6RD (IPv6 Rapid Deployment)

6RD is very similar to 6to4, but removes the need for the 2002::/16 prefix. This solves a few problems that exist with 6to4. 6RD allows a service provider to use a prefix from its own allocated IPv6 block.

Because a service provider uses its own IPv6 space, the relay router is no longer a public anycast relay router as in 6to4 (192.88.99.1). The 6RD prefix is part of the service provider’s allocation, so return traffic will be forced to go directly back to the service provider, instead of being subjected to a random anycast relay router that the service provider has no control over. A server on the IPv6 internet cannot tell the difference between a 6RD IPv6 address and a native IPv6 address. A relay router in 6RD is called a BR (Border Router).

6RD also allows for greater flexibility in how the IPv4 destination address is embedded in the IPv6 destination address. 6to4 requires a 1-to-1 mapping, where all 32 bits of the IPv4 address are embedded in the IPv6 address. Because 6RD uses the provider’s own IPv6 allocation, an effort was made to more intelligently embed the IPv4 address. If a common subnet is used in the IPv4-only network, then only the unique bits of the address need to be encoded in the IPv6 address. Both the CE router and SP relay router need to have the same bits to ignore in their configuration parameters for this to work. You will see how this works in more detail as we get into the lab.

Lab

We will use the same topology as 6to4, but now this is a service provider network with R1 through R4 acting as CEs. These customers want IPv6 reachability to the internet, but the service provider is not ready to dual stack their core yet. Instead of using 6to4 and the problems that come with it, the service provider decides to implement 6RD. They use 2001:db8:a::/48 from their own allocation for the 6RD prefix. This replaces 2002::/16 in 6to4.

If the customer routers appended their IPv4 address to this /48 prefix, they would be over the /64 subnet line. Notice that all customer routers have an IPv4 address of 100.64.X.2 on Gi1. We can configure all routers and the border relay router to assume that the first 16 and last 8 bits will always be the same. Therefore we only embed the third octect into the 6RD prefix. This gives you 2001:db8:a:XX00::/56 where XX is the third octect in hex. The third octect alone is enough to differentiate the CEs in this topology.

For example, this is how the prefix for R1 is derived:

The Border-Relay router has a loopback IP of 100.64.100.2. All customer routers will statically default route ipv6 traffic towards the Border-Relay’s 6RD address of 2001:db8:a:6400:: (64 in hex is 100, which is the third octect).

Note that in the real world, usually only the first X bits are omitted. It is quite unusal to also have the last X bits always the same. This is done for practice and demonstration of the feature in our lab.

Here are the changes in the startup config compared to 6to4:

#R1
int Gi1
 ip address 100.64.1.2 255.255.255.0
!
no ip route 0.0.0.0 0.0.0.0
ip route 0.0.0.0 0.0.0.0 100.64.1.1

#R2
int Gi1
 ip address 100.64.2.2 255.255.255.0
!
no ip route 0.0.0.0 0.0.0.0
ip route 0.0.0.0 0.0.0.0 100.64.2.1

#R3
int Gi1
 ip address 100.64.3.2 255.255.255.0
!
no ip route 0.0.0.0 0.0.0.0
ip route 0.0.0.0 0.0.0.0 100.64.3.1

#R4
int Gi1
 ip address 100.64.4.2 255.255.255.0
!
no ip route 0.0.0.0 0.0.0.0
ip route 0.0.0.0 0.0.0.0 100.64.4.1

#Core1
int Gi1
 ip address 100.64.1.1 255.255.255.0
!
int Gi2
 ip address 100.64.2.1 255.255.255.0

#Core3
int Gi1
 ip address 100.64.3.1 255.255.255.0
!
int Gi2
 ip address 100.64.4.1 255.255.255.0

