Routing IPv6 Traffic over an IPv4 Infrastructure
Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
An eventual successful transition to IPv6 requires interim coexistence of IPv6 nodes in today’s predominantly IPv4 environment. To support this, IPv6 packets are automatically tunneled over IPv4 routing infrastructures, enabling IPv6 clients to communicate with each other by using 6to4 or ISATAP addresses and tunneling IPv6 packets across IPv4 networks. For information about automatic tunneling of IPv6 packets, see RFC 2893, "Transition Mechanisms for IPv6 Hosts and Routers."
Support for IPv6 automatic tunneling technologies in Windows XP and Windows Server 2003 includes:
6to4, to provide automatic intersite tunnels across the IPv4 Internet.
ISATAP, to provide automatic intrasite tunnels.
A computer running Windows XP or Windows Server 2003 can automatically configure itself for 6to4 and ISATAP tunneling. The IPv6 Helper service, included with the IPv6 protocol for Windows XP and Windows Server 2003, provides support for 6to4 hosts and 6to4 routers. Use netsh interface IPv6 isatap context commands to configure the IPv6 Helper service. In addition, you can configure a computer running Windows XP or Windows Server 2003 as a 6to4 router by enabling the Internet Connection Sharing (ICS) feature on the interface that is connected to the Internet.
Both 6to4 and ISATAP encapsulate an IPv6 packet within an IPv4 header. However, they send the packet across an IPv4 infrastructure in different ways:
6to4 uses the IPv6 prefix. 6to4 uses a public IPv4 address to create the 64-bit subnet identifier portion for an IPv6 address. For example, 22.214.171.124 becomes 2002:836B:4798::/48.
ISATAP uses the IPv6 interface ID. ISATAP uses a locally assigned IPv4 address (public or private) to create a 64-bit interface identifier. For example, 172.31.71.152 becomes ::0:5EFE:172.31.71.152.
In both cases, IPv4 addresses that are embedded in portions of the IPv6 address provide the information to determine the source and destination addresses in the encapsulating IPv4 header.
By deploying 6to4 or ISATAP, you can integrate IPv6 traffic into your IPv4 network environment. Understanding examples of each automatic tunneling technology can help you decide whether to deploy 6to4, ISATAP, or both as you introduce IPv6 on your network.
For an introduction to IPv6, including information about router-to-router, host-to-router, router-to-host, and host-to-host tunneling configurations that underlie 6to4 and ISATAP tunneling, see the Networking Collection of the Windows Server 2003 Technical Reference (or see the Networking Collection on the Web at http://www.microsoft.com/reskit).
Using 6to4 for IPv6 Traffic Between Subnets or Between Sites
6to4 is an address assignment and router-to-router automatic tunneling technology that is described in RFC 3056, "Connection of IPv6 Domains via IPv4 Clouds." To facilitate the introduction of IPv6 in current IPv4 environments, IPv6 is designed so that you can use 6to4 to handle traffic between IPv6 nodes without obtaining an IPv6 global address prefix from an IPv6 ISP, and without a direct connection to the IPv6 Internet.
Figure 1.16 shows one way to use 6to4 to handle the following types of traffic:
Direct 6to4 host communication within a site (no tunnel). A 6to4 host can communicate directly with another 6to4 host within the same site. A 6to4 host is an IPv6 host that is configured with at least one 6to4 address (a global address with the 2002::/16 prefix). Host A and Host B in Figure 1.16 use the local 6to4 router to communicate with each other.
Tunnel across the IPv4 Internet by using a 6to4 router. A 6to4 host can communicate with a non-local 6to4 host by using a tunnel from a local 6to4 router across an IPv4 network (such as the Internet) to a 6to4 router at the destination site. The first 6to4 router encapsulates the packet in an IPv4 header; the receiving 6to4 router removes the IPv4 header and then forwards the IPv6 packet to the destination 6to4 host. During the first and last stages of the packet’s transmission — from the sending 6to4 host to its 6to4 router, and from the recipient 6to4 router to the destination 6to4 host — the IPv6 routing infrastructure in place at each site is used. In Figure 1.16, 6to4 Host A (or 6to4 Host B) sends its packet to 6to4 Router 1, which tunnels it across the IPv4 Internet to 6to4 Router 2, which then forwards the packet to 6to4 Host C.
