown in \ref{fig:ipv4pseudoheader}.  \begin{figure}[htbp]  3 years ago \begin{verbatim}  3 years ago +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  | |  + +  | |  + Source Address +  | |  + +  | |  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  | |  + +  | |  + Destination Address +  | |  + +  | |  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  | Upper-Layer Packet Length |  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  | zero | Next Header |  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  3 years ago \end{verbatim}   \centering   \caption{IPv6 Pseudo Header}   \label{fig:ipv6pseudoheader}  \end{figure}  When translating, the checksum fields in the higher protocols need to be  3 years ago adjusted. The checksums for TCP and UDP are calculated not only over the pseudo  3 years ago headers, but also contain the payload of the packet. This is  3 years ago important because some targets (like the NetFPGA) do not allow  accessing the payload (see section \ref{design:netpfga}).  \begin{figure}[htbp]  3 years ago \begin{verbatim}  3 years ago  0 7 8 15 16 23 24 31   +--------+--------+--------+--------+   | source address |   +--------+--------+--------+--------+   | destination address |   +--------+--------+--------+--------+   | zero |protocol| TCP/UDP length |   +--------+--------+--------+--------+  3 years ago \end{verbatim}  3 years ago  \centering    3 years ago  \caption{IPv4 Pseudo Header}   \label{fig:ipv4pseudoheader}  \end{figure}  3 years ago The checksums for IPv4, TCP, UDP and ICMP6 are all based on the  Internet Checksum''~\cite{rfc791},~\cite{rfc1071}.  Its calculation can be summarised as follows:  \begin{quote}   The checksum field is the 16-bit one's complement of the one's   complement sum of all 16-bit words in the header. For purposes of   computing the checksum, the value of the checksum field   is zero.\footnote{Quote from Wikipedia~\cite{wikipedia:_ipv4}.}.  \end{quote}    3 years ago % ----------------------------------------------------------------------  \section{\label{background:networkdesign}Network Designs}  In relation to IPv6 and IPv4, there are in general three different  network designs possible:  3 years ago The oldest form are IPv4 only networks.  3 years ago These networks consist of  hosts that are either not configured for IPv6 or are even technically  incapable of enabling the IPv6 protocol. These nodes are connected to  an IPv4 router that is connected to the Internet. That router might be  capable of translating IPv4 to IPv6 and vice versa.  3 years ago   3 years ago With the introduction of IPv6, hosts can have a separate IP stack  3 years ago active and in that configuration hosts are called dualstack hosts''.  3 years ago Dualstack hosts are capable of reaching both IPv6 and IPv4 hosts  3 years ago directly without the need of any translation mechanism.    3 years ago The last possible network design is based on IPv6 only hosts.  3 years ago While it is technically easy to disable IPv4,  completely removing the IPv4 stack in current operating  3 years ago systems is not an easy task~\cite{ungleich:_ipv4}.  3 years ago %% \begin{figure}[h]  %% \includegraphics[scale=0.5]{v6only}  %% \centering  %% \caption{IPv6 only network}  %% \label{fig:v6onlynet}  %% \end{figure}  3 years ago While the three network designs look similar, there are significant  differences in operating them and limitations that are not easy to  3 years ago circumvent. In the following sections, we describe the limitations and  3 years ago explain how a translation mechanism like our NAT64 implementation  3 years ago should be deployed.  % ----------------------------------------------------------------------  3 years ago \subsection{\label{background:networkdesign:ipv4}IPv4 Only Network Limitations}  3 years ago As shown in figures \ref{fig:ipv4header} and \ref{fig:ipv6header}  the IPv4 address size is 32 bit, while the IPv6 address size is 128  bit.  Without an extension to the address space, there is no protocol independent  3 years ago mapping of IPv4 address to IPv6\footnote{See section   \ref{background:ip}.} that can cover the whole IPv6 address space.  Thus IPv4 only hosts can  3 years ago never address every host in the IPv6 Internet. While protocol  dependent translations can try to minimise the impact, accessing all  3 years ago IPv6 addresses independent of the protocol is not possible.  3 years ago % ok  3 years ago % ----------------------------------------------------------------------  3 years ago \subsection{\label{background:networkdesign:dualstack}Dualstack Network   Maintenance}  3 years ago While dualstack hosts can address any host in either IPv6 or IPv4  networks, the deployment of dualstack hosts comes with a major  3 years ago disadvantage: all network configurations double. The required routing  3 years ago tables double, the firewall rules roughly double\footnote{The rule sets  3 years ago  even for identical policies in IPv6 and IPv4 networks are not   identical, but similar. For this reason we state that roughly double   the amount of firewall rules are required for the same policy to be  3 years ago  applied.} and the number of network supporting systems, (like DHCPv4,  3 years ago DHCPv6, router advertisement daemons, etc.) also roughly double.  3 years ago Additionally, services that run on either IPv6 or IPv4 might need to be  3 years ago configured to run in dualstack mode as well and not every software  might be capable of that.  So while there is the instant benefit of not requiring any transition mechanism  or translation method, we argue that the added complexity (and thus  operational cost) of running dual stack networks can be significant.  % ----------------------------------------------------------------------  3 years ago \subsection{\label{background:networkdesign:v6only}IPv6 Only Networks}  3 years ago IPv6 only networks are in our opinion the best choice for long term  3 years ago deployments. Our reasons for this are the following: First of all hosts  3 years ago eventually will need to support IPv6 and secondly  3 years ago IPv6 hosts can address the whole 32 bit IPv4 Internet mapped in  3 years ago a single /96 IPv6 network. IPv6 only networks also allow the operators  to focus on one IP stack.  3 years ago % ----------------------------------------------------------------------  \section{\label{background:netfpga}NetFPGA}  \begin{figure}[htbp]  3 years ago  \includegraphics[scale=0.4]{sumeboard}   \centering   \caption{NetFPGA Board~\cite{zilberman:_netfp_sume}}  3 years ago  \label{fig:netfpga}  \end{figure}  The NetFPGA~\cite{zilberman:_netfp_sume}  is an FPGA card featuring four 10 Gbit/s SFP+ ports. It  includes the Xilinx Virtex-7 690T FPGA on board, 27 MB of storage,  3 years ago to save table data, and 8 GB of DDR3 RAM. The NetFPGA can be  3 years ago run inside a host (connected by PCI-E, gen 3) or as a standalone  card.    It can be used as a traditional'' FPGA, with the focus on designing  the logic. However, the NetFPGA also supports the P4 programming  language~\cite{netfpga:_p4_netpf_public_github} and thus abstracts  away the low level logic by providing a higher level interface.  For the purpose of this thesis we treat the NetFPGA as a standard P4  target, similar to other available P4  targets~\cite{networks:_tofin},  ~\cite{networks:_tofin1},  ~\cite{networks:_arist_series}. In particular, we treat the NetFPGA as a  P4 capable, four port 10 Gbit/s network switch that allows us to  process packets at line speed.  % ok