Understanding IPv6 over IPv4 Tunnel Technology

During the early transition from IPv4 to IPv6 networks, IPv4 networks have been widely deployed, whereas IPv6 networks are isolated islands scattered around the world. With the tunneling technology, IPv6 over IPv4 tunnels can be created on the IPv4 networks to connect the isolated IPv6 sites. To establish IPv6 over IPv4 tunnels, the IPv4/IPv6 dual stack must be enabled on the routers at the borders of the IPv4 and IPv6 networks.

Figure 1 shows how to apply the IPv6 over IPv4 tunnel.

Figure 1 Applying an IPv6 over IPv4 tunnel

  1. On the border router, IPv4/IPv6 dual stack is enabled, and an IPv6 over IPv4 tunnel is configured.

  2. After the border router receives a packet from the IPv6 network, if the destination address of the packet is not the border router and the outbound interface is a tunnel interface, the border router appends an IPv4 header to the IPv6 packet to encapsulate it as an IPv4 packet.

  3. On the IPv4 network, the encapsulated packet is transmitted to the remote border router.

  4. The remote border router receives the packet, removes the IPv4 header, and then sends the decapsulated IPv6 packet to the remote IPv6 network.

    IPv6 over IPv4 tunnels are classified into IPv6 over IPv4 manual tunnels and IPv6-to-IPv4 (6to4) tunnels depending on the application scenarios.

    The following describes the characteristics and applications of each.

IPv6 over IPv4 Manual Tunnel

An IPv6 over IPv4 manual tunnel is manually configured between two border routers. The source and destination IPv4 addresses of the tunnel need to be statically specified. Manual tunnels can be used for communication between isolated IPv6 sites, or configured between border routers and hosts. Hosts and routers on both ends of a manual tunnel must support the IPv4/IPv6 dual stack.

IPv6-to-IPv4 Tunnel

A 6to4 tunnel can connect multiple isolated IPv6 sites through an IPv4 network. A 6to4 tunnel can be a P2MP connection, whereas a manual tunnel is a P2P connection. Therefore, routers on both ends of the 6to4 tunnel are not configured in pairs.

A 6to4 tunnel uses a special IPv6 address, a 6to4 address in the format of 2002:IPv4 address:subnet ID:interface ID. A 6to4 address has a 48-bit prefix composed of 2002:IPv4 address. The IPv4 address is the globally unique IPv4 address applied by an isolated IPv6 site. This IPv4 address must be configured on the physical interfaces connecting the border routers between IPv6 and IPv4 networks to the IPv4 network. The IPv6 address has a 16-bit subnet ID and a 64-bit interface ID, which are assigned by users in the isolated IPv6 site.

When the 6to4 tunnel is used for communication between the 6to4 network and the native IPv6 network, you can configure an anycast address with the prefix 2002:c058:6301/48 on the tunnel interface of the 6to4 relay router.

The difference between a 6to4 address and anycast address is as follows:

  • If a 6to4 address is used, you must configure different addresses for tunnel interfaces of all devices.
  • If an anycast address is used, you must configure the same address for the tunnel interfaces of all devices, effectively reducing the number of addresses.

A 6to4 network refers to a network on which all nodes are configured with 6to4 addresses. A native IPv6 network refers to a network on which nodes do not need to be configured with 6to4 addresses. A 6to4 relay is required for communication between 6to4 networks and native IPv6 networks.

Figure 2 6to4 tunnel and 6to4 relay

6RD Tunneling

IPv6 rapid deployment (6RD) tunneling allows rapid deployment of IPv6 services over an existing IPv4 network.

As an enhancement to the 6to4 solution, 6RD tunneling allows service providers to use one of their own IPv6 prefixes instead of the well-known 2002::/16 prefix standardized for 6to4. 6RD tunneling provides more flexible network planning, allowing different service providers to deploy 6RD tunnels using different prefixes. Therefore, 6RD tunneling is the most widely used IPv6 over IPv4 tunneling technology.

Basic Concepts

Figure 3 introduces the basic concepts of 6RD tunneling and 6RD relay.

Figure 3 6RD tunneling and 6RD relay

  • 6RD domain

    A 6RD domain is a special IPv6 network. The IPv6 address prefixes of devices or hosts within a 6RD domain share the same 6RD delegated prefix. A 6RD domain consists of 6RD customer edge (CE) devices and 6RD border relays (BRs). Each 6RD domain uses a unique 6RD prefix.

