6to4 Tunnel

Basic Concepts

• 6to4 network

  It is a special IPv6 network. The 6to4 network uses 6to4 addresses within the network and consists of at least one 6to4 host and one 6to4 routing device.

• Native IPv6 network

  Hosts and routing devices on the network are not assigned 6to4 addresses.

• 6to4 routing device

  It is a border device between the 6to4 network and the IPv4 network.

• 6to4 relay routing device

  It is a boarder device between the 6to4 network and the native IPv6 network.

• 6to4 address

  It is an IPv6 address with the 6to4 prefix.

6to4 Address Format

The format of the 6to4 address is as follows:

Figure 1 6to4 address format

As shown in Figure 1, the 6to4 address is expressed as 2002::/16, and a 6to4 network is expressed as 2002:IPv4 address::/48. The IPv4 address embedded in the IPv6 address is used to search for the destination of the 6to4 tunnel. The network prefix of a 6to4 address has 64 bits. The first 48 bits (2002:a.b.c.d) are decided by the IPv4 address of the routing device and cannot be changed. The last 16 bits are specified by users. In this manner, the border routing device can be connected to a set of networks with different network prefixes. Therefore, the 6to4 tunnel can be connected to IPv6 networks and delivers easy maintenance.

6to4 Tunnel

6to4 tunnels connect IPv6 islands over the IPv4 network. The 6to4 tunnel is implemented through the tunnel interface. The source IPv4 address of the tunnel is specified manually, and its destination IP address is determined by the packet forwarded by the tunnel. If the destination IP address of an IPv6 packet is a 6to4 address, the embedded IPv4 address serves as the destination address.

Figure 2 6to4 tunnel

As shown in Figure 2, when host A connects to host B, the processing procedures are as follows:

1. The IPv6 packet sent by host A arrives at FW_A.
2. FW_A searches the IPv6 forwarding table based on the destination IP address of the IPv6 packet and discovers that the outbound interface is the tunnel interface of the 6to4 automatic tunnel and the destination IP address is a 6to4 address. Then FW_A encapsulates the IPv6 packet into an IPv4 packet, whose destination IP address is the IPv4 address embedded in the 6to4 address and the source IP address is the source IPv4 address specified on the local tunnel interface.
3. The encapsulated packet is forwarded by FW_A from the source tunnel interface and routed to FW_B over the IPv4 network.
4. After receiving the IPv4 packet, FW_B decapsulates it, searches for the destination address in the decapsulated IPv6 packet header, and forwards the packet to host B based on the routing table.
5. Host B receives and responds to the packet. The response packet is processed in the same way.

6to4 Relay

The preceding procedures enforce the communication between 6to4 networks. To enable the communication between a 6to4 network and a native IPv6 network, deploy a 6to4 relay routing device, which serves as a gateway in between. The 6to4 relay routing device connects to the native IPv6 network and the IPv4 network, and establishes a 6to4 tunnel with the 6to4 routing device.

Figure 3 6to4 relay

As shown in Figure 3, when host A connects to host B, the processing procedures are as follows:

1. The IPv6 packet sent by host A arrives at FW_A.
2. FW_A searches the IPv6 forwarding table based on the destination IP address of the IPv6 packet and discovers that the outbound interface is the tunnel interface of the 6to4 automatic tunnel, and the 6to4 address is not the destination IP address but the next hop. Then FW_A encapsulates the IPv6 packet into an IPv4 packet, whose next hop is the IPv4 address obtained from the 6to4 address and the source IP address is the source IPv4 address specified on the local tunnel interface.
3. The encapsulated packet is forwarded by FW_A from the tunnel interface and routed to FW_B over the IPv4 network.
4. After receiving the IPv4 packet, FW_B decapsulates it, searches for the destination address in the decapsulated IPv6 packet header, and forwards the packet to host B based on the routing table.
5. Host B receives and responds to the packet. The response packet is processed in the same way.