IPv6 6RD (Rapid Deployment)

IPv6 6RD (Rapid Deployment) is an IPv6 tunneling technique, similar to 6to4 tunneling. It is stateless and encapsulates IPv6 packets into IPv4 packets.

IPv6 6RD (Rapid Deployment) is an IPv6 tunneling technique, similar to 6to4 tunneling. It is stateless and encapsulates IPv6 packets into IPv4 packets. 6to4 tunneling has some limitations which are why ISPs never really implemented it: Packets from native IPv6 hosts have to traverse a 6to4 relay rou



6to4 tunneling has some limitations which are why ISPs never really implemented it:

  • Packets from native IPv6 hosts have to traverse a 6to4 relay router so that IPv6 packets can be encapsulated in IPv4 packets. On the Internet, however, there is no guarantee that those packets are routed towards a relay.
  • 6to4 tunneling uses the 2002::/16 prefix. Every ISP that offers 6to4 tunneling advertises the 2002::/16 prefix, the downside of this is that an ISP might receive traffic destined for other ISPs that also offer 6to4 tunneling. We can either relay or drop those packets. Dropping means we blackhole traffic, relaying it means we process traffic from both our customers and customers from other ISPs. It’s difficult to guarantee a certain quality of service for the ISP’s customers.

6RD builds upon the 6to4 tunneling mechanism and gets rid of its biggest weakness, the use of the 2002::/16 prefix. Instead, each ISP will use a unique IPv6 prefix that belongs to the ISP. This has the following advantages:

  • All 6RD hosts are reachable from all native IPv6 hosts that can reach the ISP IPv6 network.
  • The relay belongs to the ISP and only does 6to4 tunneling for the customers of the ISP so they are completely responsible for the quality of service.
  • Reduced scope for anonymous traffic attacks that are possible with 6to4 RFC3964 since the ISP now only processes traffic from its own customers.

Let’s look at a global overview of how 6RD works:

Ipv6 Prefix Delegation Example

The ISP has an internal IPv4 network. Each customer has a CE router (Customer Equipment), sometimes called the RG (Residential Gateway) with an IPv4 address on the WAN side. On the LAN, we can have IPv4 and IPv6 hosts. When an IPv6 host transmits a packet, the CE router encapsulates the IPv6 packet in an IPv4 packet and depending on the destination, it is transferred to another CE router or the BR (Border Relay) router of the ISP.

The border relay router has an IPv4 address on the ISP network side and provides connectivity between the CE routers and the IPv6 Internet. When it receives an IPv6 packet that is encapsulated in an IPv4 packet from one of the CEs, it de-encapsulates the packet and forwards it to the IPv6 internet.

6RD is stateless so packets don’t have to go through the same border relay router. For high availability and load balancing reasons, we can add more than one border relay router. Each border relay router needs to be configured with the same IPv4 address (anycast) so that CE routers are routed to the closest border relay.

6RD addressing and prefixes

Let’s take a closer look at how IPv6 packets are encapsulated in IPv4.

To make 6RD work, we need three things:

  • An IPv6 prefix and prefix length that the ISP wants to use for 6RD.
  • Embedded IPv4 address in the IPv6 prefix.
  • 6RD border relay IPv4 address.

The ISP decides on all these items. They select an IPv6 prefix and prefix length that they want to use for 6RD, and the IPv4 addresses that the CE routers and BRs should get.

