IPv6 tunneling over IPv4 using manually configured tunnels

NOTE:

All commands previously in the Summary of commands table are indexed under the entry Command syntax.

IPv6 over IPv4 tunneling is a way to establish point-to-point tunnels by encapsulating IPv6 packets within IPv4 headers so that they can be carried over the IPv4 routing infrastructure. IPv6 over IPv4 tunneling provides a mechanism for utilizing the existing IPv4 routing infrastructure to carry IPv6 traffic between IPv6 networks.

There are a number of IPv6 tunneling mechanisms. Currently only tunneling IPv6 traffic over an IPv4 network through 6in4 manually configured tunnel endpoints is supported.

Tunnels are an additional routing interface type, similar to a VLAN interface or a loopback interface. Routing into 6in4 tunnels is supported for:

  • A standard route table lookup

  • Static Routes

  • Policy Based Routing (PBR)

  • Running OFPFv3 over the point-to-point tunnel interface

See RFC 4213 Basic Transition Mechanisms for IPv6 Hosts and Routers for more information about tunneling.

Tunneling can be used for:

  • Router to router—IPv4 routers connected by an IPv4 infrastructure can tunnel IPv6 packets among themselves. The tunnel spans one segment of the end-to-end path.

  • Host to router—IPv4 and IPv6 hosts can tunnel IPv6 packets to an intermediary IPv6 or IPv4 router that is reachable through an IPv4 infrastructure. The tunnel spans the first segment of the end-to-end path.

  • Host to host—IPv6 or IPv4 hosts that are interconnected by an IPv4 infrastructure can tunnel IPv6 packets among themselves. The tunnel spans the entire end-to-end path.

  • Route to host— IPv6 or IPv4 routers can tunnel IPv6 packets to their final destination IPv6 or IPv4 host. This tunnel spans only the last segment of the end-to-end path.

Configured tunnels are in the router-to-router configuration because the tunnel endpoints need to be explicitly configured.

The tunnel endpoint includes:

  • The entry node of the tunnel (the encapsulator), which creates an encapsulating IPv4 header and sends the encapsulated packet. Which packets to tunnel is determined by a routing table lookup based on the IPv6 address.

  • The exit node of the tunnel (the decapsulator):

    • receives the encapsulated packet

    • reassembles the packet if needed

    • removes the IPv4 encapsulating header

    • processes the IPv6 packet in the usual manner

The decapsulator matches received packets to the tunnels it has configured, and only processes packets where the IPv4 source and destination addresses match the endpoint addresses of the configured tunnels. A tunnel’s IPv4 address must be the same on both the encapsulator and the decapsulator. IPv4 routing switches route the packet based on the IPv4 header.

IPv6 traffic can travel the tunnel in either direction. Each end node can be either the encapsulator or the decapsulator depending on the flow of the IPv6 traffic.

Conceptual Example of a Tunnel

A tunnel is treated as a single point-to-point link; the encapsulator and decapsulator behave as IPv6 neighbors on that link. The encapsulator and decapsulator assign IPv6 link-local addresses to the interface and may also assign IPv6 global addresses. Neighbor discovery and duplicate address detection are implemented as they are on any other IPv6 interface.