IPv6 6RD (Rapid Deployment)

IPv6 6RD (Rapid Deployment) is an IPv6 tunneling technique, similar to 6to4 tunneling. It is stateless and encapsulates IPv6 packets into IPv4 packets.

6to4 tunneling has some limitations which are why ISPs never really implemented it:

  • Packets from native IPv6 hosts have to traverse a 6to4 relay router so that IPv6 packets can be encapsulated in IPv4 packets. On the Internet, however, there is no guarantee that those packets are routed towards a relay.
  • 6to4 tunneling uses the 2002::/16 prefix. Every ISP that offers 6to4 tunneling advertises the 2002::/16 prefix, the downside of this is that an ISP might receive traffic destined for other ISPs that also offer 6to4 tunneling. We can either relay or drop those packets. Dropping means we blackhole traffic, relaying it means we process traffic from both our customers and customers from other ISPs. It’s difficult to guarantee a certain quality of service for the ISP’s customers.

6RD builds upon the 6to4 tunneling mechanism and gets rid of its biggest weakness, the use of the 2002::/16 prefix. Instead, each ISP will use a unique IPv6 prefix that belongs to the ISP. This has the following advantages:

  • All 6RD hosts are reachable from all native IPv6 hosts that can reach the ISP IPv6 network.
  • The relay belongs to the ISP and only does 6to4 tunneling for the customers of the ISP so they are completely responsible for the quality of service.
  • Reduced scope for anonymous traffic attacks that are possible with 6to4 RFC3964 since the ISP now only processes traffic from its own customers.

Let’s look at a global overview of how 6RD works:

Ipv6 Prefix Delegation Example

The ISP has an internal IPv4 network. Each customer has a CE router (Customer Equipment), sometimes called the RG (Residential Gateway) with an IPv4 address on the WAN side. On the LAN, we can have IPv4 and IPv6 hosts. When an IPv6 host transmits a packet, the CE router encapsulates the IPv6 packet in an IPv4 packet and depending on the destination, it is transferred to another CE router or the BR (Border Relay) router of the ISP.

The border relay router has an IPv4 address on the ISP network side and provides connectivity between the CE routers and the IPv6 Internet. When it receives an IPv6 packet that is encapsulated in an IPv4 packet from one of the CEs, it de-encapsulates the packet and forwards it to the IPv6 internet.

6RD is stateless so packets don’t have to go through the same border relay router. For high availability and load balancing reasons, we can add more than one border relay router. Each border relay router needs to be configured with the same IPv4 address (anycast) so that CE routers are routed to the closest border relay.

6RD addressing and prefixes

Let’s take a closer look at how IPv6 packets are encapsulated in IPv4.

To make 6RD work, we need three things:

  • An IPv6 prefix and prefix length that the ISP wants to use for 6RD.
  • Embedded IPv4 address in the IPv6 prefix.
  • 6RD border relay IPv4 address.

The ISP decides on all these items. They select an IPv6 prefix and prefix length that they want to use for 6RD, and the IPv4 addresses that the CE routers and BRs should get.

We know that a CE router can get its IPv4 address from a DHCP server but what about the IPv6 prefix, prefix length, and the 6RD border relay IPv4 address? We can push those values using three different options:

  • TR-069: this is a protocol for remote management of customer equipment (CE) connected devices.
  • DHCP option 212
  • PPP IPCP option

Here’s an example of DHCP option 212:

Ipv6 Rd Dhcp Option 212

Let me explain these fields:

  • Option 6RD: this defines the DHCP option value, 212 for 6RD.
  • Option Length: the length of this option in bytes. With one BR (border relay) IPv4 address, it’s 22 bytes.
  • IPv4 Mask Length: the number of bits that all CE router IPv4 addresses have in common. I’ll explain why we need this in a bit when we look at the 6RD prefix in detail.
  • 6RD prefix length: as the name implies, the prefix length of our 6RD prefix in bits.
  • 6RD prefix: the prefix that the ISP wants to use for 6RD.
  • 6RD BR IPv4 address(es): the IPv4 address(es) of one or more BRs. You can also use the same IPv4 address (anycast) on all BRs.

When the CE knows its IPv4 address, the 6RD prefix, and the prefix length then it has all the information it needs to build the complete customer IPv6 prefix. The format looks like this:

Ipv6 6rd Prefix Format

Let me explain these fields:

  • 6RD prefix: this is the prefix that the ISP uses for 6RD.
  • IPv4 address: the IPv4 address of the CE is embedded in the IPv6 prefix.
  • Subnet: these bits can be used to create multiple subnets for each customer.
  • Interface ID: the last 64 bits are used to create a unique ID for each host.

The default allocation of IPv6 prefixes is 32 bits and an IPv4 address is also 32 bits. This means that an ISP could only assign a single 64-bit prefix to each customer if it decides to include the entire 32-bit IPv4 address in the prefix.

