Configuring 6to4 Connectivity with Microsoft Research IPv6

January 13, 2000 (Check here for the latest version.)

Carpenter/Moore's 6to4 is a method for connecting IPv6 sites over the existing IPv4 Internet infrastructure. It uses a special address prefix to give isolated IPv6 sites their own IPv6 address space. 6to4 is like a "pseudo-ISP" providing IPv6 connectivity. You can use 6to4 to communicate directly with other 6to4 sites. You can also use a 6to4 relay to communicate with 6bone sites.

The main requirement for using 6to4 is that you need one globally routable IPv4 address for your site. Your site consists of a collection of IPv6 machines (some running Microsoft Research IPv6, perhaps some running other IPv6 implementations) that you manage, probably all directly connected via ethernet or Carpenter/Jung 6-over-4. The globally routable IPv4 address must be assigned to one of your machines running Microsoft Research IPv6. This machine will be your 6to4 gateway.

If you have an address like 10.x.y.z, or with prefix 10/8, 172.16/12, 192.168/16, or 169.254/16, then it is not globally routable. Otherwise it probably is globally routable. See the Debugging section in this document for more help in determining whether your ISP connection will support 6to4.

6to4cfg.exe

The 6to4cfg.exe command automates 6to4 configuration. It automatically discovers your globally routable IPv4 address and creates a 6to4 prefix. It will either perform the configuration directly, or it can write out a configuration script that you can inspect and run later.

The basic 6to4cfg.exe command syntax is 6to4cfg [options] [filename]. In more detail:

6to4cfg [filename]
If you specify a file name, the configuration script is written to the file. The configuration script uses the ipv6.exe command.
You can specify con for the filename to write the configuration script to console output. This is useful for seeing what 6to4cfg.exe will do without actually doing it.
If you do not specify a file name, 6to4cfg.exe directly updates your machine's IPv6 configuration.
6to4cfg -r
Become a 6to4 gateway router for your local network. This will enable routing on all your interfaces and assign subnet prefixes.
6to4cfg -s
Enables site-local addressing inside your 6to4 site. Only meaningful when used in conjunction with -r.
6to4cfg -u
Specifies that the 6to4 configuration should be reversed. So 6to4cfg -u undoes the effect of 6to4cfg, 6to4cfg -r -u undoes the effect of 6to4cfg -r, etc.
6to4cfg -R v4-addr
Specifies the IPv4 address of a 6to4 relay router. The default address is 131.107.65.121, which is the 6to4 relay router operated by Microsoft Research.

Manual 6to4 Configuration

To make this concrete, in this example the globally routable address of the 6to4 gateway is 172.31.42.239. Of course, you will need your own globally routable IPv4 address to use 6to4.

The 32-bit globally routable IPv4 address is combined with the 16-bit prefix 2002::/16 to form a 48-bit IPv6 address prefix for your site. In this example, the 6to4 site prefix is 2002:ac1f:2aef::/48. Note that ac1f:2aef is the hexadecimal encoding of 172.31.42.239. (Of course, you will use a different prefix based on your own globally routable IPv4 address.) Using the 6to4 site prefix, you can assign addresses and subnet prefixes inside your site.

This example assumes that you use subnet 0 for manually configuring a 6to4 address on your 6to4 gateway machine and that you use subnet 1 for automatically configuring addresses on your ethernet. But other choices are possible.

First, use the ipv6.exe command to enable 6to4 on your 6to4 gateway machine:

ipv6 rtu 2002::/16 2

The ipv6 rtu command performs a routing table update operation. It can be used to add, remove, or update a route. In this case it is enabling 6to4.

The 2002::/16 argument is the route's prefix - it specifies the special 6to4 prefix.

The 2 argument specifies the on-link interface for this prefix. Interface #2 is the "pseudo-interface" used for configured tunnels, automatic tunneling, and 6to4. When an IPv6 destination address matches the 2002::/16 prefix, the 32 bits that follow the prefix in the destination address are extracted to form an IPv4 destination address. The packet is encapsulated with an IPv4 header and sent to the IPv4 destination address.

Second, configure a 6to4 address on your 6to4 gateway machine:

ipv6 adu 2/2002:ac1f:2aef::ac1f:2aef

The ipv6 adu command performs an address update operation. It can be used to add, remove, or update an address on an interface. In this case it is configuring the machine's 6to4 address.

