| Internet-Draft | 5G IPv6-only Deployment Considerations | August 2025 |
| Ma & Xie | Expires 2 March 2026 | [Page] |
This document describes the approach of gradually deploying 464XLAT based IPv6-only technology on user plane in 3GPP 5G networks. It also discusses the challenges and potential solutions.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 2 March 2026.¶
Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Currently, IPv6 has been widely in mobile networks of operators worldwide, and it has even gained the dominant position from the perspective of traffic. However, IPv4 applications still exist in the network, and the support for IPv4 services must still be considered to guarantee the users’ experience. Furthermore, operators have begun experimenting with deploying IPv6-only approach in their mobile networks.¶
The 5G system is defined in the 3GPP standards organization. In the 5G system architecture, the session related to the endpoint's access to the internet is called the Packet Data Unit (PDU) session, and its type determines the IP protocol used for user access. In the 5G standards, the PDU session supports both IPv6 and IPv4 protocols, and it also provides policies to ensure that user equipment (UE) can access the internet. When a UE only supports the IPv4 protocol while the network supports dual-stack (IPv4 and IPv6), the network will provide an IPv4 protocol stack configuration for the UE. Accordingly, for UE only supporting IPv6,the network will provide an IPv6 protocol stack configuration for the UE. Additionally, there are policy configuration schemes related to static addresses and other aspects, but It does not specify the requirements related to IPv6-only technology.¶
There are several IPv6-only transition technologies described in [RFC9313] . Most existing deployments utilize 464XLAT technology in cellular network. This document describes the architecture for deploying 464XLAT based IPv6-only technology on user plane in 3GPP 5G system. Based on the field trail, this document also discusses the major issues encountered and potential solutions to address them.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14[RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
The following terms are defined in this document:¶
464XLAT: IPv6-Only Transition Mechanism (IPv6-to-IPv4 Translation)¶
5GC: 5G Core¶
5GS: 5G System¶
AMF: Access and Mobility Management Function¶
CLAT: CLAT is customer-side translator (XLAT) that compiles with [RFC6146]¶
PLAT: PLAT is provider-side translator (XLAT) that compiles with [RFC7915]¶
PDU:Protocol Data Unit¶
IMEI: International Mobile Equipment Identity¶
SMF:Session Management Function¶
UE: User Equipment, e.g., mobile phone.¶
LBO:Local Break Out¶
Examples of 5GS IPv6-only architectures on user plane are shown in the figures in the following sections. In production 5GS network, there is roaming behavior which specifies where the PDU session anchor and its controlling SMF are located in. That decides whether UE’s PDU sessions get IP configuration and access the Internet from home 5GS network or visited 5GS network. Regarding roaming, 5GS contains three scenarios including non-roaming, roaming with home routed, and roaming with local break out.¶
Based on wireless 3GPP network architecture defined in [RFC6877], the non-roaming network architecture is depicted as figure 1. When a mobile network operator run only a 5GC, there is just non-roaming network scenario. In this csae, the CLAT function is deployed on the UE, while the PLAT/stateful NAT64 function and DNS64 function are deployed on the network side.¶
+-------+ +------------+ _________
|UE | |5GC | / \
|+----+ | | +-----+ | / \
||CLAT| +--+--+UPF +---+---+ Internet |
|+----+ | | +-----+ | \ /
+-------+ +---/-----\--+ +--------+
/ \
+------+ +------+
|NAT64 | |DNS64 |
+------+ +------+¶
Generally, large mobile operators run multiple 5GCs divided by administrative divisions or other geographical methods. The roaming network scenario with home routed is shown in figure 2. In this case, UEs acquire IP network configuration and access the Internet in their home 5GS network. The IP address allocation strategy and traffic exit interface are decided by their home 5GC. The CLAT function is deployed on the UE, while the PLAT/stateful NAT64 function and DNS64 function are deployed on the home network.¶
