IPv4
Click on the red underlined text to get to the source
... IPv6 Operations (v6ops) working group has selected (manually
configured) IPv6-in-IPv4 tunneling [RFC4213] as one of the IPv6
transition ...
... RFC2893]. The most
complete solution is to use IPsec to protect IPv6-in-IPv4 tunneling.
The document was intentionally not expanded to include the details on
...
... interface"
refers to the interface that receives the IPv6-in-IPv4 tunneled
packets over IPv4.
...
... spoofing threats:
1. The IPv4 source address of the encapsulating ("outer") packet can
be spoofed.
...
... The reason threat (1) exists is the lack of universal deployment of
IPv4 ingress filtering [RFC3704]. The reason threat (2) exists is
...
...
o To mitigate threat (1), the decapsulator verifies that the IPv4
source address of the packet is the same as the address ...
... endpoint. The decapsulator may also implement
IPv4 ingress filtering, i.e., check whether the packet is received
on a legitimate interface ...
... SA) is established
to protect the traffic defined by (IPv4-source, IPv4-dest, protocol =
41). On receiving ...
... to protect the traffic defined by (IPv4-source, IPv4-dest, protocol =
41). On receiving such an IPsec ...
... SA via which it was received. A successful verification implies
that the packet came from the right IPv4 endpoint, because the SA is
...
... transport mode SA is applied to a normal
IPv6-in-IPv4 tunnel. Therefore, ingress filtering can be applied in
...
... endpoint.
The outer IPv4 addresses may be spoofed, and IPsec cannot detect this
in tunnel mode ...
... transport
rather than tunnel mode is recommended, an IPv6-in-IPv4 tunnel
specified by protocol 41 still exists [RFC4213 ...
... tunnel IPv6 datagrams over regions of
IPv4 forwarding topology by encapsulating them within IPv4 packets.
...
... IPv4 forwarding topology by encapsulating them within IPv4 packets.
Tunneling can be used in a variety of ways.
...
... Router-to-Router Scenario.
IPv6/IPv4 routers interconnected by an IPv4 infrastructure can tunnel ...
... tunnel IPv6 packets to their final destination
IPv6/IPv4 site. This tunnel spans only the last segment of the end-
...
... | |
.--------. _----_ | .--------. |
| V6/V4 | _( IPv4 )_ | |v6-in-v4| |
| Site B |<====( Internet )==========>| Router ...
... intermediary IPv6/IPv4 router that is reachable via an IPv4
infrastructure. This type of tunnel spans the first segment ...
... ESP. The main difference is that AH is able to provide integrity
protection for certain fields in the outer IPv4 header and IPv4
options. However, as the outer IPv4 ...
... integrity
protection for certain fields in the outer IPv4 header and IPv4
options. However, as the outer IPv4 header will be discarded in any
...
... routers, Router1
and Router2, with tunnel endpoint IPv4 addresses denoted IPV4-TEP1
and IPV4 ...
... and Router2, with tunnel endpoint IPv4 addresses denoted IPV4-TEP1
and IPV4-TEP2, respectively. (In other scenarios, the SPDs ...
... IPv4 addresses denoted IPV4-TEP1
and IPV4-TEP2, respectively. (In other scenarios, the SPDs are set
up similarly.)
...
... Rule Local Remote Protocol Action
---- ----- ------ ---------- --------
1 IPV4-TEP1 IPV4-TEP2 ESP BYPASS ...
... Rule Local Remote Protocol Action
---- ----- ------ ---------- --------
1 IPV4-TEP2 IPV4-TEP1 ESP BYPASS ...
... | Components (first to last) | Contains |
+----------------------------+------------------------------------+
| IPv4 header | (src = IPV4-TEP1, dst = IPV4 ...
... payloads of IKEv1 carry the IPv4-TEP1, IPV4-TEP2,
and protocol value 41 as phase 2 identities. With IKEv2 ...
... Identity of the peer asserted in the IKEv2 exchange: Many
different types of identities can be used. At least, the IPv4
address of the peer should be supported.
o IKEv2 ...
...
o The child SA authorization data should contain the IPv4 address of
the peer.
...
... MOBIKE) [RFC4555] supports only tunnel
mode, when the IPv4 endpoints of a tunnel are dynamic and the other
...
...
When running IPv6-in-IPv4 tunnels (unsecured) over the Internet, it
is possible to "inject" packets into the tunnel ...
... interface-specific. However, because IKE uses
IPv4 but the tunnel is IPv6, there is no standard solution to map
...
... IPV6-EP2 (global
addresses), and the IPV4 addresses of the tunnel endpoints are
denoted IPV4 ...
... tunnel endpoints of the host and router are IPV4-
TEP1 and IPV4-TEP2, respectively. If the tunnel ...
... address has been learned, it is
configured as the tunnel endpoint for the configured IPv6-in-IPv4
tunnel.
...