We know that a CE router can get its IPv4 address from a DHCP server but what about the IPv6 prefix, prefix length, and the 6RD border relay IPv4 address? We can push those values using three different options:

  • TR-069: this is a protocol for remote management of customer equipment (CE) connected devices.
  • DHCP option 212
  • PPP IPCP option

Here’s an example of DHCP option 212:

Ipv6 Rd Dhcp Option 212

Let me explain these fields:

  • Option 6RD: this defines the DHCP option value, 212 for 6RD.
  • Option Length: the length of this option in bytes. With one BR (border relay) IPv4 address, it’s 22 bytes.
  • IPv4 Mask Length: the number of bits that all CE router IPv4 addresses have in common. I’ll explain why we need this in a bit when we look at the 6RD prefix in detail.
  • 6RD prefix length: as the name implies, the prefix length of our 6RD prefix in bits.
  • 6RD prefix: the prefix that the ISP wants to use for 6RD.
  • 6RD BR IPv4 address(es): the IPv4 address(es) of one or more BRs. You can also use the same IPv4 address (anycast) on all BRs.

When the CE knows its IPv4 address, the 6RD prefix, and the prefix length then it has all the information it needs to build the complete customer IPv6 prefix. The format looks like this:

Ipv6 6rd Prefix Format

Let me explain these fields:

  • 6RD prefix: this is the prefix that the ISP uses for 6RD.
  • IPv4 address: the IPv4 address of the CE is embedded in the IPv6 prefix.
  • Subnet: these bits can be used to create multiple subnets for each customer.
  • Interface ID: the last 64 bits are used to create a unique ID for each host.

The default allocation of IPv6 prefixes is 32 bits and an IPv4 address is also 32 bits. This means that an ISP could only assign a single 64-bit prefix to each customer if it decides to include the entire 32-bit IPv4 address in the prefix.

For example, let’s say the 6RD prefix is 2001:DB8::/32 and a CE has IPv4 address 192.168.1.1.

192.168.1.1 in hexadecimal is C0A8:0101 so our customer 6RD prefix then looks like this:

Ipv6 6rd Prefix Format Full Ipv4 Address

There are no bits left to create multiple subnets. If you only want to assign a single 6RD prefix to each customer then this is no problem but if you want your customer to get more than one prefix, we’ll have to do something about it.

Each ISP only owns a small part of the entire IPv4 address space so there is no need to include the entire IPv4 address. For example, let’s say we have a small ISP that only uses the 192.168.1.0/24 address space for CEs. There is no need to include the 192.168.1. subnet in the prefix, since the first 24 bits are always the same. We only need to include the 8 host bits that are unique to each CE. If the CE router knows the BR IPv4 address and the common bits, then we only include our unique host part of the IPv4 address and save bits for subnets.

Here’s an example:

Ipv6 6rd Prefix Format Common Bits

Above we see that we only included the 8 host bits so have 24 bits left we can use for subnets. This allows our customer to create 2^24  = 16777216 subnets.

6RD Packet Encapsulation

We have seen how CE routers generate their customer IPv6 6RD prefix, now let’s take a look at how the encapsulation works. There are two options:

  • Within domain: IPv6 traffic from one CE router to another CE router.
  • Outside domain: IPv6 traffic from one CE router to an IPv6 host outside of the ISP network.

Let’s take a closer look at both options.

Within domain

This is traffic that is destined for one of the CE routers within the ISP domain. This could be traffic from one CE to another CE, or from a native IPv6 host on the Internet destined for a CE router. Let’s look at an example where we have traffic from one CE router to another CE router:

Ipv6 6rd Within Domain Traffic Topology

The ISP uses the 192.168.1.0/24 subnet and each router has an IPv4 address. Behind each CE router, we have a host with an IPv6 address:

  • H1: 2001:DB8:100:10::1
  • H2: 2001:DB8:200:10::1

H2 sends an IPv6 packet destined for H1. Here’s what the encapsulated IPv6 packet looks like:

Ipv6 6rd Embedded Ipv4 Copy

The router checks for the destination and compares it with the ISP 6RD prefix (2001:DB8::/32) that I highlighted in red. When there is a match, the destination IPv4 address host bits are derived from the IPv6 destination address.

