H3C Technologies H3C SecPath F1000-E User Manual

4

Tunnel mode

Source/destination IP address of the tunnel

IP address of the tunnel

interface

6to4 tunnel

The source IP address is a manually configured IPv4
address, while the destination IP address does not
need to be configured.

6to4 address, in the format of
2002:IPv4-source-address::/48

ISATAP tunnel

The source IP address is a manually configured IPv4
address, while the destination IP address does not

need to be configured.

ISATAP address, in the format of
Prefix:0:5EFE:IPv4-source-addre

ss/64

1.

IPv6 manually configured tunnel

A manually configured tunnel is a point-to-point link. Each link is a separate tunnel. IPv6 manually

configured tunnels are mainly used to provide stable connections for regular secure communication

between border routers or between border routers and hosts for access to remote IPv6 networks.

2.

GRE tunnel

IPv6 packets can be carried over GRE tunnels to pass through an IPv4 network. Like the IPv6 manually

configured tunnel, a GRE tunnel is a point-to-point link. Each link is a separate tunnel. GRE tunnels are

mainly used to provide stable connections for secure communication between border routers or between
host and border router. For related configurations, see GRE Configuration in the VPN Volume.

3.

Automatic IPv4-compatible IPv6 tunnel

An automatic IPv4-compatible IPv6 tunnel is a point-to-multipoint link. IPv4-compatible IPv6 addresses

are adopted at both ends of such a tunnel. The address format is 0:0:0:0:0:0:a.b.c.d/96, where a.b.c.d

represents an embedded IPv4 address. The tunnel destination is automatically determined by the

embedded IPv4 address, which makes it easy to create a tunnel for IPv6 over IPv4. However, an

automatic IPv4-compatible IPv6 tunnel must use IPv4-compatible IPv6 addresses and it is still dependent

on IPv4 addresses. Therefore, automatic IPv4-compatible IPv6 tunnels have limitations.

4.

6to4 tunnel

•

Ordinary 6to4 tunnel

An automatic 6to4 tunnel is a point-to-multipoint tunnel and is used to connect multiple isolated IPv6

networks over an IPv4 network to remote IPv6 networks. The embedded IPv4 address in an IPv6 address

is used to automatically acquire the destination IPv4 address of the tunnel.
The automatic 6to4 tunnel adopts 6to4 addresses. The address format is 2002:abcd:efgh:subnet

number::interface ID/64, where 2002 represents the fixed IPv6 address prefix, and abcd:efgh

represents the 32-bit globally unique source IPv4 address of the 6to4 tunnel, in hexadecimal notation. For

example, 1.1.1.1 can be represented by 0101:0101. The part that follows 2002:abcd:efgh uniquely

identifies a host in a 6to4 network. The tunnel destination is automatically determined by the embedded

IPv4 address, which makes it easy to create a 6to4 tunnel.
Because the 16-bit subnet number of the 64-bit address prefix in 6to4 addresses can be customized and

the first 48 bits in the address prefix are fixed to a permanent value and the IPv4 address of the tunnel

source or destination, it is possible that IPv6 packets can be forwarded by the tunnel. A 6to4 tunnel

interconnects IPv6 networks over an IPv4 network, and overcomes the limitations of an automatic

IPv4-compatible IPv6 tunnel.

•

6to4 relay

A 6to4 tunnel is only used to connect 6to4 networks, whose IP prefix must be 2002::/16. However, IPv6

network addresses with the prefix such as 2001::/16 may also be used in IPv6 networks. To connect a