The roaming network scenario with LBO is shown in figure 3. In this case, UEs get IP network configuration and access the Internet in the visited network. The CLAT function is deployed on the UE, while the PLAT/stateful NAT64 function and DNS64 function are deployed on the visited network. Home network also need to support NAT64 and DNS64 when UE is in the non-roaming case.¶
The following table 1 summarizes 5GC's network capabilities where the mobile network shall have to provide IPv6-only connectivity service.¶
+------------------+-----+-------------+---------------+ |Scenario |UE |Home Network |Visited Network| +------------------+-----+-------------+---------------+ |Non-roaming |CLAT |NAT64 DNS64 | | +------------------+-----+-------------+---------------+ |Roaming with Local|CLAT |NAT64 DNS64 |NAT64 DNS64 | |Breakout | | | | +------------------+-----+-------------+---------------+ |Roaming with Home |CLAT |NAT64 DNS64 | | |Routed | | | | +------------------+-----+-------------+---------------+ Table 1. Network Capabilities for IPv6-only 5G Scenarios¶
Based on our practices, for large-size mobile network operators, it’s very difficult for operators to deploy IPv6-only capabilities across the whole network at once. There is a transition period that the IPv6-only capability is deployed gradually. This section identifies the major challenges when applying 464XLAT in a production network.¶
In the scenario where 5GC A supports IPv6-only capability while 5GC B doesn’t. When UE A from 5GC A roams to 5GC B, it only obtains IPv6 configuration and accesses Internet according to the local breakout roaming policy. In this case, the access to IPv4 Internet may fail due to 5GC B lacks NAT64 and DNS64 capabilities.¶
Regarding UE challenge, a significant number of terminals have not enabled CLAT functionality. The vast majority of Android terminals support and have enabled the CLAT functionality. Most new terminals like smart watch do not support this feature. Moreover, Apple's iOS in China does not enable CLAT functionality.¶
When IPv6-only users access IPv4 sites, the actual address they reach is generated by the DNS64 server, which combines a special IPv6 prefix with the IPv4 site address to form an IPv6 address. Existing layer 3&layer 4 content billing rules based on IPv4 addresses will no longer be effective and will need to be adjusted to accommodate the IPv6 addresses formed by DNS64.¶
After enabling the DNS64 functionality, there is an increase in the processing load due to the additional handling of IPv6 queries and the DNS64 conversion, which consumes some device performance. The extent of this performance demand increase depends on the scale of IPv6 queries. In a 5G network, once the DNS64 functionality is enabled, DNS resolution requests from both IPv6-only and dual-stack users will be processed by the DNS64 server. Even IPv4 resolution requests from dual-stack users will be treated as if they were from IPv6-only users, which place a significant load pressure on the DNS server. This may futher impact the service logic of the existing dual-stack users.¶
One solution is to enhance the core network's capability to configure IP addresses and DNS server addresses based on IMEI number ranges. The IMEI is a unique sequence of 14 to 15 digits assigned to each mobile phone. It serves as a device identification number, enabling service providers to recognize the phone within the network. The primary purpose of the IMEI is to uniquely identify each device, allowing the network to determine whether the UE supports CLAT functionality. By configuring a whitelist of IMEIs that support CLAT functionality in the network, the network can assign an IPv6-only environment to UEs listed in the whitelist.¶
One possible solution is to use the option108 [RFC 8925] [RFC8925]method, allowing UEs to choose whether to join the IPv6-only network. Additionally, a method for configuring DNS64 server addresses needs to be considered. However, in practical deployments, core network support for DHCPv4 functionality is optional and may not be applicable to all networks.¶
Another possible solution is to transmit PREF64 and DNS64 address information through the RA option. In 5G systems, RA is used to advertise IPv6 prefixes in SLAAC, which is a mandatory functionality. Transmitting this information through RA is also a logical approach. Currently, the IETF has produced two RFCs, namely [RFC 8106][RFC8106] and [RFC 8781][RFC8781]. In practical implementations, the mobile core network supporting IPv6-only environments (IPv6-only mode) should include these two options in the RA messages. Upon receiving this message, the UE can abandon the IPv4 interface and operate in IPv6-only mode. In this solution, the core network does not need to be aware of the final protocol stack configuration used by the UE.¶
