6to4
| IPv6 transition mechanisms | |
|---|---|
| 4in6 | Tunneling from IPv4 to IPv6 |
| 6in4 | Tunneling from IPv6 to IPv4 |
| 6over4 | Transport of IPv6 data packets between dual-stack nodes over an IPv4 network |
| 6to4 | Transport of IPv6 data packets over an IPv4 network (obsolete) |
| AYIYA | Anything In Anything |
| Dual stack | Network nodes with IPv4 and IPv6 in parallel operation |
| Dual-Stack Lite (DS-Lite) | Like dual stack, but with global IPv6 and carrier NAT IPv4 |
| 6rd | IPv6 rapid deployment |
| ISATAP | Intra-Site Automatic Tunnel Addressing Protocol (deprecated) |
| Teredo | Encapsulation of IPv6 packets in IPv4 UDP -Datenpaketen |
| NAT64 | Translation of IPv4 addresses into IPv6 addresses |
| 464XLAT | Translation from IPv4 to IPv6 to IPv4 addresses |
| SIIT | Stateless IP / ICMP translation |
6to4 (also called STF or 6 to 4 ) was an IPv6 transition mechanism. Here, tunnels were set up in the Internet in order to be able to transport IPv6 packets over IPv4 .
functionality
With 6to4, a / 48 large IPv6 network was mapped to each IPv4 address . The IPv6 prefix is made up of the prefix 2002 and the hexadecimal notated IPv4 address.
The local host or router with a public IPv4 address nested an IPv6 packet into an IPv4 packet. Should the packet reach a native IPv6 network, it was sent to a 6to4 relay. There the IPv6 package was unpacked again and sent to its destination. If the remote host sent something back to the local host, the packet was not necessarily routed via the same 6to4 relay again, but could be routed via any 6to4 relay.
Packets sent to IPv6 addresses from this network could be clearly assigned. Due to the prefix 2002, they were sent to a 6to4 relay and from there, using the IPv4 address, which could be derived from the IPv6 address, the packet was sent back to the local host and, if necessary, from there to a host behind it IPv6 network.
Public 6to4 relays provided simple access to the IPv6 network that did not require registration and could be used by everyone.
For further simplification, the user did not have to explicitly determine the IPv4 address of a 6to4 relay, but could reach the next public 6to4 relay via the anycast address 192.88.99.1 (or 2002: c058: 6301 ::) .
Reverse DNS
Via a web interface at the Number Resource Organization , there was the option of delegating the appropriate reverse domain for the 48-bit prefix under 2.0.0.2.ip6.arpa to a separate name server. However, this only made sense if you were using a permanently assigned IPv4 address and no dynamic IPv4 address was assigned by a provider.
Security aspects
When using 6to4, some security aspects had to be considered. Due to the open architecture, a 6to4 host or router had to receive and process encapsulated packets from all IPv4 addresses. This made it easy to manage IP spoofing , for example .
Safety instructions for operating a 6to4 host, router or relay are described in RFC 3964 .
Data protection aspects
According to the highest court rulings, IP addresses are considered personal data, as they can be used to establish a personal reference (at least to the subscriber). In the opinion of the Düsseldorfer Kreis , only abbreviated addresses may therefore be used when processing IP addresses, i.e., for example, the last octet of an IPv4 address is blanked out so that no personal reference can be made, other IP address based services, such as geolocation , remain possible.
For IPv6 addresses, shortening to a maximum of 40 bits is recommended. After the 16-bit prefix 2002 , the uppermost 24 bits of the IPv4 address of the subscriber remained, which should no longer be able to establish a personal reference.
Problems for the user
Due to the error rate of the 6to4 implementation through the use of the anycast, various content seemed difficult to access via IPv6. One apparent solution for the end user was to disable IPv6, which impeded the further spread of IPv6. The technical document RFC 7526 therefore recommends that 6to4 Anycast no longer be used. The "Happy Eyeballs" algorithm, which is described in RFC 6555 and is used by several browsers, provided a remedy for the use of 6to4 . A website is addressed via both IPv4 and IPv6 and the first answer is used.
Alternatives
Other mechanisms that can be used to tunnel IPv6 packets into IPv4 include
- Teredo ,
- ISATAP and
- Tunnel broker .
A comparison of the tunnel mechanisms can be found under IPv6 # tunnel mechanisms .
Current VPN software can also be used to tunnel IPv6 over IPv4 and vice versa, e.g. B. Cisco AnyConnect or OpenVPN .
literature
- 6to4 , chapter in Understanding IPv6 (pp. 295-316) by Joseph Davies. Microsoft Press, 2nd edition, Redmond 2008. (English)
Individual evidence
- ↑ RFC 7526 , Anycast Server Historically
- ↑ http://6to4.nro.net/
- ↑ 84th Conference on November 7th / 8th, 2012 - Introduction of IPv6 - Notes for Providers in Private Customer Business and Manufacturers ( Memento of December 11, 2013 in the Internet Archive ), accessed on June 13, 2018
Web links
- http://www.feyrer.de/IPv6/ueberreuter-6to4.html
- http://wiki.debian.org/DebianIPv6 Configuration notes for the Linux distribution Debian
- Definition of 6to4 addresses: RFC 3056
- Safety instructions : RFC 3964
- 6to4 anycast addresses: RFC 3068
- Public 6to4 Gateway Services + Linux shell script
- At 6to4 Debian / Ubuntu set http://pastebin.com/9W5PPRBd
- JavaScript 6to4 address converter