H3C Technologies H3C SecPath F1000-E User Manual

80

Tunnel type

Tunnel mode

Tunnel source/destination

address

Tunnel interface

address type

Intra-site automatic tunnel
addressing protocol

(ISATAP) tunneling

The source IP address is a
manually configured IPv4
address. The destination IP

address need not be configured.

ISATAP address, in the
format of
Prefix:0:5EFE:IPv4-sour

ce-address/64

According to the way an IPv6 packet is encapsulated, IPv6 over IPv4 tunnels are divided into the

following modes:

•

IPv6 manual tunneling
A manually configured tunnel is a point-to-point link. Each link is a separate tunnel. IPv6 manual
tunnels are mainly used to provide stable connections for regular secure communication between
border routers or between border routers and hosts for access to remote IPv6 networks.

•

IPv6-over-IPv4 GRE tunneling
IPv6 packets can be carried over IPv6-over-IPv4 GRE tunnels to pass through an IPv4 network. Like
an IPv6 manually configured tunnel, an IPv6-over-IPv4 GRE tunnel is a point-to-point link.

IPv6-over-IPv4 GRE tunnels are mainly used to provide stable connections for secure

communication between border routers or between host and border router. For more information

about related configurations, see "Configuring GRE."

•

6to4 tunneling

{

Ordinary 6to4 tunneling
An automatic 6to4 tunnel is a point-to-multipoint tunnel and is used to connect multiple isolated
IPv6 networks over an IPv4 network to remote IPv6 networks. The embedded IPv4 address in
an IPv6 address is used to automatically acquire the destination IPv4 address of the tunnel.
The automatic 6to4 tunnel adopts 6to4 addresses. The address format is
2002:abcd:efgh:subnet number::interface ID/64, where 2002 represents the fixed IPv6

address prefix, and abcd:efgh represents the 32-bit globally unique source IPv4 address of the

6to4 tunnel, in hexadecimal notation. For example, 1.1.1.1 can be represented by

0101:0101. The part that follows 2002:abcd:efgh uniquely identifies a host in a 6to4
network. The tunnel destination is automatically determined by the embedded IPv4 address,

which makes it easy to create a 6to4 tunnel.
Because the 16-bit subnet number of the 64-bit address prefix in 6to4 addresses can be
customized and the first 48 bits in the address prefix are fixed to a permanent value and the

IPv4 address of the tunnel source or destination, it is possible that IPv6 packets can be
forwarded by the tunnel. A 6to4 tunnel interconnects IPv6 networks over an IPv4 network.

{

6to4 relay
A 6to4 tunnel is only used to connect 6to4 networks, whose IP prefix must be 2002::/16.
However, IPv6 network addresses with the prefix such as 2001::/16 may also be used in IPv6

networks. To connect a 6to4 network to an IPv6 network, a 6to4 router must be used as a

gateway to forward packets to the IPv6 network. Such a router is called 6to4 relay router.
As shown in

Figure 65

, a static route must be configured on the border router (Device A) in the

6to4 network and the next-hop address must be the 6to4 address of the 6to4 relay router

(Device C). In this way, all packets destined for the IPv6 network will be forwarded to the 6to4
relay router, and then to the IPv6 network. Thus, internetworking between the 6to4 network

(with the address prefix starting with 2002) and the IPv6 network is realized.