#Border-Relay
! Change the hostname. It was previously 6to4-Relay. In 6RD this function
!  is called Border Relay (BR)
hostname Border-Relay
!
int lo0
 ip address 100.64.100.2 255.255.255.255
!
! The border relay will advertise its allocated IPv6 block, 2001:db8:a::/48, instead
!  of 2002::/16, the well-known 6to4 prefix.
router bgp 65001
 address-family ipv6
  no network 2002::/16
  network 2001:db8:a::/48

The tunnel configuration for 6RD is very similar to 6to4, except there are some additional parameters you must specify. The prefix is no longer assumed to be 2002::/16, so you must specify the prefix. Also you must specify the IPv4 bits that are mapped, since 6RD allows you to map only the “differing” bits in the IPv4 destination address to save space in the IPv6 destination address. In this lab, we are not mapping the first 16, nor the last 8 bits, since these are the same on every router (including the BR router’s Lo0). (Every IPv4 address is 100.64.X.2).

#R1,2,3,4
no int tun0
int tun0
 ipv6 enable
 tunnel source Gi1
 tunnel mode ipv6ip 6rd
 tunnel 6rd prefix 2001:db8:a::/48
 tunnel 6rd ipv4 prefix-len 16 suffix-len 8
!
int lo1
 no ipv6 address
 ipv6 address 2001:db8:a:<router number>00::1/56
!
ipv6 route 2001:db8:a::/48 tun0
ipv6 route ::/0 2001:db8:a:6400::

#Border-Relay
no int tun0
int tun0
 ipv6 enable
 tunnel source Lo0
 tunnel mode ipv6ip 6rd
 tunnel 6rd prefix 2001:db8:a::/48
 tunnel 6rd ipv4 prefix-len 16 suffix-len 8
!
ipv6 route 2001:db8:a::/48 tun0

The CE routers can ping each other’s Lo1 but not the IPv6-Internet address.

R2#ping 2001:db8:a:300::1 source lo1  
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:A:300::1, timeout is 2 seconds:
Packet sent with a source address of 2001:DB8:A:200::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms

R2#ping 2001:db8:100:100::1 source lo1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:100:100::1, timeout is 2 seconds:
Packet sent with a source address of 2001:DB8:A:200::1
.....
Success rate is 0 percent (0/5)

Taking a pcap at the R2-Core1 link, we see the replies from the IPv6-Internet router are being sent to R2, so what is the problem?

The problem is that we are missing a command on the tunnel interface which tells the router to “trust” packets coming from the BR router that don’t have an IPv6 source address as the BR.

#R1,2,3,4
int tun0
 tunnel 6rd br 100.64.100.2

Now that the CE knows to “believe” traffic from 100.64.100.2 which has a non-matching IPv6 source address, pings to the IPv6-Internet router are working.

R2#ping 2001:db8:100:100::1 source lo1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:100:100::1, timeout is 2 seconds:
Packet sent with a source address of 2001:DB8:A:200::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/4 ms

Conclusion

If you understand 6to4, then 6RD is just 6to4 without the 2002::/16 prefix requirement, and without needing to map all 32 bits of the IPv4 address into the prefix.

6RD allows a service provider to use their own IPv6 allocation space for the 6RD prefix. This means that an anycast public relay router is no longer needed. Also, return traffic will naturally flow directly back to the service provider due to the service provider announcing their own IPv6 block to the internet.

6RD allows you to map only the unique bits of the IPv4 address to the 6RD prefix. If all routers in the 6RD domain are within a /24, then only the last 8 bits of the IPv4 address need to be mapped into the synthesized IPv6 address. This allows a service provider to allocate a smaller block for the 6RD prefix.

Further Reading

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/interface/configuration/xe-3s/ir-xe-3s-book/ip6-6rd-tunls-xe.html

https://www.youtube.com/watch?v=PrnFWgqlhj0&t=796s&ab_channel=FredBovy

https://blog.zuthof.nl/2021/01/11/ipv6-series-part-2-ipv6-at-home-using-6rd/