January 13, 2000 (Check here for the latest version.)
Carpenter/Moore's 6to4 is a method for connecting IPv6 sites over the existing IPv4 Internet infrastructure. It uses a special address prefix to give isolated IPv6 sites their own IPv6 address space. 6to4 is like a "pseudo-ISP" providing IPv6 connectivity. You can use 6to4 to communicate directly with other 6to4 sites. You can also use a 6to4 relay to communicate with 6bone sites.
The main requirement for using 6to4 is that you need one globally routable IPv4 address for your site. Your site consists of a collection of IPv6 machines (some running MSR IPv6, perhaps some running other IPv6 implementations) that you manage, probably all directly connected via ethernet or Carpenter/Jung 6-over-4. The globally routable IPv4 address must be assigned to one of your machines running MSR IPv6. This machine will be your 6to4 gateway.
If you have an address like 10.x.y.z
,
or with prefix 10/8
, 172.16/12
,
192.168/16
, or 169.254/16
, then it is not
globally routable. Otherwise it probably is globally routable.
See the Debugging section in this document
for more help in determining whether your ISP connection will support 6to4.
The 6to4cfg.exe command automates 6to4 configuration. It automatically discovers your globally routable IPv4 address and creates a 6to4 prefix. It will either perform the configuration directly, or it can write out a configuration script that you can inspect and run later.
The basic 6to4cfg.exe command syntax is
6to4cfg [options] [filename]
.
In more detail:
6to4cfg [filename]
con
for the filename
to write the configuration script to console output.
This is useful for seeing what 6to4cfg.exe will do
without actually doing it.
6to4cfg -r
6to4cfg -s
-r
.
6to4cfg -u
6to4cfg -u
undoes the effect of 6to4cfg
,
6to4cfg -r -u
undoes the effect of 6to4cfg -r
, etc.
6to4cfg -R v4-addr
131.107.65.121
,
which is the 6to4 relay router operated by Microsoft Research.
To make this concrete, in this example the globally routable
address of the 6to4 gateway is 172.31.42.239
.
Of course, you will need your own globally routable IPv4 address to use 6to4.
The 32-bit globally routable IPv4 address is combined with the
16-bit prefix 2002::/16
to form a 48-bit IPv6 address
prefix for your site. In this example, the 6to4 site prefix is
2002:ac1f:2aef::/48
. Note that ac1f:2aef
is
the hexadecimal encoding of 172.31.42.239
. (Of course, you will
use a different prefix based on your own globally routable IPv4 address.)
Using the 6to4 site prefix, you can assign addresses and subnet prefixes
inside your site.
This example assumes that you use subnet 0 for manually configuring a 6to4 address on your 6to4 gateway machine and that you use subnet 1 for automatically configuring addresses on your ethernet. But other choices are possible.
First, use the ipv6.exe command to enable 6to4 on your 6to4 gateway machine:
ipv6 rtu 2002::/16 2
The ipv6 rtu
command performs a routing table update
operation. It can be used to add, remove, or update a route. In this
case it is enabling 6to4.
The 2002::/16
argument is the route's prefix - it
specifies the special 6to4 prefix.
The 2
argument specifies the on-link interface for
this prefix. Interface #2 is the "pseudo-interface" used for
configured tunnels, automatic tunneling, and 6to4. When an IPv6
destination address matches the 2002::/16
prefix, the
32 bits that follow the prefix in the destination address are
extracted to form an IPv4 destination address. The packet is
encapsulated with an IPv4 header and sent to the IPv4 destination
address.
Second, configure a 6to4 address on your 6to4 gateway machine:
ipv6 adu 2/2002:ac1f:2aef::ac1f:2aef
The ipv6 adu
command performs an address update
operation. It can be used to add, remove, or update an address on an
interface. In this case it is configuring the machine's 6to4
address.