Outside Domain

Let’s look at an example where H1 wants to send an IPv6 packet to a destination outside of the ISP network:

Ipv6 6rd Outside Domain Traffic Topology

Here’s the encapsulated packet:

Ipv6 6rd Outside Domain Encapsulated Packet

This packet is destined for 2001:4860:4860::8888 (Google DNS server). The CE router checks if the destination matches the ISP 6RD prefix (2001:DB8::/32) but since there is no match, it enters the IPv4 address of the BR as the destination.

Configuration

Now you have an idea of how 6RD works, let’s see it in action. I will use the following topology to demonstrate this:

Ipv6 Rd6 Lab Topology

Configurations

Want to take a look for yourself? Here you will find the startup configuration of each device.

BR1

hostname BR1
!
ip cef
!
interface Loopback0
 ipv6 address 2001:4860:4860::8888/128
!
interface GigabitEthernet0/1
 ip address 192.168.1.3 255.255.255.0
!
end

CE1

hostname CE1
!
ip cef
!
interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0
!
end

CE2

hostname CE2
!
ip cef
!
interface GigabitEthernet0/1
 ip address 192.168.1.2 255.255.255.0
!
end


IPv6 6RD (Rapid Deployment) is an IPv6 tunneling technique, similar to 6to4 tunneling. It is stateless and encapsulates IPv6 packets into IPv4 packets. 6to4 tunneling has some limitations which are why ISPs never really implemented it: Packets from native IPv6 hosts have to traverse a 6to4 relay rou



We have a small ISP network with one BR and two CE routers. This ISP uses 2001:DB8::/32 as the RD6 prefix. All routers are connected to IPv4 network 192.168.1.0/24 with their GigabitEthernet 0/1 interfaces.

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 660 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

503 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags:


Forum Replies

  1. Hello,

    I have a question regarding the 6to4 implementation:
    Should it work if i use another prefix than 2002:?

    I read couple of articles and in every place it’s written that 2002 is reserved for 6to4 implementation (like router knows how to extract 32 bit IPv4 address encoded in Hex format that goes after that prefix).

    But in my lab i just used another prefix (just for testing): 1002: and the 6to4 stuff worked properly as well.

    Can you please explain this behavior? Is it a correct and expected behavior or not?

    Thanks,
    Vladimir

  2. Hi @hussien.samer

    Remove the following two static routes:

    R1(config)#ipv6 route 2001::3/128 2002:C0A8:1703::3  
    R3(config)#ipv6 route 2001::1/128 2002:C0A8:C01::1  
    

    And then add a BGP configuration like this. R1:

    R1(config)#router bgp 13
    R1(config-router)#bgp log-neighbor-changes
    R1(config-router)#neighbor 2002:C0A8:1703::3 remote-as 13
    
    R1(config-router)#address-family ipv6
    R1(config-router-af)# neighbor 2002:C0A8:1703::3 activate
    R1(config-router-af)#exit-address-family
    

    R3:

    R3(config)#router bgp 13
    R3(config-router)#bgp log-neighbor-changes
    R3(config-router
    ... Continue reading in our forum

  3. Hey, can you please explain this sentence more thoroughly:
    “The second step is that we can create subnets from /48 up to /64 prefixes for all the subnets behind the end-point.”

    Why shouldn’t we always use a host mask (/128) for the tunnel 6to4 address?
    (2002:C0A8:1703::/128 for your configuration)

  4. Hello Inon

    If we have an IPv4 address of 192.168.23.3 as in the lesson, then the automatic 6to4 tunnelling will use 2002:C0A8:1703 as the beginning of the IPv6 address. Now from this, we can use any subnet prefix of /48 to /64 to represent the IPv6 addresses behind each end of the tunnel. So in a sense, 2002:C0A8:1703::/48 represents the tunnel interface on R1. All IPv6 addresses behind R1 will be mapped to the appropriate address. For example:

    We ping from 2001::3/128 to 2001::1/128. When the ping reaches R3, it will be converted to 2002:C0A8:1703::1, sen

    ... Continue reading in our forum

29 more replies! Ask a question or join the discussion by visiting our Community Forum