 |
| IPv6 tunnels |
7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(24)T5, RELEASE SOFTWARE (fc3)
R2(config-if)#tunnel mode ipv6ip ?
6to4 IPv6 automatic tunnelling using 6to4
auto-tunnel IPv6 automatic tunnelling using IPv4 compatible addresses
isatap IPv6 automatic tunnelling using ISATAP
<cr>
R1#debug tunnel
R1#debug ip packet detail ! disable cef in advance
1) IPv6 over IPv4 - Manual Tunnel (MCT), can transport only IPv6 packets inside
MCT - Manually Configured Tunnels
- Find the tunnel IPv4 addresses planned for the tunnel
- Create a tunnel interface using the interface tunnel <number>
- Define the (local) source IPv4 address of the tunnel using the tunnel source {interface-type interface-number| ipv4-address}
- Define the destination IPv4 address for the encapsulation using the tunnel destination ipv4-address
- Define the tunnel as a manually configured tunnel (not GRE) tunnel mode ipv6ip
R2
!
interface Loopback0
no ip address
ipv6 address 2::2/64
!
interface FastEthernet0/0
ip address 10.0.12.2 255.255.255.0
!
interface Tunnel0
no ip address
ipv6 address 10:0:23::2/64
tunnel source FastEthernet0/0
tunnel destination 10.0.13.3
tunnel mode ipv6ip
!
ipv6 route 3::/64 tunnel 0
!R2#sh ip int tun0
Tunnel0 is up, line protocol is down
Internet protocol processing disabled
R2#
R3
!
interface Loopback0
no ip address
ipv6 address 3::3/64
!
interface FastEthernet0/0
ip address 10.0.13.3 255.255.255.0
!
interface Tunnel0
no ip address
ipv6 address 10:0:13::3/64
tunnel source Loopback0
tunnel destination 10.0.12.2
tunnel mode ipv6ip
!
ipv6 route 2::/64 tunnel 0
!
R3#sh ip int tun0
Tunnel0 is up, line protocol is down
Internet protocol processing disabled
R3#
R2# ping 3::3 repeat 2 source 2::2
Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 3::3, timeout is 2 seconds:
Packet sent with a source address of 2::2
!!
Success rate is 100 percent (2/2), round-trip min/avg/max = 16/38/60 ms
R2#
*Jun 25 11:54:46.699: Tunnel0: IPv6/IP encapsulated 10.0.12.2->10.0.13.3 (linktype=79, len=120)
*Jun 25 11:54:46.699: Tunnel0 count tx, adding 20 encap bytes
*Jun 25 11:54:46.707: Tunnel0: IPv6/IP to classify 10.0.13.3->10.0.12.2 (tbl=0,"IPv4:Default" len=120 ttl=253 tos=0x0) ok, oce_rc=0x0
*Jun 25 11:54:46.711: Tunnel0: IPv6/IP (PS) to decaps 10.0.13.3->10.0.12.2 (tbl=0, "default", len=120,ttl=253)
*Jun 25 11:54:46.711: Tunnel0: decapsulated IPv6/IP packet
*Jun 25 11:54:46.719: Tunnel0: IPv6/IP encapsulated 10.0.12.2->10.0.13.3 (linktype=79, len=120)
*Jun 25 11:54:46.719: Tunnel0 count tx, adding 20 encap bytes
*Jun 25 11:54:46.775: Tunnel0: IPv6/IP to classify 10.0.13.3->10.0.12.2 (tbl=0,"IPv4:Default" len=120 ttl=253 tos=0x0) ok, oce_rc=0x0
*Jun 25 11:54:46.779: Tunnel0: IPv6/IP (PS) to decaps 10.0.13.3->10.0.12.2 (tbl=0, "default", len=120,ttl=253)
*Jun 25 11:54:46.779: Tunnel0: decapsulated IPv6/IP packet
R2#
R3#sh int tun0 | inc MTU|source|band|transport
MTU 17920 bytes, BW 100 Kbit/sec, DLY 50000 usec,
Tunnel source 10.0.13.3 (FastEthernet0/0), destination 10.0.12.2
Tunnel protocol/transport IPv6/IP
Tunnel transport MTU 1480 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
R3#
R2# show tunnel interface
Tunnel0
Mode:IPv6/IP, Destination 10.0.13.3, Source FastEthernet0/0
IP transport: output interface FastEthernet0/0 next hop 10.0.13.3
Linestate - current up
Internal linestate - current up, evaluated up
R2#
Tunnel Verification
 |
| interface fa 0/0 on R3 |
2) IPv6 over GRE Tunnels
Only one difference exists in the configuration between MCT and point-to-point GRE tunnels: the tunnel mode. (tunnel mode gre ip)
IOS defaults to use GRE over IP, you can alternatively just omit the tunnel mode command as well.
