What is IPv6?
IPv6 use in the public cloud is increasing quickly, for a variety of reasons, including compliance requirements, the exhaustion of IPv4 addresses, and the requirement to connect to IPv6-only customers on the internet. In the meanwhile, businesses also wish to use IPv6 to link cloud-based programmes back to on-site programmes. Building on the already-available Dedicated Interconnect and HA-VPN hybrid connection options, Google Cloud is pleased to announce today a significant expansion of Google Cloud IPv6 Hybrid connection portfolio.
The following are new offerings in IPv6 Hybrid Connectivity:
IPv6 BGP sessions
- IPv6 Partner Interconnect
- HA-VPN limited to IPv6
Before these new functionalities became available, an underlying IPv4 BGP session could be used to route IPv6 traffic over Dedicated Interconnect and HA-VPN hybrid connectivity options.
Google Cloud latest IPv6 Hybrid Connectivity portfolio enhancements meet these needs in the following ways:
Ipv6 address
- Customers will no longer need to rely on an IPv4 BGP peering device to advertise and receive IPv6 prefixes between Cloud Router and the remote BGP peering device thanks to IPv6 BGP Sessions, which enable customers to exchange IPv6 prefixes over underlying IPv6 BGP sessions.
- Customers will be able to use layer 2 or layer 3 partner interconnect attachments to create a connection between their on-premises networks and Google Cloud VPC networks thanks to Partner Interconnect IPv6.
- Customers can utilise IPv6 addressing for both the inner and outer IP addresses of the IPSEC VPN tunnels between their Google Cloud VPN gateways and peer VPN gateways by utilising IPv6-only HA-VPN.
For businesses implementing 5G apps, AI/ML applications, serverless and container-based cloud services, and cloud-native workloads that need to be able to integrate workloads between on-premises and public cloud environments, these additional capabilities are essential.
Let’s now talk about how to connect your IPv6 workloads on-premises to IPv6 workloads on your Google Cloud VPC networks using these methods.
IPv6 BGP sessions
Until now, IPv6 prefixes were transferred over IPv4 MP-BGP sessions by designating the IPv6 address as the next-hop, which in turn exchanged v6 prefixes over them.
In order to enable IPv6 over an IPv4 BGP connection, the BGP session had to be renegotiated with the additional protocol (IPv6). Resetting the BGP session was necessary as a result, which would have affected IPv4 traffic that was already flowing via the VPN tunnel or underlying interconnect link. Furthermore, to override the next-hop field for the exported IPv6 prefixes, further setup was required on the on-premises router.
A parallel BGP session is formed across the same Interconnect VLAN attachment or VPN tunnel upon the initiation of IPv6 BGP sessions. It is no longer necessary to add IPv6 as a second protocol to the current IPv4 BGP session because the new BGP session automatically allocates the IPv6 next-hop. This eliminates the need to manage route maps on the on-premises router and reset the BGP session in order to override the next hops when exporting IPv6 routes. IPv6 BGP sessions are compatible with HA-VPN, Partner Interconnect, and Dedicated Interconnect.
There is no effect on current traffic when switching from an IPv4-only attachment to a dual-stack IPv6 attachment type. For further information on the effects of changing the IP stack type of VLAN attachments, see Modify Stack Type. An IPv6 /125 prefix is also automatically assigned to the attachment in this phase.
IPv6 Partner Interconnect
IPv6 is now supported by Partner Interconnect for Layer 2 and Layer 3 Partner Interconnect attachments. Establishing dual-stack Partner Interconnect attachments causes the underlying Partner Interconnect attachment to automatically provision distinct IPv4 and IPv6 BGP sessions. Prefixes for IPv4 and IPv6 are exchanged across IPv4 and IPv6, respectively, during BGP sessions. During this operation, Google Cloud automatically assigns the Partner Interconnect attachment a Google-owned /125 address range.
A dual-stack IPv6 Partner Interconnect attachment can be created from scratch, or an existing Partner Interconnect attachment can be converted to a dual-stack IPv6 attachment.
In the case of Layer 2 providers, this automatically creates two BGP sessions in the related Cloud Router, one for each IP version. These sessions should be configured independently with the peer’s ASN. The partner configures Layer 3 attachments with a peer ASN, so no further action is needed.
HA-VPN limited to IPv6
Up until now, internet-routable IPv4 addresses, sometimes referred to as outer IP addresses, have been used to negotiate and terminate IPv6 traffic over pre-existing IPSec tunnels using HA-VPN.
