6to4 relay routers are specialized routers, accessible via the anycast IPv4 address 192.88.99.1, that facilitate IPv6 internet access by bridging IPv6 networks and the IPv6 internet over an IPv4 backbone using a 6to4 tunnel.

Table of Contents

6to4 Relay Fundamental

To provide IPv6 internet access to a user or organization without direct connectivity to the IPv6 internet backbone, a point-to-point tunnel is typically created between the user/organization and a tunnel broker. One of the most popular and widely used tunnel brokers is Hurricane Electric’s Tunnel Broker, which we will discuss in upcoming lessons.

IPv6 Internet access using Tunnel Broker
IPv6 Internet access using Tunnel Broker

Another method for enabling IPv6 connectivity over an IPv4 backbone is the use of 6to4 relays. These relays facilitated IPv6 internet access by creating multipoint tunnels between users or organizations and the 6to4 relay. While this method was widely used in the past, it is no longer recommended due to its limitations.

IPv6 Internet access using 6to4 Relay
IPv6 Internet access using 6to4 Relay

All 6to4 relays on the internet share the same anycast IPv4 address, 192.88.99.1, which corresponds to the same 6to4 IPv6 address: 2002:c058:6301::.

Any client or organization can establish a tunnel between their endpoint or gateway and a 6to4 relay. However, a significant limitation is that the IPv6 address must derive from the public IPv4 address of the endpoint or gateway, constrained to the subnet 2002::/16, as discussed in the previous lesson.

To access the IPv6 internet through this method, users or organizations must configure a default route via the 6to4 relay’s tunnel address (2002:c058:6301::) and ensure that traffic destined for the 2002::/16 subnet is routed through the 6to4 tunnel. 

ipv6 route ::/0 2002:C058:6301::

ipv6 route 2002::/16 Tunnel0

6to4 Relay Configuration Example

To better understand how a 6to4 relay facilitates access to the IPv6 internet over IPv4 Internet, I have prepared a configuration example.

IPv6 Internet access using 6to4 Relay Configuration Example
IPv6 Internet access using 6to4 Relay Configuration Example

In this example, an IPv6 site is connected to an IPv4 Internet using the public IPv4 address 1.2.3.1. To access the IPv6 internet, the site’s IPv6 address must follow the 6to4 format. For this specific case, the derived IPv6 prefix is 2002:0102:0301::/64.

The address of the 6to4 relay is always 192.88.99.1, so I have used this address for the 6to4 relay. Additionally, the 6to4 relay has a direct connection to the native IPv6 internet through a subnet in the global unicast address range.

The 6to4 relay is configured with a 6to4 tunnel and a 6to4 tunnel address in the subnet 2002:C058:6301::. This setup enables any endpoint or organization on the IPv4 internet to access the IPv6 internet by creating a 6to4 tunnel with the 6to4 relay.

To demonstrate this configuration, I have established a tunnel between the site and the 6to4 relay, routing all IPv6 internet traffic from the site through this tunnel.

!!! hostname Relay6to4
ipv6 unicast-routing
!
interface Tunnel0
 ipv6 address 2002:C058:6301::1/64
 tunnel source Ethernet0/0
 tunnel mode ipv6ip 6to4
!
interface Ethernet0/0
 ip address 192.88.99.1 255.255.255.0
!
interface Ethernet0/1
 ipv6 address 2001:BB:1:2::1/64
!
ip route 0.0.0.0 0.0.0.0 192.88.99.2
!
!
ipv6 route 2002::/16 Tunnel0
ipv6 route ::/0 2001:BB:1:2::2

!!! IPv6-Site
ipv6 unicast-routing
!
interface Loopback0
 no ip address
 ipv6 address 2002:102:301::1/64
!
interface Tunnel0
 ipv6 unnumbered Loopback0
 tunnel source Ethernet0/0
 tunnel mode ipv6ip 6to4
!
interface Ethernet0/0
 ip address 1.2.3.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 1.2.3.2
!
!
ipv6 route 2002::/16 Tunnel0
ipv6 route ::/0 2002:C058:6301::

!!! Internet-IPv6
ipv6 unicast-routing
!
interface Ethernet0/0
 ipv6 address 2001:BB:1:2::2/64
!
ipv6 route 2002::/16 2001:BB:1:2::1

To verify connectivity to the IPv6 internet over the IPv4 backbone, we can perform a ping and also traceroute test from the site to a destination on the IPv6 internet.

The output confirms successful connectivity via the 6to4 relay.

IPv6-Site#ping 2001:BB:1:2::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:BB:1:2::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/5 ms
IPv6-Site#ping 2001:BB:1:2::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:BB:1:2::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/13/42 ms
IPv6-Site#

IPv6-Site#traceroute 2001:BB:1:2::2
Type escape sequence to abort.
Tracing the route to 2001:BB:1:2::2

  1 2002:C058:6301::1 6 msec 7 msec 8 msec
  2 2001:BB:1:2::2 11 msec 6 msec 1 msec
Back to: IPv6 (in progress) > Enterprise based IPv6 over IPv4 Tunneling methods

Leave a Reply

Your email address will not be published. Required fields are marked *


Post comment