• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

why do so many of the 6to4 tutorials use a /16 for assigning the address?

Started by jrwren, November 28, 2010, 05:07:40 PM

Previous topic - Next topic

jrwren

http://www.anyweb.co.nz/tutorial/v6Linux6to4

http://www.wlug.org.nz/6to4

http://www.pps.jussieu.fr/~jch/software/ipv6-connectivity.html

to list just the first 3 that are top hit results in google for linux 6to4

Did the IP command used to take /16 to mean something else? Am I misunderstanding something?

jimb

It's a routing thing.  The routing process sees it as one big 2002::/16 network even though it isn't.  Once it gets to the 6to4 code, it does its magic and routes it to the 6to4 relay. 

Of course if you set up multiple networks of your 6to4 /48 on internal LANs, then those will be routed there since the route is longer/more specific.


jrwren

in the case of 2001/16, I get it.... but take for instance, this from http://www.wlug.org.nz/6to4

ip -6 addr add 2002:c000:0217::1/16 dev tun6to4

isn't that just wrong? i mean, a 16bit mask for that address doesn't make any sense to me.


snarked

Why doesn't a "/16" mask make sense?  It does to me.

One wants ALL of "2002::/16" routed to the sit0 (6to4) interface and this does exactly that.

Locally, one uses the appropriate "2002:xxxx:yyyy::/48" subnet to route to other LOCAL hosts on the same lan, especially when one is behind a NATted router that has a single IPv4 address.

jrwren

ok, that makes sense.

maybe I'm confusing ipv4 stuff.

But to me, ip -6 addr add 2002:c000:0217::1/16 dev tun6to4 means that the address 2002:c000:0217::1 has a subnet mask of 16, meaning all of the 2002/16 addresses are on that interface. in the case of the tun6to4 maybe that is true? but I'd think just putting it out that interface isn't enough, you would need to target the router.

Maybe its because i'm not used to connections via tunnel? I'm familiar with IP over Ethernet.

So anything 2002 goes across the tunnel device and then what? the other end of the tunnel just routes it? I guess that does make sense.

jimb

The entire 2002::/16 network is on the tunnel interface, with the exception of other networks in your routing domain with more specific/longer prefix lengths (your local LANs).  The reason for this is so the packets for the 6to4 "universe" get routed to the 6to4 tunnel interface, which then delivers them to the 6to4 tunnel software which will properly route things.

In other words, in order for the IPv6 traffic to be encapsulated in a IPv4 6in4 packet and and sent to the 6to4 relay for further routing, all 6to4 addresses (except "local" LANs) must be routed to the 6to4 tunnel driver, which is done by routing it through the 6to4 tunnel interface.

snarked

Re - Reply#4:
Quote..., you would need to target the router.
Yes, with your IPv4 routing table....

tjmao

Sure. I agree with jimb. A 2002::/16 routing prefix is by convention configured on the 6to4 interface, and more specific routes (e.g. 2002:1122:3344:5566::/64) may be configured on an Ethernet interface to deliver "local" packets through. Thus, all 6to4 traffic except to those "more specific routes" will be sent to the 6to4 interface.

If a 2000::/3 route is configured in addition to 2002::/16, then all unicast traffic except local stuff will be sent over the 6to4 interface, more like a default route.