IPv6 over IPv4 tunneling
Implementation
IPv6 over IPv4 tunneling adds an IPv4 header to IPv6 data packets so that IPv6 packets can pass an IPv4 network through a tunnel to realize internetworking between isolated IPv6 networks, as shown in Figure 82. The IPv6 over IPv4 tunnel can be established between two hosts, a host and a device, or two devices. The tunnel destination node can forward IPv6 packets if it is not the destination of the IPv6 packets.
The devices at both ends of an IPv6 over IPv4 tunnel must support the IPv4/IPv6 dual stack.
Figure 82: IPv6 over IPv4 tunnel
The IPv6 over IPv4 tunnel processes packets in the following ways.
A host in the IPv6 network sends an IPv6 packet to Device A at the tunnel source.
After determining from the routing table that the packet needs to be forwarded through the tunnel, Device A encapsulates the IPv6 packet with an IPv4 header and forwards it through the physical interface of the tunnel.
Upon receiving the packet, Device B de-encapsulates the packet.
Device B forwards the packet according to the destination address in the de-encapsulated IPv6 packet. If the destination address is the device itself, Device B forwards the IPv6 packet to the upper-layer protocol for processing.
Tunnel types
Depending on how the IPv4 address of the tunnel destination is acquired, IPv6 over IPv4 tunnels are divided into the following types:
Manually configured tunnel—The destination address of the tunnel cannot be automatically acquired through the destination IPv6 address of an IPv6 packet at the tunnel source, and must be manually configured.
Automatic tunnel—The destination address of the tunnel is an IPv6 address with an IPv4 address embedded, and the IPv4 address can be automatically acquired through the destination IPv6 address of an IPv6 packet at the tunnel source.
Table 10: IPv6 over IPv4 tunnel modes and key parameters
Tunnel type | Tunnel mode | Tunnel source/destination address | Tunnel interface address type |
---|---|---|---|
Manually configured tunnel | IPv6 manual tunneling | The source/destination IP address is a manually configured IPv4 address. | IPv6 address |
Automatic tunnel | 6to4 tunneling | The source IP address is a manually configured IPv4 address. The destination IP address does not need to be configured. | 6to4 address, in the format of 2002:IPv4-source-address::/48 |
Intra-site automatic tunnel addressing protocol (ISATAP) tunneling | The source IP address is a manually configured IPv4 address. The destination IP address does not need to be configured. | ISATAP address, in the format of Prefix:0:5EFE:IPv4-source-address/64 |
According to the way an IPv6 packet is encapsulated, IPv6 over IPv4 tunnels are divided into the following modes:
IPv6 manual tunneling
A manually configured tunnel is a point-to-point link. Each link is a separate tunnel. IPv6 manual tunnels are mainly used to provide stable connections for regular secure communication between border routers or between border routers and hosts for access to remote IPv6 networks.
6to4 tunneling
An automatic 6to4 tunnel is a point-to-multipoint tunnel mainly constructed between edge routers, and is used to connect multiple isolated IPv6 networks over an IPv4 network to remote IPv6 networks. The embedded IPv4 address in an IPv6 address is used to automatically acquire the destination IPv4 address of the tunnel.
The automatic 6to4 tunnel adopts 6to4 addresses. The address format is 2002:abcd:efgh:subnet number::interface ID/64, where 2002 represents the fixed IPv6 address prefix, and abcd:efgh represents the 32-bit globally unique source IPv4 address of the 6to4 tunnel, in hexadecimal notation. For example, 1.1.1.1 can be represented by 0101:0101. The part that follows 2002:abcd:efgh uniquely identifies a host in a 6to4 network. The tunnel destination is automatically determined by the embedded IPv4 address, which makes it easy to create a 6to4 tunnel.
The tunnel can forward IPv6 packets because the 16-bit subnet number of the 64-bit address prefix in 6to4 addresses can be customized and the first 48 bits in the address prefix are fixed to a permanent value and the IPv4 address of the tunnel source or destination.
Figure 83: 6to4 tunnel
ISATAP tunneling
An ISATAP tunnel is a point-to-multipoint automatic tunnel. The destination of a tunnel can automatically be acquired from the embedded IPv4 address in the destination address of an IPv6 packet.
When an ISATAP tunnel is used, the destination address of an IPv6 packet and the IPv6 address of a tunnel interface both adopt special ISATAP addresses. The ISATAP address format is prefix(64bit):0:5EFE:abcd:efgh. The 64-bit prefix is the prefix of a valid IPv6 unicast address, but abcd:efgh is a 32-bit source IPv4 address in hexadecimal, which might not be globally unique. Through the embedded IPv4 address, an ISATAP tunnel can be automatically created to transfer IPv6 packets.
The ISATAP tunnel is mainly used for communication between IPv6 routers or between a host and an IPv6 router over an IPv4 network.
Figure 84: Principle of ISATAP tunneling