Google Cloud now support IPv6 addressing for both the inner and outer IP addresses of the IPSec tunnel between Google Cloud and peer VPN gateways using Google Cloud HA-VPN, thanks to the release of IPv6-only HA-VPN. This functionality also includes IPv6 HA-VPN connections between two Google Cloud VPCs.
To convert an IPv4 HA-VPN gateway to an IPv6 HA-VPN gateway, follow the steps outlined in the IPv6 HA-VPN migration guide.
Taking into Account
There are new ways to implement IPv6 on your on-premises networks thanks to the new IPv6 hybrid services. To make the most of these new possibilities, take into consideration the following general suggestions:
- Select IPv6 BGP sessions over MP-BGP sessions wherever possible. With IPv6 prefix exchange enabled on these sessions, this eliminates the need to restart IPv4 BGP sessions and streamlines route management.
- Remember that Cloud Router’s default advertisement mode only broadcasts IPv6 internal subnets (–ipv6-access-type=INTERNAL). Any IPv6 prefix can still be advertised using custom ads.
- Similar to IPv4 subnet ranges, peering subnet IPv6 ranges are not disclosed by Cloud Router in default mode. Regardless of the ipv6-access-type, use bespoke advertising for all peered IPv6 subnet ranges.
- Utilise IPv6-only HA-VPN (both outer and inner IPv6 addresses) while utilising HA-VPN to optimise interoperability with your on-premises networking hardware.
- The way firewall rules operate on IPv4 and IPv6 is the same. Make sure that the firewall policies and regulations you currently have in place for your VPC firewall align with any newly announced IPv6 ranges from your on-premises networks, if any.
Google Cloud discussed the various hybrid connectivity options in this post, which you can use to link your on-premises IPv6 workloads to Google Cloud IPv6 workloads. These options include the recently released IPv6 BGP Sessions, Partner Interconnect IPv6, IPv6-only HA-VPN, and the previously launched Dedicated Interconnect IPv6.
IPv6 compressor
Address compression is a technique used in Internet Protocol Version 6 (IPv6) networks to optimise the encoding of long IPv6 addresses. Due to the fact that IPv6 addresses are much larger (128 bits as opposed to 32 bits for IPv4), compression techniques provide a number of advantages, including:
Decreased Transmission Overhead
Less bits must be communicated when redundant sequences within an address are compressed, which speeds up communication and increases network efficiency especially over connections with limited bandwidth.
Improved Readability
When working with extensive network configurations, condensed addresses are frequently simpler for people to comprehend and handle.
Important Compression Characteristics
Stateful Compression
This technique makes use of context data from addresses that have already been encountered on the same network path. Only the different piece has to be sent when a recently used address and a new address have the same prefix. This works especially well in situations where nearby devices on the same subnet frequently communicate with one another.
Stateless Compression
This method does not depend on preserving state (as discussed in earlier addresses). It takes advantage of the way IPv6 addresses are structured, with the first component usually identifying a wide network (like an area code in a phone number) and the second part identifying a particular host within that network. Stateless compression can use a shorter identifier to represent the network prefix, and then the host part.
Flags for IPv6 Header and Compression
The “Next Header” element in the IPv6 header designates the kind of payload that comes after the header. The “Optimises Header” bit in this field is another flag that is set when compression is used to alert the recipient that the address has been compressed.
Typical Compression Mechanisms
6to4 Tunnelling: This method wraps IPv6 compressor for transmission across IPv4 networks inside IPv4 packets. To conserve size, compression might be used inside the encapsulated IPv6 header.
Intra-Site Automatic Tunnel Addressing Protocol: IPv6 communication across IPv4 networks is made easier by the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), which tunnels IPv6 packets inside IPv4 packets. Compression is also possible inside the encapsulated IPv6 header, just like with 6to4.
Best Practices and Things to Think About
Compatibility: IPv6 compression may not be supported by all hardware and network protocols. Assure interoperability throughout your network architecture.
Security: Although compression can make communication easier, it’s important to keep strong security measures in place to avoid any vulnerabilities brought about by a reduction in address information.
Performance: Depending on the specifics of the implementation and the state of the network, compression may have different effects on performance. Consider the trade-offs between possible processing overhead and decreased overhead.
To sum up
An effective way to improve readability and network communication is through IPv6 address compression. Network admins can effectively use this strategy to create a more manageable and efficient IPv6 environment by being aware of its essential features, compression techniques, and implications.