For example, let’s say the 6RD prefix is 2001:DB8::/32 and a CE has IPv4 address in hexadecimal is C0A8:0101 so our customer 6RD prefix then looks like this:

Ipv6 6rd Prefix Format Full Ipv4 Address

There are no bits left to create multiple subnets. If you only want to assign a single 6RD prefix to each customer then this is no problem but if you want your customer to get more than one prefix, we’ll have to do something about it.

Each ISP only owns a small part of the entire IPv4 address space so there is no need to include the entire IPv4 address. For example, let’s say we have a small ISP that only uses the address space for CEs. There is no need to include the 192.168.1. subnet in the prefix, since the first 24 bits are always the same. We only need to include the 8 host bits that are unique to each CE. If the CE router knows the BR IPv4 address and the common bits, then we only include our unique host part of the IPv4 address and save bits for subnets.

Here’s an example:

Ipv6 6rd Prefix Format Common Bits

Above we see that we only included the 8 host bits so have 24 bits left we can use for subnets. This allows our customer to create 2^24  = 16777216 subnets.

6RD Packet Encapsulation

We have seen how CE routers generate their customer IPv6 6RD prefix, now let’s take a look at how the encapsulation works. There are two options:

  • Within domain: IPv6 traffic from one CE router to another CE router.
  • Outside domain: IPv6 traffic from one CE router to an IPv6 host outside of the ISP network.

Let’s take a closer look at both options.

Within domain

This is traffic that is destined for one of the CE routers within the ISP domain. This could be traffic from one CE to another CE, or from a native IPv6 host on the Internet destined for a CE router. Let’s look at an example where we have traffic from one CE router to another CE router:

Ipv6 6rd Within Domain Traffic Topology

The ISP uses the subnet and each router has an IPv4 address. Behind each CE router, we have a host with an IPv6 address:

  • H1: 2001:DB8:100:10::1
  • H2: 2001:DB8:200:10::1

H2 sends an IPv6 packet destined for H1. Here’s what the encapsulated IPv6 packet looks like:

Ipv6 6rd Embedded Ipv4 Copy

The router checks for the destination and compares it with the ISP 6RD prefix (2001:DB8::/32) that I highlighted in red. When there is a match, the destination IPv4 address host bits are derived from the IPv6 destination address.

Outside Domain

Let’s look at an example where H1 wants to send an IPv6 packet to a destination outside of the ISP network:

Ipv6 6rd Outside Domain Traffic Topology

Here’s the encapsulated packet:

Ipv6 6rd Outside Domain Encapsulated Packet

This packet is destined for 2001:4860:4860::8888 (Google DNS server). The CE router checks if the destination matches the ISP 6RD prefix (2001:DB8::/32) but since there is no match, it enters the IPv4 address of the BR as the destination.

Now you have an idea of how 6RD works, let’s see it in action. I will use the following topology to demonstrate this:

Ipv6 6RD Lab Topology


Want to take a look for yourself? Here you will find the startup configuration of each device.


hostname BR1
ip cef
interface Loopback0
 ipv6 address 2001:4860:4860::8888/128
interface GigabitEthernet0/1
 ip address


hostname CE1
ip cef
interface GigabitEthernet0/1
 ip address


hostname CE2
ip cef
interface GigabitEthernet0/1
 ip address

We have a small ISP network with one BR and two CE routers. This ISP uses 2001:DB8::/32 as the 6RD prefix. All routers are connected to IPv4 network with their GigabitEthernet 0/1 interfaces.

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 791 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

1644 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!


Forum Replies

  1. Hi Rene

    Question, should the following sentence under Within Network say IPv4 rather than IPv6?

    “The destination IPv6 address network bits are derived from the BR IPv6 address that the router knows.”

    Also how does 100:10::1 get mapped to .1 on the IPv4 side?

    And on Outside Domain, why is the IPv4 Source the IP of CE2 (, when the ping is initiated from Host 1 behind CE1? Should it be


  2. Hi Chris,

    Thanks, that last line shouldn’t be there so I removed it.

    The IPv6 prefix has this format:


    Now take a look at this address:


    2001:DB8 is the ISP prefix, what comes next is the IPv4 address. in hexadecimal is C0A8:0101, but I don’t have to embed the entire IPv4 address. I can forget about 192.168.1. (

    ... Continue reading in our forum

  3. Thanks Rene, any chance you could provide the configs at the end? I guess I’m wondering how the BR knows about the “General prefix” when you didn’t configure it.

    BR#show tunnel 6rd
    Interface Tunnel0:
    Tunnel Source:
    6RD: Operational, V6 Prefix: 2001:DB8::/32
    V4 Prefix, Length: 24, Value:
    V4 Suffix, Length: 0, Value:
    General Prefix: 2001:DB8:300::/40

  4. Hi Chris,

    Just added them. The general prefix is also configured on the BR.


  5. Any chance you could provide an example for “within domain”, but with an IPv6 internet host generating the traffic? Does the native IPv6 host route traffic to the 6RD gateway?

13 more replies! Ask a question or join the discussion by visiting our Community Forum