[afripv6-discuss] Configuring a 6to4 Relay in Windows XP or Windows 2003

JORDI PALET MARTINEZ jordi.palet at consulintel.es
Tue Jun 12 13:09:24 SAST 2007


This info provides the steps required in order to configure your Windows box
as a 6to4 Relay. It is most probably useful also for configuring a Windows
Vista and Windows Longhorn (Windows Server 2008).

In order to proceed, you need to have a public IPv4 address on that box,
your own IPv6 prefix (provided by AfriNIC in this case) and IPv6 transit.

The Windows box (all available Service Packs installed) need to have IPv6
support and IPv6 routing enabled.

If you need help in order to acquire your IPv6 prefix from AfriNIC, let us
know and we can help even with the request form.

Similarly, we are able to help in making sure you have the right
configuration for IPv6 in your Windows and you can get IPv6 transit (native
or tunneling) either from your upstream, or alternatively, if that's not
possible, we will be able to provide free IPv6 transit to third party
networks.

Regards,
Jordi


Details of the example configuration
=====================================

The examples below is assuming that the public IPv4 address in the WAN
interface of the Linux is 192.1.2.3. You should replace that with the right
information for your own case, same with other data used in the examples.

Also, you need to understand how to calculate the 6to4 IPv6 address for your
router. This is done using the IPv4 address and the IPv6 6to4 prefix.

The 6to4 prefix 2002::/16 is taking the first (high order) 16 bits. Then the
bits 17 to 48 are the nibble notation for your IPv4 address. So in our
example it will be:

192 = c0
1 = 01
2 = 02
3 = 03

So consequently:
2002:c001:0203::/48

We will use the first address of the prefix for the WAN interface, so
2002:c001:0203::1/128

Also, the anycast address for 6to4 is: 192.88.99.1

Note that the interface number in the examples below, is only an example
(3), and in your system, may have a different number, you can also use the
interface names enclosed in "" instead of the interface numbers.


A) Automatic configuration
===========================

Make sure that the 6to4 relay computer has a public address assigned to its
Internet interface and has not received a Router Advertisement message from
either an IPv6 router on an attached subnet or an ISATAP router.

In that case, the 6to4 component automatically creates an interface (named
6to4 Pseudo-Interface), adds a 2002::/16 route to the routing table that
uses the 6to4 interface, and adds a default route that points to a 6to4
relay router on the IPv4 Internet.

It configures an IPv6 address in the form 2002:xx:yy::xx:yy where xx:yy are
the IPv4 public address 32 bits.

Following our example it will get: 2002:c001:0203::c001:0203

To see information about the pseudo-interface use:

    c:\>netsh interface ipv6 show address

    Interface 3: 6to4 Tunneling Pseudo-Interface

    Addr Type DAD State Valid Life   Pref. Life Address
    --------  --------- ----------- ----------- -----------------------
    Other     Preferred infinite    infinite    2002:c001:0203::c001:0203


B) Enable the 6to4 service
===========================

You can do this with the following command:

    C:\>netsh interface ipv6 6to4 set state enabled


C) Enable forwarding on the 6to4 interface
===========================================

You can do this with the following command:

    C:\>netsh interface ipv6 set interface 3 forwarding=enabled

 
D) Configure IPv6 routes
=========================

To see the configured routes:

  c:\>netsh interface ipv6 show routes
  Querying active state...

  Publish Type    Met  Prefix   Idx Gateway/Interface Name
  ------- ------- ---- -------- --- ---------------------
  yes     Manual  1101 ::/0      3  2002:c000:0210::c001:0203
  yes     Manual  1001 2002::/16 3  6to4 Tunneling Pseudo-Interface


E) Configure IPv6 connectivity
================================

As have been seen above, the 6to4 component automatically configure a 6to4
Relay as the default route for the IPv6 traffic. We have to change this
default route towards an IPv6 gateway.

Because we are configuring a 6to4 relay it should have IPv6 connectivity
(either native or via a tunnel) through an IPv6 gateway (for our example we
use 2001:7f9:1::1 as GW address). After having configured an IPv6 address on
the corresponding interface, the default route should be configured:

Assuming that our WAN IPv6 interface is interface 5.

To configure the IPv6 address:

  c:\>netsh interface ipv6 add address interface=5 address=2001:7f9:1::2

To add a default route:

  C:\>netsh interface ipv6 add route ::/0 5 2001:7f9:1::1 publish=yes


F) Configure prefix advertisements
===================================
  
Somewhere on the Relay network, the device in charge of announcing prefixes
(typically a BGP router) should announce 2002::/16 prefix to its IPv6
peerings.

This would allow native IPv6 nodes to reach 6to4 nodes (2002::/16
addresses).

Regarding the IPv4 reachability of the Relay there are two options:

1) Configure the 6to4 anycast IPv4 address (192.88.99.1) and announce the
anycast prefix (192.88.99.0/24) to the site IPv4 peerings.

2) Use another public IPv4 address.

If 1) is chosen 6to4 hosts will be able to find it automatically, with no
need for any manual configuration.

In case of choosing 2) some kind of advertisement of the IPv4 address is
needed (usually a FQDN-Fully Qualified Domain Name) in order to allow others
to configure our relay.

This will allow 6to4 nodes (2002::/16 addresses) to reach native IPv6 nodes
through our relay.

G) Making the configuration persistent
=======================================

Typically Windows will make the configuration persistent by default, but it
may vary across different compilation versions. So if you want to make sure
about that, just add the following to each netsh command line:

store=persistent


Annex: Remove 6to4 configuration
==================================

Disable the 6to4 service

   C:\>netsh interface ipv6 6to4 set state disabled

Disable forwarding on the 6to4 interface

    C:\>netsh interface ipv6 set interface 3 forwarding=disabled






**********************************************
The IPv6 Portal: http://www.ipv6tf.org

Bye 6Bone. Hi, IPv6 !
http://www.ipv6day.org

This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.





More information about the afripv6-discuss mailing list