Administering TCP/IP Networks, IPMP, and IP Tunnels in Oracle® Solaris 11.2

Exit Print View

 
Updated: July 2014
 
 

How to Enable a 6to4 Tunnel to a 6to4 Relay Router

Caution

Caution  -  Due to major security issues, 6to4 relay router support is disabled in Oracle Solaris by default. See Security Issues When Tunneling to a 6to4 Relay Router in Troubleshooting Network Administration Issues in Oracle Solaris 11.2 for details.

Before You Begin

    Before you enable a 6to4 tunnel to a 6to4 relay router, complete the following tasks:

  • Configure a 6to4 router at your site. See How to Create and Configure an IP Tunnel.

  • Review the security issues that are involved in tunneling to a 6to4 relay router.

  1. Enable a tunnel to the 6to4 relay router by using either of the following methods:
    • Enable a tunnel to an anycast 6to4 relay router. 
      # 6to4relay -e

      The -e option sets up a tunnel between the 6to4 router and an anycast 6to4 relay router. Anycast 6to4 relay routers have the well-known IPv4 address 192.88.99.1. The anycast relay router that is physically nearest to your site becomes the endpoint for the 6to4 tunnel. This relay router then handles packet forwarding between your 6to4 site and a native IPv6 site.

      For detailed information, refer to RFC 3068, "An Anycast Prefix for 6to4 Relay Routers".

    • Enable a tunnel to a specific 6to4 relay router. 
      # 6to4relay -e -a relay-router-address

      The -a option indicates that a specific router address is to follow. Replace relay-router-address with the IPv4 address of the specific 6to4 relay router with which you want to enable a tunnel.

    The tunnel to the 6to4 relay router remains active until you remove the 6to4 tunnel pseudo-interface.

  2. Delete the tunnel to the 6to4 relay router, when the tunnel is no longer needed. 
    # 6to4relay -d
  3. (Optional) Make the tunnel to the 6to4 relay router persistent across reboots.

    Your site might have a compelling reason to have the tunnel to the 6to4 relay router reinstated each time the 6to4 router reboots. To support this scenario, you must do the following:

    1. Edit the/etc/default/inetinit file. 
      # pfedit /etc/default/inetinit

      The line to modify is at the end of the file.

    2. Change the NO value in the ACCEPT6TO4RELAY=NO line to YES.
    3. (Optional) Create a tunnel to a specific 6to4 relay router that persists across reboots.

      For the parameter RELAY6TO4ADDR, change the address 192.88.99.1 to the IPv4 address of the 6to4 relay router that you want to use.

Example 5-5  Getting Status Information About 6to4 Relay Router Support

Use the 6to4relay command to find out whether support for 6to4 relay routers is enabled. The following example shows the output when support for 6to4 relay routers is disabled, as is the default in Oracle Solaris.

# 6to4relay
6to4relay: 6to4 Relay Router communication support is disabled.

When support for 6to4 relay routers is enabled, the following output is displayed:

# 6to4relay
6to4relay: 6to4 Relay Router communication support is enabled.
IPv4 remote address of Relay Router=192.88.99.1
Copyright © 2011, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous
Next