The 2/2002:ac1f:2aef::ac1f:2aef argument specifies the interface and the address. It says to configure address 2002:ac1f:2aef::ac1f:2aef on interface #2. The address is created using the site prefix 2002:ac1f:2aef::/48, plus subnet 0 to give a subnet prefix 2002:ac1f:2aef::/64, plus a 64-bit interface identifier. Our convention is to use the machine's IPv4 address for the interface identifer for addresses assigned to interface #2. In your usage, ac1f:2aef should be replaced by the hexadecimal encoding of your own globally routable IPv4 address.

The above two commands are sufficient to allow communication with other 6to4 sites. For example, trying pinging the Microsoft Research 6to4 site:

ping6 2002:836b:4179::836b:4179

To enable communication with the 6bone, you must create a default configured tunnel to a 6to4 relay. You can use MSR's 6to4 relay router, 131.107.65.121:

ipv6 rtu ::/0 2/::131.107.65.121 pub life 1800

The ipv6 rtu command performs a routing table update operation. In this case it is establishing a default route to the 6to4 relay.

The ::/0 argument is the route's prefix - the zero-length prefix means it is a default route.

The 2/::131.107.65.121 argument specifies the next-hop neighbor for this prefix. It says to forward packets that match the prefix to address ::131.107.65.121 using interface #2. Forwarding a packet to ::131.107.65.121 on interface #2 causes it to be encapsulated with a v4 header and sent to 131.107.65.121.

The pub argument makes this a published route. This is only relevant for routers, so unless/until routing is enabled it has no effect. Similarly, the 30 minute lifetime is only relevant if routing is enabled.

Now you should be able to access 6bone sites as well as 6to4 sites. Use the following command to test this:

ping6 3ffe:1cff:0:f5::1

See our 6bone instructions for a list of other 6bone sites.

The final step is to enable routing on your 6to4 gateway. This example assumes that interface #3 on your gateway machine is an ethernet interface and interface #4 is a 6-over-4 interface. Your machine may number its interfaces differently. The following two commands assign subnet prefixes to the two links. The subnet prefixes are derived from the site's 6to4 prefix 2002:ac1f:2aef::/48:

ipv6 rtu 2002:ac1f:2aef:1::/64 3 pub life 1800
ipv6 rtu 2002:ac1f:2aef:2::/64 4 pub life 1800

Here the ipv6 rtu command specifies that the prefix 2002:ac1f:2aef:1::/64 is on-link to interface #3. It is configuring the first subnet prefix on the ethernet interface. The route is published with a lifetime of 30 minutes.

Similarly, the 2002:ac1f:2aef:2::/64 prefix is configured on the 6-over-4 interface.

Finally, the next three commands enable the 6to4 gateway machine to be a router:

ipv6 ifc 2 forw
ipv6 ifc 3 forw adv
ipv6 ifc 4 forw adv

The ipv6 ifc command controls attributes of an interface. A router both forwards packets and sends Router Advertisements. In the Microsoft Research IPv6 implementation, these are separately controlled per-interface attributes.

Interface #2 does not need to be advertising because it is a pseudo-interface.

If your machine has more interfaces (for example, interfaces 5 and 6) then they should also be configured to be forwarding and advertising.

As a result of these commands, Microsoft Research IPv6 will automatically configure addresses on interfaces #3 and #4 using the respective subnet prefixes. The two interfaces will start sending Router Advertisements at approximately 3-10 minute intervals.

Hosts receiving these Router Advertisements will automatically configure themselves with a default route and a 6to4 address derived from their link's subnet prefix. They will have communication to other 6to4 sites and the 6bone via the gateway machine.

See our configuration documentation for more information about ipv6.exe.

Debugging

If you're having problems, try the following steps.

First, check your IPv4 connectivity to the 6to4 relay router:
ping 131.107.65.121
If this fails, then you do not have global internet connectivity.

Next, check IPv6 encapsulation by using automatic tunneling:
ping6 ::131.107.65.121
If this fails, then you might have a firewall or NAT (network address translator) between you and the internet. If this works, then your internet connection can support 6to4.

Finally, check the output of ipv6 rt. You should see a route 2002::/16 -> 2. Check the output of ipv6 if 2. You should see a preferred address with a 2002::/16 prefix.