In the last article, we said one of the advantages of 6to4 tunnels over IPv4-compatible IPv6 tunnels was that 6to4 tunnels support communication with the native IPv6 Internet. To do this, it uses relay routers which have both 6to4 addresses and native IPv6 addresses. Both border routers and 6to4 hosts can use relay routers but the Anycast 6to4 variant was designed to ease the configuration burden on hosts and small sites. In this article, we will see how relay routers work.
The use case for a 6to4 relay router is as depicted below:
Note that both Router 6to4 and Anycast 6to4 have the same concept of using a relay router to communicate with the native IPv6 Internet. The difference is that Anycast 6to4 specifies a way by which public relay routers can be made available to small sites and individual hosts by assigning a public IPv4 address – 184.108.40.206 – to be used as the 6to4 relay Anycast address.
CCNA Training – Resources (Intense)
We will be using a Windows XP machine as our 6to4 host. The logical diagram for our configuration is as shown below:
Depending on what Windows OS you are using, your 6to4 adapter may or may not be enabled. It seems recent Windows versions have it disabled by default. This is for good reason because as we discussed in the last article, 6to4 has its own issues. In my own Windows XP, I only have Teredo and an automatic tunneling adapter enabled by default; no 6to4.
So the first thing we want to do is enable our 6to4 adapter. We do this using the netsh interface ipv6 6to4 set state state=enabled undoonstop=enabled command. To disable it, just replace (both) “enabled” with “disabled”.
Even after we enable the 6to4 adapter, it may not show up when you run the ipconfig command. The reason is that we do not have any public IPv4 address on our host and 6to4 needs a public IPv4 address to operate. The RFC recommends that the 6to4 tunneling mechanism should be disabled if there is no public IPv4 address on the node. Microsoft seems to follow this rule; Cisco routers do not.
So I will assign the public IP address 220.127.116.11 to my host with a gateway of 18.104.22.168 which is the IPv4 ISP. Notice that the 6to4 interface now shows up in the ipconfig output and that it has automatically generated a 6to4 address using the public IPv4 address:
The 6to4 tunnel allows the host to communicate with the native IPv6 Internet through the use of the relay router; therefore, a relay router must be set on the host as a default gateway for all IPv6 routes (except 2002::/16). The command will be something like netsh interface ipv6 set route ::/0 “6to4 interface name” 2002:c058:6301:: where “6to4 interface name” may vary depending on the system. You can check what name to use by issuing the netsh interface ipv6 show interface command.
Therefore, the command I will run on my XP machine will be netsh interface ipv6 set route ::/0 “6to4 Tunneling Pseudo-Interface” 2002:c058:6301::
We can look at the host’s IPv6 routing table to view the default route. That address is also shown in the ipconfig command output under default gateway:
Note: Enabling 6to4 on your version of Windows OS may give different results like the default route automatically generated, a relay router (e.g. 6to4.ipv6.microsoft.com) automatically selected and so on.
Let’s move on to the configuration on my routers. The configuration on my IPv4 ISP router is as shown below. Notice that it has a route for 22.214.171.124 pointing to the relay router. In reality, this ISP router will know about the 126.96.36.199/24 network via some routing protocol or static route to an upstream ISP:
interface FastEthernet0/0 ip address 188.8.131.52 255.255.255.252 ! interface FastEthernet0/1 ip address 184.108.40.206 255.255.255.252 ! ip route 220.127.116.11 255.255.255.255 18.104.22.168
The configuration on the 6to4 relay router is as shown below. The 6to4 relay Anycast address is assigned to its loopback interface which is also used as the tunnel source. Loopback1 is used to simulate a host with a native IPv6 address:
interface Loopback0 ip address 22.214.171.124 255.255.255.0 ipv6 address 2002:C058:6301::1/128 ! interface Loopback1 no ip address ipv6 address 2001:DB8:1::1/64 ! interface Tunnel2002 no ip address ipv6 unnumbered Loopback0 tunnel source Loopback0 tunnel mode ipv6ip 6to4 ! interface FastEthernet0/0 ip address 126.96.36.199 255.255.255.252 ! ip route 188.8.131.52 255.255.255.252 184.108.40.206 ! ipv6 route 2002::/16 Tunnel2002
Hint: What we have just configured is how Anycast 6to4 will work because we have used the 6to4 relay anycast address.
Let’s test our configuration by pinging 2001:db8:1::1 from the host.
Cool! This is what happens in simple terms: the host checks its routing table to know where to forward the traffic with destination 2001:db8:1::1 to. The only route that matches is the default route through 2002:c058:6301::. Also from the routing table, the hosts knows that it can reach 2002::/16 through its 6to4 tunneling pseudo-interface.
Note: IPv6 next-hop determination is covered here.
Using the same technique we described in the previous 6to4 article, the host converts the “c058:6301” part to 220.127.116.11 and forwards the traffic to its IPv4 default gateway which is the IPv4 ISP. The IPv4 ISP router receives the packet destined to 18.104.22.168 and makes a routing decision: it forwards the traffic to 22.214.171.124 based on its routing table.
The relay router receives the packet, processes it, strips the IPv4 header and forwards the IPv6 traffic to the correct destination. For the destination to reply to the host, it must know to send any traffic destined for 2002::/16 to a relay router.
There are three things that are evident from the description above:
By using a default address (126.96.36.199) as the 6to4 relay Anycast address, the 6to4 host can use the closest relay router to it. In our case and in most cases, this will be a routing decision made by the host’s ISP.
The native IPv6 Internet must know to send all traffic destined for 2002::/16 to a relay router. Therefore public relay routers must advertise the 2002::/16 to the native IPv6 Internet.
There is no guarantee that the native IPv6 destination address will use the same relay router to reply to the 6to4 host; rather, it will use the relay router that is closest to it just the way the 6to4 host does.
Many of the issues regarding the use of 6to4 revolve around the use of relays. For example, the “closest” relay router to a 6to4 may be too far thus increasing latency. Also, the fact that public relays are “public” means that there is no proper service delivery guarantee.
This brings us to the end of this article where we have configured 6to4 on a host to use a relay router for communicating with the native IPv6 Internet.
In the next article, we will see a better tunneling mechanism (6rd) which is an extension to 6to4 tunnels. I hope you have found this article insightful.
References and further reading
RFC 3056: Connection of IPv6 Domains via IPv4 Clouds: http://tools.ietf.org/html/rfc3056
RFC 3068: An Anycast Prefix for 6to4 Relay Routers: http://tools.ietf.org/html/rfc3068
RFC 6343: Advisory Guidelines for 6to4 Deployment: http://tools.ietf.org/html/rfc6343
RFC 2893: Transition Mechanisms for IPv6 Hosts and Routers: http://tools.ietf.org/html/rfc2893
RFC 7059: A Comparison of IPv6-over-IPv4 Tunnel Mechanisms: http://tools.ietf.org/html/rfc7059
IPv6 Configuration Guide, Cisco IOS Release 15.2M&T: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/configuration/15-2mt/ip6-15-2mt-book.html
Understanding (and Maybe Killing) the ISATAP, Teredo, and 6to4 “Imaginary” NICs: http://www.minasi.com/newsletters/nws1303.htm