6to4 (also STF or 6 to 4 ) is an IPv6 transition mechanism. This tunnel will be built on the Internet to transport IPv6 packets over IPv4 can.

In a 6to4 / 48 large IPv6 network is mapped to each of the IPv4 address. The IPv6 address consists of the prefix 2002 and the hexadecimal quoted IPv4 address.

The local host or a router with a public IPv4 address boxes an IPv6 packet in an IPv4 packet. If the packet is to reach another 6to4 network, it is sent directly over the IPv4 network to the host or router with a public IPv4 address of the destination network. However, if the package reach a native IPv6 network, it is sent to a 6to4 relay. There, the IPv6 packet is unpacked and sent to their destination. Sends the remote host something back to the local host, the packet is not necessarily passed again through the same 6to4 relay, but can be routed through any 6to4 relay.

Public 6to4 relays provide simple access represents the IPv6 network, which can be do not require registration, and used by all.

To further simplify the user 's IPv4 address of a 6to4 relay does not explicitly identify, but can on the anycast address reach the nearest public 6to4 relay (or 2002: 6301 ::: c058 ).

Reverse DNS

Via a web interface to the Number Resource Organization, there is the possibility to delegate the appropriate reverse domain for the 48 -bit prefix under on your own name server. However, this is only useful if one uses a permanently assigned IPv4 address and is assigned by a provider not a dynamic IPv4 address.

Safety aspects

When using 6to4 some safety aspects to consider. Due to the open architecture of a 6to4 host or router encapsulated packets must be received and processed by all IPv4 addresses. This is for example an IP spoofing easy to do.

Safety instructions for operation of a 6to4 hosts, routers or relays are described in RFC 3964.

Privacy issues

IP addresses will continue to adjudication as personal data, as a personal reference can be made (at least for the connection owner) with them. Only abbreviated addresses may in the handling of IP addresses, therefore, the Düsseldorf district 's view, be used, ie that for example the last octet of an IPv4 address is zeroed out, so that no personal reference can be produced, different IP address- based services, such as Geolocation, but remain possible.

For IPv6 addresses, a shortening to a maximum of 40 bits is recommended. There thus remain after the 16- bit prefix of 2002, the top 24 bits of the IPv 4 address of the connection owner left, so no personal reference to be produced.


Other mechanisms that can be IPv6 packets in IPv4 tunnel, include

  • Teredo,
  • ISATAP and
  • Tunnel broker.

A comparison of the tunneling mechanisms can be found at # IPv6 tunneling mechanisms.