The 2/2002:ac1f:2aef::ac1f:2aef
argument specifies the
interface and the address. It says to configure address
2002:ac1f:2aef::ac1f:2aef
on interface #2. The address is
created using the site prefix 2002:ac1f:2aef::/48
, plus
subnet 0 to give a subnet prefix 2002:ac1f:2aef::/64
,
plus a 64-bit interface identifier. Our convention is to use the
machine's IPv4 address for the interface identifer for addresses
assigned to interface #2. In your usage, ac1f:2aef
should be replaced by the hexadecimal encoding of your own
globally routable IPv4 address.
The above two commands are sufficient to allow communication with other 6to4 sites. For example, trying pinging the MSR 6to4 site:
ping6 2002:836b:4179::836b:4179
To enable communication with the 6bone, you must
create a default configured tunnel to a 6to4 relay. You can use MSR's
6to4 relay router, 131.107.65.121
:
ipv6 rtu ::/0 2/::131.107.65.121 pub life 1800
The ipv6 rtu
command performs a routing table update
operation. In this case it is establishing a default route to the 6to4
relay.
The ::/0
argument is the route's prefix - the zero-length prefix means it is a default route.
The 2/::131.107.65.121
argument specifies the next-hop
neighbor for this prefix. It says to forward packets that match the
prefix to address ::131.107.65.121
using interface
#2. Forwarding a packet to ::131.107.65.121
on interface
#2 causes it to be encapsulated with a v4 header and sent to
131.107.65.121
.
The pub
argument makes this a published route. This is
only relevant for routers, so unless/until routing is enabled it has
no effect. Similarly, the 30 minute lifetime is only relevant if
routing is enabled.
Now you should be able to access 6bone sites as well as 6to4 sites. Use the following command to test this:
ping6 3ffe:1cff:0:f5::1
See our 6bone instructions for a list of other 6bone sites.
The final step is to enable routing on your 6to4 gateway. This
example assumes that interface #3 on your gateway machine is an ethernet
interface and interface #4 is a 6-over-4 interface. Your machine may
number its interfaces differently. The following two commands assign
subnet prefixes to the two links. The subnet prefixes are derived from
the site's 6to4 prefix 2002:ac1f:2aef::/48
:
ipv6 rtu 2002:ac1f:2aef:1::/64 3 pub life 1800
ipv6 rtu 2002:ac1f:2aef:2::/64 4 pub life 1800
Here the ipv6 rtu
command specifies that the prefix
2002:ac1f:2aef:1::/64
is on-link to interface #3. It is
configuring the first subnet prefix on the ethernet interface. The
route is published with a lifetime of 30 minutes.
Similarly, the 2002:ac1f:2aef:2::/64
prefix is
configured on the 6-over-4 interface.
Finally, the next three commands enable the 6to4 gateway machine to be a router:
ipv6 ifc 2 forw
ipv6 ifc 3 forw adv
ipv6 ifc 4 forw adv
The ipv6 ifc
command controls attributes of an interface. A router both forwards packets and sends Router Advertisements. In the MSR IPv6 implementation, these are separately controlled per-interface attributes.
Interface #2 does not need to be advertising because it is a pseudo-interface.
If your machine has more interfaces (for example, interfaces 5 and 6) then they should also be configured to be forwarding and advertising.
As a result of these commands, MSR IPv6 will automatically configure addresses on interfaces #3 and #4 using the respective subnet prefixes. The two interfaces will start sending Router Advertisements at approximately 3-10 minute intervals.
Hosts receiving these Router Advertisements will automatically configure themselves with a default route and a 6to4 address derived from their link's subnet prefix. They will have communication to other 6to4 sites and the 6bone via the gateway machine.
See our configuration documentation for more information about ipv6.exe.
If you're having problems, try the following steps.
First, check your IPv4 connectivity to the 6to4 relay router:
ping 131.107.65.121
If this fails, then you do not have global internet connectivity.
Next, check IPv6 encapsulation by using automatic tunneling:
ping6 ::131.107.65.121
If this fails, then you might have a firewall or NAT (network
address translator) between you and the internet. If this works,
then your internet connection can support 6to4.
Finally, check the output of ipv6 rt
. You should see
a route 2002::/16 -> 2
.
Check the output of ipv6 if 2
.
You should see a preferred address with a 2002::/16
prefix.