Automatic 6to4 Tunnel

Automatic 6to4 Tunnel

Automatic 6to4 tunnel is a method to connect IPv6 domain through IPv4 cloud. It assigns a unique IPv6 prefix to any site that currently has atleast one globally unique IPv6 address. It provides mechanism for transmitting IPv6 packets using such a prefix over global IPv4 network.

The IANA has assigned one 13-bit Top Level Aggregator (TLA) under IPv6 Format Prefix (FP) 001 for 6to4 scheme. Its numeric value is 0x0002 i.e. it is 2002::/16 when expressed as an IPv6 address prefix.

The subscriber site which has atleast one globally unique IPv4 address, is deemed to have following IPv6 address prefix information-

Prefix Length: 48

Format Prefix: 001

TLA Value: 0002

NLA Value: IPv4 address

This prefix can be abbreviated as 2002:V4ADDR::/48.

Encapsulation in IPv4:

The IPv6 packets are encapsulated in IPv4 packets with an IPv4 Protocol Type 41 (0x29). The IPv4 header contains the Source and Destination IPv4 addresses. The IPv4 packet body contains the IPv6 header and payload.

Consider the following-

SiteA router-

ipv6 unicast-routing

ipv6 cef

!

interface fastethernet 0/0

ipv6 address 2001:1:1:1::2/124

ipv6 rip TEST enable

no shutdown

!

ipv6 router rip TEST

!

SiteA_6to4 router-

ipv6 unicast-routing

ipv6 cef

!

interface Loopback 0

ip address 1.1.1.1 255.255.255.255

ipv6 address 2002:0101:0101::1/64

!

interface Tunnel 0

ipv6 address 2002:0101:0101:FFFF::1/64

tunnel source Loopback 0

tunnel mode ipv6ip 6to4

!

interface serial 0/0

ip address 192.16.1.1 255.255.255.252

no shutdown

!

interface fastethernet 0/0

ipv6 address 2001:1:1:1::1/124

ipv6 rip TEST enable

no shutdown

!

router ospf 1

network 192.16.1.0 0.0.0.3 area 0

network 1.1.1.1 0.0.0.0 area 0

!

ipv6 router rip TEST

redistribute static metric 5

!

ipv6 route 2002::/16 Tunnel 0

ipv6 route 2001:2:2:2::/64 2002:0303:0303::1

!

SiteB router-

ipv6 unicast-routing

ipv6 cef

!

interface fastethernet 0/0

ipv6 address 2001:2:2:2::2/124

ipv6 rip TEST enable

no shutdown

!

ipv6 router rip TEST

!

SiteB_6to4 router-

ipv6 unicast-routing

ipv6 cef

!

interface Loopback 0

ip address 3.3.3.3 255.255.255.255

ipv6 address 2002:0303:0303::1/64

!

interface Tunnel 0

ipv6 address 2002:0303:0303:FFFF::1/64

tunnel source Loopback 0

tunnel mode ipv6ip 6to4

!

interface serial 0/0

ip address 10.1.1.2 255.255.255.252

no shutdown

!

interface fastethernet 0/0

ipv6 address 2001:2:2:2::1/124

ipv6 rip TEST enable

no shutdown

!

router ospf 1

network 10.1.1.0 0.0.0.3 area 0

network 3.3.3.3 0.0.0.0 area 0

!

ipv6 router rip TEST

redistribute static metric 5

!

ipv6 route 2002::/16 Tunnel 0

ipv6 route 2001:1:1:1::/64 2002:0101:0101::1

!

The Loopback0 IPv4 addresses on SiteA_6to4 and SiteB_6to4 routers are converted to hexadecimal numbers and made IPv6 addresses of the form 2002:V4ADDR::/64.

A 6to4 tunnel is a point-to-multipoint tunnel. The tunnel interface just need a source address and destination address is derived from the destination of the packet.

Tunnel interface

SiteA_6to4# show interfaces tunnel 0
Tunnel0 is up, line protocol is up
  Hardware is Tunnel
  MTU 1514 bytes, BW 9 Kbit/sec, DLY 500000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation TUNNEL, loopback not set
  Keepalive not set
  Tunnel source 1.1.1.1 (Loopback0), destination UNKNOWN
  Tunnel protocol/transport IPv6 6to4
  Tunnel TTL 255
  Fast tunneling enabled
  Tunnel transmit bandwidth 8000 (kbps)
  Tunnel receive bandwidth 8000 (kbps)
  Last input 00:02:03, output 00:02:03, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/0 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     36 packets input, 4064 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     42 packets output, 4680 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out

