Independent Researcher

nicolas.montero@usach.cl

Network Working Group IPv4 IPv6 Transition Gateway Translation This document specifies Unified Transition Overlay (UTO), a gateway-based IPv4/IPv6 translation proxy that enables communication between IPv4-only and IPv6-only hosts without packet encapsulation, new protocol headers, or changes to end-host network stacks. UTO operates exclusively at transition gateways that translate packets between IPv4 and IPv6 and update transport-layer checksums to preserve TCP and UDP correctness. Incremental checksum update is supported to reduce processing overhead. The underlying network remains purely IPv4 or purely IPv6, allowing UTO to be incrementally deployed using existing routing and forwarding infrastructure.

IPv4 and IPv6 continue to coexist at global scale. IPv4 is specified in , and IPv6 is specified in . Many environments remain single-stack at the edge (IPv4-only or IPv6-only), creating interoperability pressure between address families. Existing coexistence mechanisms often rely on translation and/or auxiliary behaviors such as DNS synthesis, including NAT64 () and 464XLAT (). Operational complexity and transport correctness (checksums) remain central engineering concerns. UTO defines a simplified gateway-based translation proxy model: a transition gateway rewrites the IP header between IPv4 and IPv6 and updates transport-layer checksums to preserve end-to-end transport correctness.

The continued coexistence of IPv4 and IPv6 has created operational environments in which many hosts are limited to a single IP version. IPv4-only enterprise networks and IPv6-only service deployments frequently require cross-version connectivity. UTO is motivated by reducing the amount of machinery required at the edge: no overlay header is introduced and no encapsulation is required. Instead, a gateway performs address-family translation and preserves transport integrity by explicitly updating TCP and UDP checksums. Goals of UTO include:

• Enable communication between IPv4-only and IPv6-only hosts.
• Avoid packet encapsulation and additional overlay headers.
• Preserve TCP/UDP correctness via checksum update.
• Allow incremental deployment using existing routing and forwarding.

UTO-Gateway (UGW)

A device that performs IPv4/IPv6 translation at administrative boundaries and updates transport-layer checksums as required.

Underlying Network

A forwarding domain that uses a single IP version (IPv4-only or IPv6-only).

Opposite-Version Traffic

Traffic whose destination resides in the opposite IP address family relative to the source host.

UTO is deployed at domain boundaries using UTO-Gateways (UGWs). The underlying network forwards only native IPv4 or native IPv6 packets. The UGW translates packets between IPv4 and IPv6 and updates TCP/UDP checksums before forwarding.

UGW (v4->v6 translation) ----> IPv6 Network ----> IPv6 Host IPv6 Host ----> UGW (v6->v4 translation) ----> IPv4 Network ----> IPv4 Host ]]>

UTO assumes that an endpoint discovers the appropriate gateway using standard mechanisms such as DNS resolution. DNS is used to locate the gateway (or gateway service) and does not require rewriting DNS records for destination addressing. Steering traffic to the UGW is deployment-specific and may be achieved through routing policy, anycast gateway addressing, or explicit administrative configuration.

This section describes gateway behavior for IPv4-to-IPv6 and IPv6-to-IPv4 transitions. Native same-version traffic MUST NOT be modified by UTO.

1. An IPv4-only host sends a native IPv4 packet.
2. The UGW identifies opposite-version traffic by policy.
3. The UGW translates the IPv4 header to an IPv6 header for the destination domain.
4. The UGW updates TCP/UDP checksums as required by the address change.
5. The IPv6 domain forwards the translated IPv6 packet to the IPv6 destination.

1. An IPv6-only host sends a native IPv6 packet.
2. The UGW identifies opposite-version traffic by policy.
3. The UGW translates the IPv6 header to an IPv4 header for the destination domain.
4. The UGW updates TCP/UDP checksums as required by the address change.
5. The IPv4 domain forwards the translated IPv4 packet to the IPv4 destination.

TCP () and UDP () include a pseudo-header that incorporates source and destination IP addresses. When a UGW translates between IPv4 and IPv6, the transport checksum becomes invalid unless updated. A UGW MUST update transport-layer checksums for TCP and UDP prior to forwarding translated packets. Implementations SHOULD use incremental checksum adjustment where applicable, as described in , to reduce processing overhead. For UDP, IPv6 requires a non-zero UDP checksum. When translating an IPv4 UDP packet with a zero checksum into IPv6, the UGW MUST compute and set a valid UDP checksum before forwarding.

UTO does not alter IPv4 or IPv6 security properties, but the UGW becomes a critical policy enforcement point.

• UGWs MUST validate translated addresses against authorized prefixes or policy.
• Administrators SHOULD restrict which hosts can initiate cross-version traffic.
• Administrators SHOULD apply ingress filtering on UGW interfaces to reduce spoofing.
• UGWs SHOULD be monitored and protected as critical infrastructure components.

This document makes no request of IANA.

The author would like to thank members of the operational community for feedback on gateway-based transition behavior and transport-layer correctness considerations.