This section specifies a method for advertising PREF64 (NAT64 prefix) and DNS64 configuration to hosts by combining PREF64 RA Option and DNS64 RA Option.¶
The mechanism relies on the presence of two distinct Router Advertisement options:¶
1. PREF64 Option: Carries the IPv6 prefix used by the network's NAT64 gateway for IPv4/IPv6 protocol translation. The format, semantics, and processing rules for this option are defined in [RFC8781].¶
2. DNS64 Option: Carries the IPv6 address(es) of DNS64 servers capable of synthesizing AAAA records from A records. The format and semantics of this option are defined in RFC 8781[RFC8781] and [I-D.ma-6man-ra-dns64-flag].¶
A router (e.g., a 5G User Plane Function (UPF), a broadband gateway, or a network router) MUST include both options in its Router Advertisements to fully enable IPv6-only with NAT64/DNS64 functionality on the link.¶
Upon receiving a Router Advertisement message containing both a valid PREF64 Option and a valid DNS64 Option, a host supporting this specification SHOULD:¶
1. Process the PREF64 Option. This involves:¶
Extracting the NAT64 prefix and its length.¶
Calculating the validity of the prefix.¶
Installing the prefix in its local policy table to be used for detecting synthesized IPv6 addresses.¶
2. Process the DNS64 Option as follows:¶
Extract the DNS64 server addresses and their Lifetime. Add these addresses to its list of available recursive DNS resolvers, marking them with a special attribute indicating DNS64 capability.¶
Prefer DNS64 servers for resolution. The host MAY prioritize these DNS64 servers over other configured DNS servers (e.g., those learned via DHCPv6 or the RDNSS option) to ensure synthesis occurs.¶
3. Resolution and Communication:¶
When an application requires name resolution, the host queries the DNS64 server for a AAAA record.¶
If the DNS64 server returns a synthetic AAAA record (constructed by embedding the IPv4 address from the authoritative A record into the advertised PREF64 prefix), the host will initiate communication using this IPv6 address.¶
Traffic destined for this synthesized IPv6 address will be routed to the network's NAT64 gateway, which will perform the necessary protocol translation to reach the target IPv4-only server.¶
A host MAY use heuristics to discover a NAT64 prefix if only the DNS64 Option is present, as defined in RFC 7050. However, the explicit signaling via the PREF64 Option is the preferred and more reliable method.¶
A router configured to support IPv6-only with NAT64 MUST:¶
1. Generate periodic and solicited Router Advertisements that include both the PREF64 Option and the DNS64 Option.¶
2. PREF64 Option Configuration: Populate the PREF64 Option with the correct prefix, prefix length, and lifetime as per network policy and RFC 8781.¶
3. DNS64 Option Configuration: Populate the DNS64 Option with the IPv6 address(es) of the network's DNS64 servers and a valid Lifetime.¶
4. Ensure the lifetime values for both options are aligned to provide a consistent user experience. It is generally advisable to set similar lifetimes for both the NAT64 prefix and the DNS64 servers.¶
Hosts that do not support the DNS64 Option will ignore it as specified in RFC 4861. They may rely on other methods (e.g., DHCPv6, RDNSS) to discover DNS servers, but may not achieve full IPv6-only functionality without manual configuration.¶
This method coexists with the DHCPv6-based method for conveying DNS64 server information. If a host receives both, the source of truth is implementation-specific. It is RECOMMENDED that network administrators ensure consistent configuration across all discovery mechanisms.¶
The DNS64 Option is distinct from the RDNSS Option (RFC 8106). A router MAY include both an RDNSS Option (pointing to standard DNS servers) and a DNS64 Option (pointing to DNS64 servers). A host that understands the DNS64 Option can then distinguish between servers that perform synthesis and those that do not.¶
To implement PREF64 RA Options, see the security sonsiderations presented in Section 7 of [RFC8781]¶
To implement DNS64 RA Options, see the security sonsiderations presented in Section 7 of [RFC8106]¶
This document doesn't introduce any IANA considerations.¶
The comments and suggestions of the following are gratefully acknowledged:¶