The SiteA_6to4 and SiteB_6to4 routers are dual-stack routers. As below, the SiteA_6to4 router is configured with following IPv6 addresses-

show ipv6 interface brief

SiteA_6to4# show ipv6 interface brief
FastEthernet0/0            [up/up]
    FE80::CE08:13FF:FEEC:0
    2001:1:1:1::1
FastEthernet0/1            [administratively down/down]
Serial1/0                  [up/up]
Serial1/1                  [administratively down/down]
Serial1/2                  [administratively down/down]
Serial1/3                  [administratively down/down]
Loopback0                  [up/up]
    FE80::CE08:13FF:FEEC:0
    2002:101:101::1
Tunnel0                    [up/up]
    FE80::101:101
    2002:101:101:FFFF::1

The routing table on SiteA router is as follows-

IPv6 routes

SiteA# show ipv6 route
IPv6 Routing Table - 6 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
       U - Per-user Static route, M - MIPv6
       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
       O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       D - EIGRP, EX - EIGRP external
LC  2001::1/128 [0/0]
     via ::, Loopback0
C   2001:1:1:1::/124 [0/0]
     via ::, FastEthernet0/0
L   2001:1:1:1::2/128 [0/0]
     via ::, FastEthernet0/0
R   2001:2:2:2::/64 [120/6]
     via FE80::CE08:13FF:FEEC:0, FastEthernet0/0
R   2002::/16 [120/6]
     via FE80::CE08:13FF:FEEC:0, FastEthernet0/0
L   FF00::/8 [0/0]
     via ::, Null0

When a PING is issued from SiteA router to SiteB router (Fa 0/0 interface 2001:2:2:2::2 ), it looks up its routing table and matches the RIPng default route advertised by SiteA_6to4 router. When the packet arrives at SiteA_6to4 router, it looks up its routing table for the destination prefix.

IPv6 routes

SiteA_6to4# show ipv6 route
IPv6 Routing Table - 9 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
       U - Per-user Static route, M - MIPv6
       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
       O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       D - EIGRP, EX - EIGRP external
C   2001:1:1:1::/124 [0/0]
     via ::, FastEthernet0/0
L   2001:1:1:1::1/128 [0/0]
     via ::, FastEthernet0/0
S   2001:2:2:2::/64 [1/0]
     via 2002:303:303::1
S   2002::/16 [1/0]
     via ::, Tunnel0
C   2002:101:101::/64 [0/0]
     via ::, Loopback0
L   2002:101:101::1/128 [0/0]
     via ::, Loopback0
C   2002:101:101:FFFF::/64 [0/0]
     via ::, Tunnel0
L   2002:101:101:FFFF::1/128 [0/0]
     via ::, Tunnel0
L   FF00::/8 [0/0]
     via ::, Null0

The destination prefix matches the static route with SiteB_6to4 router's Tunnel IP address as the next-hop. After a recursive lookup, the SiteA_6to4 router figures out that the outgoing interface is Tunnel 0. The SiteA_6to4 router encapsulates the IPv6 packet into an IPv4 packet with source address as SiteA_6to4 router's Loopback0 IPv4 address (1.1.1.1) and destination address as SiteB_6to4 router's Loopback0 IPv4 address (3.3.3.3). The Protocol field in IPv4 header is set to 0x29 (decimal value 41) indicating IPv6. The following packet capture is taken on the link between SiteA_6to4 and Router2.

When SiteB_6to4 router receives the packet, it decapsulates the IPv4 packet and retains the IPv6 packet from within the IPv4 packet. Then it checks its IPv6 routing table to find out if it can reach the destination of the packet. It figures out the outgoing interface and forwards the packet to the destination.

IPv6 routes

SiteB_6to4# show ipv6 route
IPv6 Routing Table - 9 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
       U - Per-user Static route, M - MIPv6
       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
       O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       D - EIGRP, EX - EIGRP external
S   2001:1:1:1::/64 [1/0]
     via 2002:101:101::1
C   2001:2:2:2::/124 [0/0]
     via ::, FastEthernet0/0
L   2001:2:2:2::1/128 [0/0]
     via ::, FastEthernet0/0
S   2002::/16 [1/0]
     via ::, Tunnel0
C   2002:303:303::/64 [0/0]
     via ::, Loopback0
L   2002:303:303::1/128 [0/0]
     via ::, Loopback0
C   2002:303:303:FFFF::/64 [0/0]
     via ::, Tunnel0
L   2002:303:303:FFFF::1/128 [0/0]
     via ::, Tunnel0
L   FF00::/8 [0/0]
     via ::, Null0

Further reading:

    1. RFC 3056: Connection of IPv6 Domains via IPv4 Clouds http://www.faqs.org/ftp/rfc/pdf/rfc3056.txt.pdf
  1. http://ardenpackeer.com