The third in a collection of blogs all through 2025 highlighting the state of IPv6 throughout the business, finest practices to contemplate, and the way Cisco helps clients on their journeys with its services.
The IPv6 transition has been underway for practically 30 years, with IPv6 visitors on the Web now surpassing 50% by all measures [1]. Most purposes and community stacks now favor IPv6 by default, and because of applied sciences like Completely happy Eyeballs [2], finish customers in a dual-stack atmosphere not often discover if IPv6 fails over to IPv4. Luckily, that failure situation is changing into much less frequent because the robustness of the IPv6 Web improves and end-user networks are deployed with nice confidence.
Two Broad Levels
The journey to IPv6 usually happens in two broad phases: first, by transferring from IPv4-only to a dual-stack world, the place we activate IPv6 and run each protocols concurrently; after which step by step retiring IPv4. Conventional dual-stack deployments are sometimes accomplished in what is usually known as the “Inside Out” methodology, the place the core of the community shall be dual-stacked first. As soon as routing and operational expertise are established within the community infrastructure and all the things else is in place (see under), edge entry switches and APs will lastly allow IPv6 on their user-facing segments, offering end-users with IPv6 connectivity. Later, the transition from dual-stack to IPv6-only happens in roughly the reverse order. 
Web Edge and Knowledge Facilities
Earlier than we are able to dual-stack our customers, we should dual-stack our Web Edge with help from our safety group (who ought to be concerned from the beginning!). As soon as the Web Edge helps IPv6, focus shifts to the Knowledge Facilities; dual-stacking the servers permits us to start verifying software entry over IPv6 whereas most customers proceed to make the most of IPv4 (with particular take a look at customers being dual-stacked). The community group and assist desk ought to be dual-stacked to allow them to begin experiencing the transition firsthand. (On a associated notice, finally all management-plane features of community operations can transfer to IPv6-only whereas the data-plane stays dual-stacked). Subsequent the DMZ may be transitioned and DNS entries offered to construct an Web presence with IPv6. And at last, IPv6 may be deployed to user-facing VLANs.
NetFlow and Visitors Monitoring
Ideally, 100% of our inner purposes shall be IPv6 enabled and most well-liked. NetFlow assortment of inner visitors helps monitor this, shortly figuring out legacy purposes for remediation (by way of upgrades, replacements, or front-ending with dual-stacked gadgets). The aim is for the one remaining IPv4 visitors on the community to be sure to the Web. NetFlow ought to present that Web-bound IPv6 visitors is steadily rising as different organizations full their personal IPv6 transition.
DNS64 and NAT64
As soon as the dual-stack transition is full and any brokenness hidden by Completely happy Eyeballs has been proactively recognized and glued, it’s time to incrementally take away IPv4 from the community. Luckily, the requirements our bodies have outlined NAT64 [3] and DNS64 [4] for simply this use case. These complementary applied sciences permit an IPv6-only consumer to achieve IPv4-only content material, allowing using IPv6 as the one protocol throughout the community [5]. Whereas DNS64 and NAT64 could also be deployed earlier than totally eradicating IPv4 to realize familiarity and expertise, the true magic occurs as soon as IPv4 is gone.
IPv6-mostly and CLAT
With dual-stack and NAT64 in place, the subsequent step is transferring to an IPv6-mostly deployment, a brand new paradigm constructed on a set of applied sciences [6][7] that gives a neater glide path to an IPv6-only future. In IPv6-mostly, the consumer working system gives its personal IPv4-to-IPv6 translator referred to as a CLAT (customer-side translator) for purposes that also have IPv4 dependencies. Whether or not the vacation spot is IPv4-only or the appliance code makes use of embedded IPv4 literals, this visitors is translated into IPv6 packets throughout the IPv6-only enterprise community, after which again to IPv4 on the edge by way of NAT64. Purchasers are signaled to make the most of IPv6-mostly on dual-stack entry segments by way of DHCP Choice 108, a DHCPv4 possibility that tells the consumer it’s secure to forgo an IPv4 handle and run solely IPv6. As a result of IPv4 continues to be being provided, an IPv6-mostly community continues to service purchasers that don’t help native translation by way of CLAT. Now purchasers can select the protocol to make use of primarily based on their capabilities, somewhat than being compelled by the community.
IPv6-only Future
As we proceed to observe community visitors with NetFlow, we should always anticipate to see IPv6 visitors proceed to steadily enhance and finally we validate there isn’t any longer any utilization of IPv4 on sure person VLANs. That’s the time to take away IPv4 from these community segments. As extra IPv4 is turned off, it may also be faraway from the community infrastructure tools. Sooner or later, within the hopefully not-to-distant future, 100% IPv6 utilization shall be seen on the Web Edge and within the DMZ. Till then, NAT64, DNS64 and CLAT will proceed to serve us properly.
References
[1] https://blogs.cisco.com/industries/ipv6-in-2025-where-are-we
[2] https://datatracker.ietf.org/doc/html/rfc8305
[3] https://datatracker.ietf.org/doc/html/rfc6146
[4] https://datatracker.ietf.org/doc/html/rfc6147
[5] https://www.youtube.com/watch?v=_GkynY809eg
