Dual-Stack Lite (DS-Lite) IPv6 Transition Technology – CGNAT, AFTR, B4 and Softwire

Dual-Stack Lite

About Dual-Stack Lite

Dual Stack Lite (DS-Lite) is an IPv6 transition technology for ISPs with IPv6 infrastructure to connect their IPv4 subscribers to the Internet. It give the advantage to ISP’s to enable communication between two different stack protocols called IPv6 over IPv4.

Dual-stack lite enables Internet service providers to move to an IPv6 network many ISPs have started transitioning to IPv6 infrastructure. But during the transition, ISPs must continue to support IPv4 along with IPv6, because lots of area of public internet still using only IPv4, and many subscribers do not support IPv6.

Dual-stack lite is a preferred transition method moving from IPv4 to IPv6 Network.DS-Lite technology allows Internet service providers to move seamlessly internet users to an IPv6 network without changing end-user software and hardware. All the Operating Systems (Windows, MAC OS, and Linux) for any workstation or server platforms to be configured dual-stack IP addressing by default.

Internet service providers (ISP’s) are forced to transition from IPv4 to IPv6 communication with help dual stack technology. Dual stack solution enable capability of IP transition at ISP devices such as networking device, server, switch, router and firewall and  ISP’s provided network achieve both IPv4 and IPv6 stack connectivity capabilities and allows ISPs to process IPv4 and IPv6 data traffic simultaneously.

Here’s an example of the difference between the two formats:


Sample IPv4 address:
Sample IPv6 address: 2006:0578:D4532:4567:73DA:BDFC:0123:1758

One significant problem is that the two IP address formats aren’t compatible and total conversion to IPv6 is a way off.

Dual Stack Lite Insight

DS-Lite uses IPv4-in-IPv6 tunneling to send a subscriber’s IPv4 packet through a tunnel on the IPv6 access network to the ISP. The IPv6 packet is encapsulating/decapsulated to recover the subscriber’s IPv4 packet and is then sent to the Internet after NAT address and port translation and other LSN related processing. The response packets traverse through the same path to the subscriber.

With Dual stack Lite ISP’s built IPv6 network only between the providers and  allow customer to carry IPv4 packet across the Internet. Entire transition process from IPv4 to IPv6 managed by ISP side Network equipment’s.

The DS-Lite supported home gateway (CPE) is configured with an IPv6 address on its WAN interface (Internet facing interface). At the LAN-side interface, the Home Gateway (CPE) run its own DHCP server, managing RFC1918 private IPv4 addresses and assign to home devices for internet access.

With DS-lite provider CPE does not perform any type of NAT network address translation. NAT functionally at located service provider’s network on a CGN/CGNAT “Carrier-Grade NAT Device”.  Carrier-grade NAT element located deep within the ISP network is called Address Family Transition Router (AFTR).

In DS-Lite terminology, a CPE performing IPv4 to IPv4-over-IPv6 encapsulation is called the Basic Bridging Broadband (B4) element. The IPv4 packet from the home device to an external destination is encapsulated in an IPv6 packet by the CPE and transported into the provider network.

When service providers want to migrate their core network to IPv6, they need to ensure that existing IPv4 users continue to get access to IPv4 internet as before.

Following sequence describes the connection establishment process using DS Lite:

  • Matches the IPv4 destination address and port for the packet to a specific customer based on the IPv6 address in the mapping table.
  • Maps the packet’s IPv4 destination address and port to the IPv4 destination address and port inside the subscriber network.
  • Encapsulates the IPv4 packet in an IPv6 packet using the mapped IPv6 address as the IPv6 destination address.
  • Forwards the packet to the customer.

Dual-Stack Lite Component’s

The Dual-Stack Lite architecture for an ISP consists of the following components:

Carrier-Grade NAT Device (CGN)

Network Address Translation (NAT) is a popular IP translation technology has been used for a long time and by universally supporting in all type’s firewalls, router and gateways.

Carrier Grade NAT (CGN/CGNAT), also known as Large Scale NAT (LSN) is now becoming the new standard to that enables service providers to successfully migrate to IPv6 while continuing to support and interoperate with existing IPv4 devices and content.

CGNAT offers service providers tunneling solutions with Dual-Stack Lite capabilities as well as native network address translation solutions, such as NAT44 and NAT64. CGNAT is a way of solving the problem of the limited supply of IP addresses available in IPv4’s 32-bit address space. It provides carrier-grade scalability by offering a very high number of IP address translations, very fast NAT translation setup rates and high throughput.

Basic Bridging Broadband (B4)

Basic Bridging broadband, or B4, is a device or component that resides in the subscriber premises. Typically, B4 is a component in the CPE devices in the subscriber premises.  

IPv4 subscribers are connected to the IPv6-only ISP access network through the CPE device containing the B4 component. The main function of the B4 is to initiate an IPv6 tunnel between B4 and an address family transition router (AFTR) in order to send or receive subscriber IPv4 request or response packets over the tunnel.  

B4 includes an IPv6 address known as the B4 tunnel endpoint address. B4 uses this address to source IPv6 packets to AFTR and receive packets from AFTR.

Address family transition router (AFTR) 

AFTR is a device or component residing in the ISP’s core network. AFTR terminates the IPv6 tunnel from the B4 device. In other words, the IPv6 tunnel is formed between B4 in the subscriber premise and AFTR in ISP core network.

AFTR decapsulates IPv6 packets received from B4 to recover the subscribers’ original IPv4 packets.  AFTR sends the IPv4 packets to the LSN device or component. LSN routes the IPv4 packets to their destination after performing NAT address and port translation (NAT 44) and other LSN related processing. 

AFTR includes an IPv6 address known as the AFTR tunnel endpoint address. AFTR uses this address to source IPv6 packets to B4 and receive IPv6 packets from B4. The NetScaler appliance implements the AFTR component.


The IPv6 tunnel created between B4 and AFTR is called a softwire.

When a user’s device sends an IPv4 packet to an external destination, DS-Lite encapsulates the IPv4 packet in an IPv6 packet for transport into the provider network. These IPv4-in-IPv6 tunnels are called softwires. Tunneling IPv4 over IPv6 is simpler than translation and eliminates performance and redundancy concerns.

The softwires terminate in a softwire concentrator at some point in the service provider network, which decapsulates the IPv4 packets and sends them through a carrier-grade Network Address Translation (NAT) device. There, the packets undergo source NAT processing to hide the original source address.

Author: Ronnie Singh

Your Feedback is Valuable for us. Pls do comments.