IPv6 6RD (Rapid Deployment) is an IPv6 tunneling technique, similar to 6to4 tunneling. It is stateless and encapsulates IPv6 packets into IPv4 packets.
6to4 tunneling has some limitations which are why ISPs never really implemented it:
- Packets from native IPv6 hosts have to traverse a 6to4 relay router so that IPv6 packets can be encapsulated in IPv4 packets. On the Internet, however, there is no guarantee that those packets are routed towards a relay.
- 6to4 tunneling uses the 2002::/16 prefix. Every ISP that offers 6to4 tunneling advertises the 2002::/16 prefix, the downside of this is that an ISP might receive traffic destined for other ISPs that also offer 6to4 tunneling. We can either relay or drop those packets. Dropping means we blackhole traffic, relaying it means we process traffic from both our customers and customers from other ISPs. It’s difficult to guarantee a certain quality of service for the ISP’s customers.
6RD builds upon the 6to4 tunneling mechanism and gets rid of its biggest weakness, the use of the 2002::/16 prefix. Instead, each ISP will use a unique IPv6 prefix that belongs to the ISP. This has the following advantages:
- All 6RD hosts are reachable from all native IPv6 hosts that can reach the ISP IPv6 network.
- The relay belongs to the ISP and only does 6to4 tunneling for the customers of the ISP so they are completely responsible for the quality of service.
- Reduced scope for anonymous traffic attacks that are possible with 6to4 RFC3964 since the ISP now only processes traffic from its own customers.
Let’s look at a global overview of how 6RD works:
The ISP has an internal IPv4 network. Each customer has a CE router (Customer Equipment), sometimes called the RG (Residential Gateway) with an IPv4 address on the WAN side. On the LAN, we can have IPv4 and IPv6 hosts. When an IPv6 host transmits a packet, the CE router encapsulates the IPv6 packet in an IPv4 packet and depending on the destination, it is transferred to another CE router or the BR (Border Relay) router of the ISP.
The border relay router has an IPv4 address on the ISP network side and provides connectivity between the CE routers and the IPv6 Internet. When it receives an IPv6 packet that is encapsulated in an IPv4 packet from one of the CEs, it de-encapsulates the packet and forwards it to the IPv6 internet.
6RD is stateless so packets don’t have to go through the same border relay router. For high availability and load balancing reasons, we can add more than one border relay router. Each border relay router needs to be configured with the same IPv4 address (anycast) so that CE routers are routed to the closest border relay.
6RD addressing and prefixes
Let’s take a closer look at how IPv6 packets are encapsulated in IPv4.
To make 6RD work, we need three things:
- An IPv6 prefix and prefix length that the ISP wants to use for 6RD.
- Embedded IPv4 address in the IPv6 prefix.
- 6RD border relay IPv4 address.
The ISP decides on all these items. They select an IPv6 prefix and prefix length that they want to use for 6RD, and the IPv4 addresses that the CE routers and BRs should get.
We know that a CE router can get its IPv4 address from a DHCP server but what about the IPv6 prefix, prefix length, and the 6RD border relay IPv4 address? We can push those values using three different options:
- TR-069: this is a protocol for remote management of customer equipment (CE) connected devices.
- DHCP option 212
- PPP IPCP option
Here’s an example of DHCP option 212:
Let me explain these fields:
- Option 6RD: this defines the DHCP option value, 212 for 6RD.
- Option Length: the length of this option in bytes. With one BR (border relay) IPv4 address, it’s 22 bytes.
- IPv4 Mask Length: the number of bits that all CE router IPv4 addresses have in common. I’ll explain why we need this in a bit when we look at the 6RD prefix in detail.
- 6RD prefix length: as the name implies, the prefix length of our 6RD prefix in bits.
- 6RD prefix: the prefix that the ISP wants to use for 6RD.
- 6RD BR IPv4 address(es): the IPv4 address(es) of one or more BRs. You can also use the same IPv4 address (anycast) on all BRs.
When the CE knows its IPv4 address, the 6RD prefix, and the prefix length then it has all the information it needs to build the complete customer IPv6 prefix. The format looks like this:
Let me explain these fields:
- 6RD prefix: this is the prefix that the ISP uses for 6RD.
- IPv4 address: the IPv4 address of the CE is embedded in the IPv6 prefix.
- Subnet: these bits can be used to create multiple subnets for each customer.
- Interface ID: the last 64 bits are used to create a unique ID for each host.
The default allocation of IPv6 prefixes is 32 bits and an IPv4 address is also 32 bits. This means that an ISP could only assign a single 64-bit prefix to each customer if it decides to include the entire 32-bit IPv4 address in the prefix.
For example, let’s say the 6RD prefix is 2001:DB8::/32 and a CE has IPv4 address 192.168.1.1.
192.168.1.1 in hexadecimal is C0A8:0101 so our customer 6RD prefix then looks like this:
There are no bits left to create multiple subnets. If you only want to assign a single 6RD prefix to each customer then this is no problem but if you want your customer to get more than one prefix, we’ll have to do something about it.
Each ISP only owns a small part of the entire IPv4 address space so there is no need to include the entire IPv4 address. For example, let’s say we have a small ISP that only uses the 192.168.1.0/24 address space for CEs. There is no need to include the 192.168.1. subnet in the prefix, since the first 24 bits are always the same. We only need to include the 8 host bits that are unique to each CE. If the CE router knows the BR IPv4 address and the common bits, then we only include our unique host part of the IPv4 address and save bits for subnets.
Here’s an example:
Above we see that we only included the 8 host bits so have 24 bits left we can use for subnets. This allows our customer to create 2^24 = 16777216 subnets.
6RD Packet Encapsulation
We have seen how CE routers generate their customer IPv6 6RD prefix, now let’s take a look at how the encapsulation works. There are two options:
- Within domain: IPv6 traffic from one CE router to another CE router.
- Outside domain: IPv6 traffic from one CE router to an IPv6 host outside of the ISP network.
Let’s take a closer look at both options.
This is traffic that is destined for one of the CE routers within the ISP domain. This could be traffic from one CE to another CE, or from a native IPv6 host on the Internet destined for a CE router. Let’s look at an example where we have traffic from one CE router to another CE router:
The ISP uses the 192.168.1.0/24 subnet and each router has an IPv4 address. Behind each CE router, we have a host with an IPv6 address:
- H1: 2001:DB8:100:10::1
- H2: 2001:DB8:200:10::1
H2 sends an IPv6 packet destined for H1. Here’s what the encapsulated IPv6 packet looks like:
The router checks for the destination and compares it with the ISP 6RD prefix (2001:DB8::/32) that I highlighted in red. When there is a match, the destination IPv4 address host bits are derived from the IPv6 destination address.
Let’s look at an example where H1 wants to send an IPv6 packet to a destination outside of the ISP network:
Here’s the encapsulated packet:
This packet is destined for 2001:4860:4860::8888 (Google DNS server). The CE router checks if the destination matches the ISP 6RD prefix (2001:DB8::/32) but since there is no match, it enters the IPv4 address of the BR as the destination.
Now you have an idea of how 6RD works, let’s see it in action. I will use the following topology to demonstrate this:
Want to take a look for yourself? Here you will find the startup configuration of each device.
ipv6 address 2001:4860:4860::8888/128
ip address 192.168.1.3 255.255.255.0
ip address 192.168.1.1 255.255.255.0
ip address 192.168.1.2 255.255.255.0
We have a small ISP network with one BR and two CE routers. This ISP uses 2001:DB8::/32 as the RD6 prefix. All routers are connected to IPv4 network 192.168.1.0/24 with their GigabitEthernet 0/1 interfaces.