PP P Delivery Heacler IP Heade r
2.4.14 PROTOCOLOS DE AUTENTICACIÓN.
The IPv6 specifications define several types of IPv6-in-IPv4 tunnels. The most basic types of tunnel encapsulate the IPv6 packet directly into the data portion of the IPv4 packet, as shown in Fig. 4.1. 12 3 3456 78 9 4 : 1;45 7<=<>?7<@5 A A:?6B 45 7C ==D4 7 EC F E E 3 G HI JI KI L 2; :>8 4>MDNB F @N :>4 O ;;:4 DD P4 D7<5 ?7<@ 5 O ;; :4DD 9 4 : Q R? DD AR@ S 3? T4R 345678 U4 V7 2; : 2 @W 3<B <7 F @N :>4 O ;;:4 DD P ? 7? P4 D7<5 ?7<@ 5 O ;; :4DD XY Z [ \ ] ^ _ ] ` XY Z a \ ] ^ _ ] ` b ^ c^
Figure 4.1: IPv6-in-IPv4 encapsulation. The IPv6 packet is directly encapsulated in the payload of the IPv4 packet and the Protocol field of the IPv4 header is set to the value 41.
Various types of tunnels using this form of encapsulation, which has the advantage of being simple and lightweight. Types of tunnels which use it include the following.
Configured tunnels
Configured tunnels [50] are established by manual configuration of the tunnel endpoints. This type of tunnel is frequently used to establish an IPv6 point-to-point connection between two routers. If the configuration of a large number of configured tunnels is desired, the process may be automated using a tunnel broker [42] or by using the Tunnel Setup Protocol (TSP) [9]. Fig. 4.2(a) shows en example of a configured tunnel.
Automatic tunnels
Automatic tunnels [50] are a type of tunnel in which the IPv4 address of the destination endpoint is automatically determined from the destination address of the IPv6 packet, which is in the form::A.B.C.D, whereA.B.C.Dis the IPv4 address of the endpoint. The destination of the IPv6 packet must also be the tunnel endpoint. Since this type of tunnel can be used
4.1. TUNNELLING 41 (a) (b)
IPv6
Site
IPv6
Site
IPv6
Site
(c) de fg h i j kl m de fg n op q rs tu v w x yz { rs tu | }~ Figure 4.2: Types of IPv6-in-IPv4 tunnels: (a) a configured tunnel; (b) an automatic tunnel; (c) a 6to4 tunnel.
to send packets to only one node, and the node must have an IPv4 address, its usefulness is limited to the case of an IPv6-only node needing to communicate with a dual-stack node. Fig. 4.2(b) shows an example of an automatic tunnel.
6to4 tunnels
6to4 tunnels [23] allow IPv6 sites which do not have a native IPv6 connection between them to interconnect using a single public IPv4 address per site. Each site is assigned a /48 IPv6 prefix in the form2002:aabb:ccdd::/48, whereaabb:ccddis the IPv4 address, in hexadec- imal format, of a router at the border of the site which is connected to the IPv4 Internet (the site’s 6to4 router). IPv6 addresses of this type are known 6to4 addresses. For example, the IPv6 prefix2002:aabb:ccdd::/48 corresponds to the IPv4 address193.204.161.2. The prefix can be further subdivided into a large number of /64 prefixes. (The standard length of prefixes assigned to links in IPv6 is 64 bits).
Routing works as follows: each site routes all 6to4 addresses except its own (i.e., the whole2002::/16prefix) to the site’s 6to4 router. When a packet addressed to a 6to4 address reaches the 6to4 router, the router examines the destination address and extracts the IPv4 address of the destination site’s 6to4 router. It then encapsulates the packet in an IPv4 packet to this address. The destination site’s 6to4 router receives the packet over IPv4, decapsulates the IPv6 packet, and forwards it to the destination node inside the site. Examples of 6to4 tunnels can be found in Fig. 4.2(c), which shows the basic principle of operation, and in Fig. 4.3, which shows an example of multiple sites interconnecting via 6to4.
6to4 sites that do not have an IPv6 connection to the rest of the network can communi- cate with nodes on the IPv6 Internet by using the services of a 6to4 relay router, which has connections both to the IPv4 and to the IPv6 Internet. Packets sent from a 6to4 site to nodes on the IPv6 Internet are routed over IPv4 to the 6to4 relay router, which forwards them over the IPv6 Internet to their destination. Traffic sent in the opposite direction is routed through the 6to4 routers of the sites involved: see Fig. 4.4.
Other types of tunnels
Other types of tunnels defined by the IPv6 specification include ISATAP [130], which pro- vides means for IPv6-capable nodes in IPv4-only sites to tunnel to IPv6-capable border routers, and Teredo [63], which encapsulates IPv6 in UDP in order to tunnel through NAT [43] devices. IPv6 may also use GRE tunnels over IPv4 [59]; this is similar in effect to configured tunnels.
4.1. TUNNELLING 43 ¡ ¢ £ ¤ ¥ ¥ ¥¦ ¡ ¢ £ ¤ ¥ ¥§ ¥ ¤ ¦ ¨ © ¡ ¢ ¢ ¥£ ¥ ¤ ¥ ª «¬ ® ª «¬ ¯ ª «¬ °
Figure 4.3: Three IPv6 sites interconnected using 6to4 tunnels.
±² ³´µ² ´ ³±¶ ·¸ ¹ º³´ » ¼ ³½ ¸ ¹ º³´ ¾ ¼ ³½ ¸ ±¶ ·¼ ±²³´ µ²´ ³ ¹ º³´ ¿ À Á ³º·´  ÃÄ Å Æ Ç ÈÉ Ê Æ Ä ËÃÇ Ì Í ÎÃÇ Ï Â ÃÄ Å Æ Ä ËÃÇ Ì Ð ½ µÑ Á µÒ Ó Á ³Ô Õ ´³Ö µ² Ó Á ³Ô × ØØ × ÙÚ ÛÚ Ú ÙÜ ÛØ × ÙÙÝÅ Þ × Ø Ø Û Ùß Â Ø ÙÅ ÙàØØ á ÙÙÝ Å
Figure 4.4: Routing using a 6to4 relay router. Packets sent from a 6to4 site to nodes on the IPv6 Internet are routed over IPv4 to the 6to4 relay router, which forwards them over the IPv6 Internet to their destination. Traffic sent in the opposite direction is routed through the 6to4 routers of the sites involved.