Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
81828384858687888990
77
or between host and border router. For more information about related configurations, see "Configuring
GRE."
6to4 tunneling
{ Ordinary 6to4 tunneling
An automatic 6to4 tunnel is a point-to-multipoint tunnel and is used to connect multiple isolated
IPv6 networks over an IPv4 network to remote IPv6 networks. The embedded IPv4 address in
an IPv6 address is used to automatically acquire the destination IPv4 address of the tunnel.
The automatic 6to4 tunnel adopts 6to4 addresses. The address format is
2002:abcd:efgh:subnet number::interface ID/64, where 2002 represents the fixed IPv6
address prefix, and abcd:efgh represents the 32-bit globally unique source IPv4 address of the
6to4 tunnel, in hexadecimal notation. For example, 1.1.1.1 can be represented by
0101:0101. The part that follows 2002:abcd:efgh uniquely identifies a host in a 6to4
network. The tunnel destination is automatically determined by the embedded IPv4 address,
which makes it easy to create a 6to4 tunnel.
Because the 16-bit subnet number of the 64-bit address prefix in 6to4 addresses can be
customized and the first 48 bits in the address prefix are fixed to a permanent value and the
IPv4 address of the tunnel source or destination, it is possible that IPv6 packets can be
forwarded by the tunnel. A 6to4 tunnel interconnects IPv6 networks over an IPv4 network.
{ 6to4 relay
A 6to4 tunnel is only used to connect 6to4 networks, whose IP prefix must be 2002::/16.
However, IPv6 network addresses with the prefix such as 2001::/16 may also be used in IPv6
networks. To connect a 6to4 network to an IPv6 network, a 6to4 router must be used as a
gateway to forward packets to the IPv6 network. Such a router is called 6to4 relay router.
As shown in Figure 65, a st
atic route must be configured on the border router (Device A) in the
6to4 network and the next-hop address must be the 6to4 address of the 6to4 relay router
(Device C). In this way, all packets destined for the IPv6 network will be forwarded to the 6to4
relay router, and then to the IPv6 network. Thus, internetworking between the 6to4 network
(with the address prefix starting with 2002) and the IPv6 network is realized.
Figure 65 Principle of 6to4 tunneling and 6to4 relay
ISATAP tunneling
With the application of the IPv6 technology, there will be more and more IPv6 hosts in the existing
IPv4 network. The ISATAP tunneling technology provides a satisfactory solution for IPv6
application. An ISATAP tunnel is a point-to-multipoint automatic tunnel. The destination of a tunnel
can automatically be acquired from the embedded IPv4 address in the destination address of an
IPv6 packet.