< Home

Application and Mechanism of IPSec on Transition Networks

Only tunnel mode supports IPSec 6 over 4 and IPSec 4 over 6.

IPSec 6 over 4

In the early stage of Internet transition from IPv4 to IPv6, IPv6 networks are separated by an ocean of IPv4 networks. Such IPv6 islands cannot directly communicate with each other. To resolve this issue, tunnels can be created on IPv4 networks to bridge isolated IPv6 networks. The tunnel across an IPv4 network to bridge two isolated IPv6 networks is referred to as an IPv6 over IPv4 tunnel. To protect IPv6 packets over an IPv4 network, an IPSec tunnel must also be established. Such an IPSec tunnel is referred to as an IPSec 6 over 4 tunnel.

In tunnel mode of IPSec 6 over 4, an IPSec tunnel is established to provide an IPSec-protected IPv6 over IPv4 tunnel. Figure 1 shows an IPSec 6 over 4 tunnel in tunnel mode.
Figure 1 IPSec 6 over 4 tunnel in tunnel mode

IPSec 4 over 6

During the late stage of the Internet transition from IPv4 to IPv6, IPv4 networks will be isolated by an ocean of IPv6 networks. Such IPv4 islands cannot directly communicate with each other. To resolve this issue, tunnels can be created on IPv6 networks to bridge isolated IPv4 networks. It is similar to deploying VPN tunnels on IP networks. The tunnel across an IPv6 network to bridge two isolated IPv4 networks is referred to as an IPv4 over IPv6 tunnel. To protect IPv4 packets over an IPv6 network, an IPSec tunnel must also be established. Such an IPSec tunnel is referred to as an IPSec 4 over 6 tunnel.

In tunnel mode of IPSec 4 over 6, an IPSec tunnel is established to provide an IPSec-protected IPv4 over IPv6 tunnel. Figure 2 shows an IPSec 4 over 6 tunnel in tunnel mode.
Figure 2 IPSec 4 over 6 tunnel in tunnel mode
Parent Topic: IPSec Reliability
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic