cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

How 6to4 Tunneling find the destination Tunnel peer IP address

1620
Views
0
Helpful
2
Comments

Introudction:

In This Doc i will focus on The 6to4 Tunneling mechanism on finding the destination Tunnel peer IP address as this part was not clear for me in many Docs and articles that i had read

Topology:

Scenario:

From the above topology we have IPv4 as the Transport between the routers and IPv6 will be tunneled into IPv4 to reach the IPv6 Destinations

I have this static route entry on all the three routers as follows:

ipv6 route 2002::/16 Tunnel0

6to4 Mechanism to find the destination peer:

When Any 6to4 router wants to reach any IPv6 destination it is going to checking

the RIB for routing information and since we have the above static route pointing to Tunnel0, The router will understand it is a 6to4 Tunnel interface and will extract the a 32bit  from the IPv6 destination address to get the Destination peer IPv4 tunnel destionation ... Ha!

Example1:

R1 to reach Int loopback 2 on R2

R1#ping  2002:C0A8:102:1::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2002:C0A8:102:1::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/50/92 ms

Behinde the Scens as we said R1 will find that to reach this IPv6 address he will use the Tunnel interface which is configured for 6to4 Tunnel ... hence it will extract the the 2nd and 3rd Section of the destination IPv6 add (32bit) and convert it decimal to get the destination tunnel interface IPv4 address

2002:C0A8:102:1::1

C0A8:102  > HEX-Decimal > 192.168.1.2 which is R2 Tunnel source interface
This is not by Coincednce this is by Design as when i configured the Loopback 2 on R2 i used the same first 48bit from the Tunnel Source to make this to work ... so it is reverse engineering

Example2:

R1 to reach Int loopback 3 on R3

R1#ping  2001::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2002::1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Why this didn't work ?!!  Simple, follow the same rule ...

When R1 tries to extract the IPv4 tunnel destination address it can't or in other casese it won't find a route since we have only one route for 2002::/16

So to solve this issue we need to add another route so that R1 can know the destination tunnel IPv4 peer.

ipv6 route 2001::/64 2002:C0A8:103::1

Now R1 will do recursive lookup on the above route and will know to reach next-hop

2002:C0A8:103::1 i will go to Tunnel 0 .. hence it is going to extract the IPv4 address

this time from the Next_hop ...

2002:C0A8:103::1

C0A8:103 > HEX-Decimal > 192.168.1.3 which is R3 Tunnel source interface and now R1

can reach the destination

R1#ping 2001::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/49/72 ms

Conclusion:

6to4 mechanism is to extract the 32bit from the destination IPv6 address or the next hop address to know the Tunnel destination IPv4

 Hence 6to4 uses special IPv6 addressing which is activated when using Tunnel mode 6to4

2002:XXXX:XXXX:/48  ( minimum address to be allocated to a Tunnel Interface )

XXXX:XXXX is the Tunnel IPv4 in Hex Decimal

So when desiging 6to4 Tunnel keep this point in mind

Regards

Michael Rizk

Comments
r.shummoogum
Beginner

Hello:

I think on your diagram you got the IP addresses reversed.

192.168.1.2 should be on R2 and not R3

Thanks

Michael Rizk
Beginner

Well spotted .. Thanks r.shummoogum