  • 6RD CE

    A 6RD CE is an edge node connecting a 6RD network to an IPv4 network. An IPv4 address needs to be configured for the interface connecting the 6RD CE to the IPv4 network. An IPv6 address needs to be configured for the interface connecting the 6RD CE to the 6RD network, and the IPv6 prefix is a 6RD delegated prefix.

  • 6RD BR

    A 6RD BR is used to connect a 6RD network to an IPv6 network. At least one IPv4 interface needs to be configured for the 6RD BR. Each 6RD domain has only one 6RD BR.

  • 6RD prefix

    A 6RD prefix is an IPv6 prefix used by a service provider. It is part of a 6RD delegated prefix.

  • IPv4 prefix length

    The IPv4 prefix length is calculated by subtracting specified high-order bits from the source tunnel address (IPv4 address). The rest of the IPv4 address is part of the 6RD delegated prefix.

  • 6RD delegated prefix

    A 6RD delegated prefix is an IPv6 prefix assigned to a host or a device in a 6RD domain. The 6RD delegated prefix is created by combining a 6RD prefix and all or part of an IPv4 address.

6RD Address Format

As shown in Figure 4, a 6RD address is composed of a 6RD prefix (IPv6 prefix selected by a service provider for use by a 6RD domain), an IPv4 address, a subnet ID, and an interface identifier.

Figure 4 6RD address format

A 6RD address has a 64-bit length and consists of a 6RD delegated prefix and a customized subnet mask. The 6RD delegated prefix is a combination of a 6RD prefix and all or part of an IPv4 address. The length of the IPv4 address is determined by the IPv4 prefix length configured for the 6RD tunnel. That is, after subtracting specified high-order bits from the IPv4 address, the rest of the IPv4 address becomes part of the 6RD delegated prefix.

Service Scenarios

A 6RD tunnel can be used in two scenarios: interworking between 6RD domains and interworking between a 6RD domain and an IPv6 network.

  • As shown in Figure 5, two 6RD domains interwork over a 6RD tunnel.

    Figure 5 6RD tunneling

    The procedure for host A accessing host B is as follows:

    1. A service provider assigns a 6RD prefix and an IPv4 address to 6RD CE A, and 6RD CE A delivers the 6RD delegated prefix calculated based on the 6RD prefix and IPv4 address to host A.

    2. Upon receiving an IPv6 packet sent by host A, 6RD CE A searches the IPv6 forwarding information base (FIB) table based on the destination address in the IPv6 packet and discovers that the 6RD tunnel interface is the outbound interface and the destination address is a 6RD address. 6RD CE A then encapsulates the IPv6 packet into an IPv4 packet in which the destination address is the IPv4 address extracted from the 6RD address and the source address is the IPv4 source address configured for the local tunnel interface.

    3. 6RD CE A forwards the IPv4 packet from the tunnel interface to 6RD CE B over the IPv4 network.

    4. Upon receiving the IPv4 packet, 6RD CE B decapsulates the IPv4 packet, searches for the destination address contained in the IPv6 packet header, and routes the IPv6 packet to host B.

    5. After receiving the packet, host B responds to the packet. The returned packet is processed in a similar way.

  • As shown in Figure 6, a 6RD domain and an IPv6 network interwork over a 6RD tunnel.

    Figure 6 6RD delegation

    The procedure for host A accessing host B is as follows:

    1. A service provider assigns a 6RD prefix and an IPv4 address for the 6RD CE and assigns an IPv4 address for the 6RD BR. The 6RD CE delivers the 6RD delegated prefix calculated based on the 6RD prefix and IPv4 address to host A.

    2. When the IPv6 packet sent by host A reaches the 6RD CE, the 6RD CE searches the IPv6 FIB table based on the destination address in the IPv6 packet and discovers that the 6RD tunnel interface is the outbound interface and the next-hop address instead of the destination address is a 6RD address. The 6RD CE then encapsulates the IPv6 packet into an IPv4 packet in which the destination address is the IPv4 address extracted from the next-hop 6RD address and the source address is the IPv4 source address configured for the local tunnel interface.

    3. The 6RD CE forwards the IPv4 packet from the tunnel interface to the 6RD BR over the IPv4 network.

    4. Upon receiving the IPv4 packet, the 6RD BR decapsulates the IPv4 packet, searches for the destination address contained in the IPv6 packet header, and routes the IPv6 packet to host B.

    5. After receiving the packet, host B responds to the packet. The returned packet is processed in a similar way.

Parent Topic: IPv6 over IPv4 Tunnel Technology Description
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic