Skip to end of metadata
Go to start of metadata

An ISP can set up a 6to4 relay service by configuring at least two well-connected IPv6-enabled routers to set up automatic 6to4 tunnels.

A 6to4 tunnel is an automatic IPv6 tunnel where a 6to4 border router in an isolated IPv6 network creates a tunnel to a 6to4 border router in another isolated IPv6 network over an IPv4 infrastructure. The tunnel destination is determined by the globally unique, 32-bit IPv4 address of the remote 6to4 border router that is concatenated to the prefix 2002::/16. 6to4 tunnels are configured between 6to4 border routers or between 6to4 border routers and hosts.

A 6to4 relay service is a 6to4 border router that offers traffic forwarding to the IPv6 Internet for remote 6to4 border routers. A 6to4 relay forwards packets that have a 2002::/16 source prefix.

6to4 tunnels and connections to a 6to4 relay service need not be requested or negotiated between customers and the ISP. The ISP simply configures the 6to4 relay service and customers can automatically connect to the service whenever they like. Because of the one-to-many relationship between the 6to4 relay service and each 6to4 tunnel (each customer), there is low maintenance and management overhead associated with 6to4 tunnels and a 6to4 relay service. However, given that customers use the IPv4 address of their border router to construct the 6to4 address that they use to connect to the 6to4 relay service (they are not delegated a /48 prefix from the ISP), the ISP may want to manage the IPv4 routing announcements for the relay service to control its use (the ISP will need IPv4 traffic statistics if it wants to identify and charge individual customers for using the service).

Reverse 6to4 delegation can be requested at: http://6to4.nro.net, please check the instructions at http://6to4.nro.net/6to4_reverse/non_2002/index.html.

Brief Example

Here is a minimal config fragment. Check Cisco's documentation for full details. This should be configured on a dual-stack router that has good IPv4 and IPv6 connectivity. To minimize latency, it should be on the border between your IPv4-only network and your dual-stack network. This configuration can be duplicated to additional dual-stack routers for increased reliability.

WARNING: The 192.88.99.1 address on the loopback interface may be selected as your router ID during a subsequent reboot or an OSPF or BGP process restart. To prevent this (particularly if you are running multiple 6to4 gateways for reliability) you should explicitly specify your OSPF or BGP router ID.

A 6to4 gateway provides routing in two different directions. First, it provides a route for packets from native IPv6 (non-6to4) devices within an IPv6 network to reach 6to4 devices which do not have native IPv6 connectivity. The 2002::/16 route should be distributed to other IPv6 routers using an IPv6-capable IGP (eg. OSPFv3 or RIPv6).

The gateway also allows packets from 6to4 devices which have only IPv4 connectivity to reach native IPv6 devices on the IPv6 network. The route to the anycast address 192.88.99.1 should be distributed via an IPv4 IGP (eg. OSPF or EIGRP) to other IPv4 routers.

For example, if you run OSPFv3 and OSPF on your routers:

If the router will be a public 6to4 gateway, then the 192.88.99.0/24 network and/or the 2002::/16 network should also be announced via BGP to other networks (see RFC 3068, section 4.3). Depending on your BGP peering policy and configuration, accomplishing this may require one or more of the following:

  • Adding a 'network 192.88.99.0' and/or 'network 2002::/16' to your BGP configuration
  • Adjusting your BGP filters to permit the outgoing announcements
  • Coordinating with your BGP peer(s) to accept the 192.88.99.0/24 and/or 2002::/16 prefixes and propagate them
  • Adjusting your border interface ACLs to permit the traffic

Detailed Example

Jordi Palet Martinez posted the following example on the AfriNIC mailing list:

Details of the example configuration

The examples below is assuming that the public IPv4 address in the WAN
interface of the router is 192.1.2.3. You should replace that with the right
information for your own case, same with other data used in the examples.

Also, you need to understand how to calculate the 6to4 IPv6 address for your
router. This is done using the IPv4 address and the IPv6 6to4 prefix.

The 6to4 prefix 2002::/16 is taking the first 16 bits. Then the bits 17 to
48 are the nibble notation for your IPv4 address. So in our example it will
be:

So consequently:
2002:c001:0203::/48

We will use the first address of the prefix for the WAN interface, so
2002:c001:0203::1/128

Also, the anycast address for 6to4 is: 192.88.99.1
Following the same example as above, in IPv6 will be:
2002:c058:6301::/128

For our example using a Loopback, we use 192.3.2.3, which in IPv6 will be
2002:0c03:0203::/128

We show below two options for the 6to4 Relay. One basic configuration and
another using the anycast address for 6to4. You just need to configure one
of them (A or B).

A Example configuration of a basic 6to4 Relay

This relay will only be reachable for hosts or routers with a manual
configuration pointing to it.

A1) Enable IPv6 in the router

A2) Ethernet0/0 interface configuration (obviously you can use another
interface)

A3) tunnel 6to4 virtual interface

A4) 6to4 prefix route

B Example configuration of a 6to4 Relay with anycast support

B1) Enable IPv6 in the router

B2) We use the loopback (recommended), but you could use an Ethernet
Interface or any other one

Note: When using IPv4 anycast addresses is recommended to configure
explicitly the BGP/OSPF ID with a unicast address, otherwise, the router may
take by default the anycast address as the ID.

B3) tunnel 6to4 virtual interface

C Configuration for a public Relay

If you choose the anycast option (B), then you can also make the relay
public via the following steps.

C1) You need to announce the 2002::/16 prefix usually via BGP. The example
below will help you. You should add this to the normal unicast IPv6
configuration and replace the right information for your own case.

Note: Of course, you need to replace some of the parameters with your
specific data, such as myASN, remotepeer_IPv6, my_IPv6_prefix, remoteASN,
remoteISP, remoteISP_in and remoteISP_out.

C2) Additionally you need to configure the announce of the 6to4 anycast
prefix, 192.88.99.0/24, to your neighbor ISPs.

Once you have started announcing this prefix, add yourself to the list of ISPs currently announcing a 6to4 prefix.

D Configuration for a Private Relay

Alternatively, if you only want to offer the relay to your own customers,
you need to announce the 192.88.99.0/24 prefix only to them. Then you will
need to use example A) and use something adapted to your own network/routing
protocol.

For example, if you are using OSPF as your IGP, you will add something such
as:

E Real-life configuration for 6to4 public relay on a Cisco 7600 platform

In addition to the scenarios above it could be really tricky to debug all of the associated problems. If you're using a Cisco 7600 platform it is worth checking out the following:

1) DO NOT put 192.88.99.1 as a secondary address on a Loopback interface. Otherwise you will not enable cef fully.

2) Additional addressing on Loopback ('normal' IPv4- and IPv6-loopbacks on Lo64 below) is not obligatory, though it will allow for proper diagnostics from the router towards 6to4 clients.

3) In an MPLS environment CHECK OUT for "mls mpls tunnel-recir" in the running-conf. It is mandatory to ensure bi-directional traffic flows.

Below is a real-life configuration that delivers (appears courtesy of CCIE #10389), IGP part is omitted for clarity. Feel free to ask questions/comment at aa916-ripe contacts.

  • No labels