The 6to4 tunnel offers you an easy way to set up a connection between two IPv6 networks via an IPv4 network. To this end, what is known as a 6to4 tunnel is set up:
- A router between the local IPv6 networks and an IPv4 network serves to mediate between the networks.
- The router has both a public IPv4 address and an IPv6 address. The IPv6 address consists of an IPv6 prefix and the IPv4 address in hexadecimal notation. If a router such has the IPv4 address 80.25.211.2, this will first be converted into hexadecimal notation: 5019:d302. Supplementing this is an IPv6 prefix (e.g. 2002::/16), so that the IPv6 address for the router appears as follows: 2002:5019:d302::/48.
- If a device in the IPv6 network sends data packets via the router to an IPv6 destination address, then the router first of all encapsulates the IPv6 packets in a packet with an IPv4 header. The router then forwards the encapsulated packet to a 6to4 relay. The 6to4 relay unpacks the packet and forwards it to the desired destination. The following illustration shows the operating principle of 6to4 tunnels:
6to4 tunnels establish a dynamic connection between IPv6 and IPv4 networks: the response packets may be routed back via a different 6to4 relay. 6to4 tunnels are not a point-to-point connection. For every new connection, the router always looks for the "nearest" public 6to4 relay. This is done using the anycast address 192.88.99.1. This aspect is an advantage of 6to4 tunnels on the one hand, but it also presents a disadvantage on the other. Public 6to4 relays do not require registration and are freely accessible. What's more, the dynamic connection is easily configured. In this way it is possible for any user to create a 6to4 tunnel over a public relay, quickly and easily.
On the other hand, the dynamic connection means that the user has no influence on the choice of the 6to4 relay. The provider of the relay is able to intercept or manipulate data.