R4
!
interface Loopback0
no ip address
ipv6 address 4::4/64
!
interface Tunnel0
no ip address
ipv6 address 10:0:45::4/64
tunnel source FastEthernet0/0
tunnel destination 10.0.15.5
!
interface FastEthernet0/0
ip address 10.0.14.4 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
ipv6 route 5::/64 Tunnel0
R5R4#ping 5::5 source 4::4
!
interface Loopback0
no ip address
ipv6 address 5::5/64
!
interface Tunnel0
no ip address
ipv6 address 10:0:45::5/64
tunnel source FastEthernet0/0
tunnel destination 10.0.14.4
!
interface FastEthernet0/0
ip address 10.0.15.5 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
ipv6 route 4::/64 Tunnel0
!
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5::5, timeout is 2 seconds:
Packet sent with a source address of 4::4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/30/48 ms
R4#
R4#sh int tun0 | inc MTU|source|band|transport
MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,
Tunnel source 10.0.14.4 (FastEthernet0/0), destination 10.0.15.5
Tunnel protocol/transport GRE/IP
Tunnel transport MTU 1476 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
R4#
R4# show tunnel interface
Tunnel0
Mode:GRE/IP, Destination 10.0.15.5, Source FastEthernet0/0
IP transport: output interface FastEthernet0/0 next hop 10.0.15.5
Linestate - current up
Internal linestate - current up, evaluated up
R4#
 |
| Fa 0/0 on R5 |
a) Convert IPv4 (decimal) in IPv6 (Hex)
For 6to4 tunnel , we need to convert IPv4 in 6to4 prefixes
http://www.miniwebtool.com/ip-address-to-hex-converter/
R6 IPv4 10.0.16.6 -> 0A001006
R6 6to4 prefix = 2002:0A00:1006::/128
R7 IPv4 10.0.16.7 -> 0A001007
R7 6to4 prefix = 2002:0A00:1007::/128
IPv6 general prefixes
- can be defined in IOS to act as shortcuts when assigning IPv6 addresses to interfaces
- first portion of the prefix (2001:db8:42::/48) was taken from our predefined MyGlobal prefix,
and the rest was filled in with what we typed at interface configuration.
Router(config)# ipv6 general-prefix MyGlobal ?
6to4 Create 6to4 prefix from IPv4 address
X:X:X:X::X/ IPv6 prefix
Router(config)# ipv6 general-prefix MyGlobal 2001:db8:42::/48
!
Router(config-if)# ipv6 address MyGlobal 0:0:0:10::1/64
Router(config-if)# do show ipv6 interface brief
FastEthernet0/0 [up/up]
FE80::C000:6AFF:FEC1:0
2001:DB8:42:10::1
Or multiple interfaces:
Router(config)# ipv6 general-prefix MyLocals fd00:1234:5678::/48
Router(config)# ipv6 general-prefix MyLocals fd00:8765:4321::/48
Router(config)# interface f0/0
Router(config-if)# ipv6 address MyLocals ::1/64
!
Router(config-if)# do show ipv6 interface brief
FastEthernet0/0 [up/up]
FD00:1234:5678::1
FD00:8765:4321::1
!
R6(config)#ipv6 general-prefix MYPREFIX 6to4 fastEthernet 0/0b) when configuring 6to4 tunnel, destination is not specified
R6#sh ipv6 general-prefix
IPv6 Prefix MYPREFIX, acquired via 6to4
2002:A00:1006::/48 Valid lifetime infinite, preferred lifetime infinite
R6#
c) define a static route for 2002::16, with outgoing interface of the tunnel interface
ipv6 route 2002::/16 Tunnel0
d) To reach destinations beyond the tunnel, more static routes must be added. (Foundation , pag 852)
R6(config)#ipv6 route 7::/64 tun0However, as the example also shows, this does not work. The problem is that tunneling is not being triggered.
R6 does not have enough information to encapsulate the IPv6 packets because it does not know the IPv4 address to use for the tunnel destination.
Solution
R6(config)#ipv6 route 7::/64 2002:A00:1007::
Due to the high levels of misconfigured hosts and poor performance observed, an advisory about how 6to4 should be deployed was published in August 2011.
Due to unsolvable operational problems using the 6to4 anycast prefix, that part of the standard was deprecated in 2015.
https://en.wikipedia.org/wiki/6to4
https://tools.ietf.org/html/rfc7526