Tunnel across the IPv4 Internet to the IPv6 Internet by using a 6to4 router and a 6to4 relay. A 6to4 host on an IPv4 network can communicate with an IPv6-only host on the IPv6 Internet by using a tunnel from a local 6to4 router across the IPv4 Internet to a 6to4 relay that then forwards the packet across the IPv6 Internet to the recipient IPv6-only host. In this case, it is the 6to4 relay that removes the IPv4 header and forwards the IPv6 packet to the recipient IPv6-only host. In Figure 1.16, Host A (or Host B) sends its packet to 6to4 Router 1, which tunnels it across the IPv4 Internet to the 6to4 relay, which then forwards the packet to 6to4 Host D.
Figure 1.16 Using 6to4 to Route IPv6 Packets
In Figure 1.16, 6to4 Router 2 represents a computer running Windows XP with ICS enabled. The private interface of the ICS computer connects to a single-subnet intranet, and the ICS computer’s public interface connects to the IPv4 Internet. The private interface of an ICS computer always uses the private IPv4 address 192.168.0.1.
Using ISATAP for IPv6 Traffic Between Subnets
Intrasite Automatic Tunnel Addressing Protocol (ISATAP) is an address assignment and automatic tunneling technology that is described in the Internet Draft "Intrasite Automatic Tunnel Addressing Protocol (ISATAP)." ISATAP enables unicast communication between IPv6/IPv4 nodes in an IPv4 intranet.
ISATAP derives an interface identifier (the last 64 bits of an IPv6 address) from any IPv4 address assigned to the node, either public or private. The ISATAP address format supports configuration of global addresses (including 6to4), site-local addresses, and link-local addresses.
Figure 1.17 shows two IPv6/IPv4 hosts communicating over an IPv4 network by using each other’s automatically configured link-local ISATAP address.
Figure 1.17 Using Link-Local ISATAP Addresses to Route IPv6 Packets on an IPv4 Network
IPv6/IPv4 hosts can also communicate with non-local IPv6/IPv4 hosts by using ISATAP-derived global addresses, and by using an ISATAP router to tunnel packets through an IPv4 infrastructure. Under the IPv6 protocol that Windows XP and Windows Server 2003 support, you can use either of the following methods to configure the intranet IPv4 address of an ISATAP router:
Name resolution (preferred). For computers running Windows XP (SP1 or later) or Windows Server 2003, automatic resolution of the name ISATAP to an IPv4 address. To ensure successful name resolution, name the computer used as the ISATAP router ISATAP. A computer running Windows XP or Windows Server 2003 then automatically registers the appropriate records in DNS and WINS. For computers running Windows XP (earlier than SP1), the name resolved is _ISATAP.
Netsh commands for Interface IPv6. Manual configuration by using commands in the Netsh Interface IPv6 context.
An ISATAP host sends an IPv4-encapsulated Router Solicitation message to a configured ISATAP router. The ISATAP router responds with an IPv4-encapsulated unicast Router Advertisement message that contains prefixes for use in autoconfiguring ISATAP-based addresses. This additional configuration is needed only when the host’s subnet does not contain an IPv6 router.
The example in Figure 1.18 shows how two ISATAP hosts that use 6to4 prefixes can communicate across the Internet even though each site is using the 192.168.0.0/16 private address space.
Figure 1.18 Using 6to4 and ISATAP to Route IPv6 Packets Across the IPv4 Internet
Hosts running Windows XP or Windows Server 2003 determine whether to use 6to4, ISATAP, or both depending on their IPv4 configuration.