Saturday, February 22, 2020

DMVPN IPv6 over IPv4

DMVPN uses multipoint GRE (Generic Routing Encapsulation) tunnel interfaces. We can use GRE to encapsulate multiple protocols, including IPv6.
This allows us to run IPv6 on our DMVPN tunnel interfaces while using IPv4 (or IPv6) on the underlay network. In this lesson I’ll show you how to run DMVPN IPv6 over an IPv4 underlay network.
Here’s the topology we will use:
DMVPN IPv6 over IPv4
Above we have a hub and two spoke routers. The underlay network uses IPv4 and subnet 192.168.123.0/24. On the tunnel interfaces we will use 2001:DB8::/64.
Before we start working on the DMVPN configuration, let’s make sure the underlay network is up and running:
Hub#ping 192.168.123.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.123.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms
Hub#ping 192.168.123.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.123.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/4 ms
No issues there, the hub can ping both spoke routers. Let’s take a look at the tunnel interfaces…

Configuration


Let’s start with the hub configuration:
Hub(config)#interface Tunnel 0
Hub(config-if)#ipv6 address 2001:DB8::1/64
Hub(config-if)#ipv6 nhrp authentication DMVPN
Hub(config-if)#ipv6 nhrp map multicast dynamic 
Hub(config-if)#ipv6 nhrp network-id 1
Hub(config-if)#tunnel source GigabitEthernet 0/1
Hub(config-if)#tunnel mode gre multipoint
The only difference between IPv4 and IPv6 is that we now have to use the “ipv6 nhrp” command. Let’s take a look at the spoke router:
Spoke1(config)#interface Tunnel 0
Spoke1(config-if)#ipv6 address 2001:DB8::2/64
Spoke1(config-if)#ipv6 nhrp authentication DMVPN
Spoke1(config-if)#ipv6 nhrp map 2001:DB8::1/128 192.168.123.1
Spoke1(config-if)#ipv6 nhrp map multicast 192.168.123.1
Spoke1(config-if)#ipv6 nhrp network-id 1
Spoke1(config-if)#ipv6 nhrp nhs 2001:DB8::1
Spoke1(config-if)#tunnel source GigabitEthernet 0/1
Spoke1(config-if)#tunnel mode gre multipoint
The configuration above is pretty much the same as for IPv4, there are a few differences:
  • We map the IPv6 tunnel address to the IPv4 NBMA address of the hub router.
  • We map multicast traffic to the IPv4 NBMA address of the hub router.
  • The NHS server is the IPv6 address on the tunnel interface of our hub router.
We are using GRE multipoint on the spoke router which makes it a DMVPN phase 2 network. The spoke2 router will use the exact same configuration as spoke1 but we use another IPv6 address:
Spoke2(config)#interface Tunnel0
Spoke2(config-if)#ipv6 address 2001:DB8::3/64
Spoke2(config-if)#ipv6 nhrp authentication DMVPN
Spoke2(config-if)#ipv6 nhrp map 2001:DB8::1/128 192.168.123.1
Spoke2(config-if)#ipv6 nhrp map multicast 192.168.123.1
Spoke2(config-if)#ipv6 nhrp network-id 1
Spoke2(config-if)#ipv6 nhrp nhs 2001:DB8::1
Spoke2(config-if)#tunnel source GigabitEthernet0/1
Spoke2(config-if)#tunnel mode gre multipoint
That’s all we have to configure.

Verification

Let’s verify our work, first we’ll check if the hub router has NHRP registrations:
Hub#show dmvpn 
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        T1 - Route Installed, T2 - Nexthop-override
        C - CTS Capable
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
        UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel0, IPv6 NHRP Details 
Type:Hub, Total NBMA Peers (v4/v6): 2
    1.Peer NBMA Address: 192.168.123.2
        Tunnel IPv6 Address: 2001:DB8::2
        IPv6 Target Network: 2001:DB8::2/128
        # Ent: 1, Status: UP, UpDn Time: 00:00:58, Cache Attrib: D
    2.Peer NBMA Address: 192.168.123.3
        Tunnel IPv6 Address: 2001:DB8::3
        IPv6 Target Network: 2001:DB8::3/128
        # Ent: 1, Status: UP, UpDn Time: 00:00:56, Cache Attrib: D
Above you can see the two NHRP registrations from the spoke routers. We see the IPv4 NBMA addresses and the IPv6 tunnel addresses. Below you can see the NHRP registration request in wireshark:
DMVPN NHRP IPv6 Registration Request
And here’s the reply from the hub:
DMVPN NHRP IPv6 Registration Reply
Let’s make sure that the tunnels are working, we’ll send some quick pings from the hub to the spoke routers:
Hub#ping 2001:DB8::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/6/10 ms
Hub#ping 2001:DB8::3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/6/6 ms
Excellent these pings are working. What about spoke-to-spoke traffic?
Spoke1#ping 2001:DB8::3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/6 ms
No problem, this is also working!
We now have a basic DMVPN IPv6 Phase 2 configuration that you can use to practice with some of the IPv6 routing protocols.
Want to take a look at the NHRP IPv6 registration packets? You can find them here:
hostname Hub
!
interface Tunnel0
 no ip address
 no ip redirects
 ipv6 address 2001:DB8::1/64
 ipv6 nhrp authentication DMVPN
 ipv6 nhrp map multicast dynamic
 ipv6 nhrp network-id 1
 tunnel source GigabitEthernet0/1
 tunnel mode gre multipoint
!
interface GigabitEthernet0/1
 ip address 192.168.123.1 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
!
end
hostname Spoke1
!
interface Tunnel0
 no ip address
 no ip redirects
 ipv6 address 2001:DB8::2/64
 ipv6 nhrp authentication DMVPN
 ipv6 nhrp map 2001:DB8::1/128 192.168.123.1
 ipv6 nhrp map multicast 192.168.123.1
 ipv6 nhrp network-id 1
 ipv6 nhrp nhs 2001:DB8::1
 tunnel source GigabitEthernet0/1
 tunnel mode gre multipoint
!
interface GigabitEthernet0/1
 ip address 192.168.123.2 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
!
end
hostname Spoke2
!
interface Tunnel0
 no ip address
 no ip redirects
 ipv6 address 2001:DB8::3/64
 ipv6 nhrp authentication DMVPN
 ipv6 nhrp map 2001:DB8::1/128 192.168.123.1
 ipv6 nhrp map multicast 192.168.123.1
 ipv6 nhrp network-id 1
 ipv6 nhrp nhs 2001:DB8::1
 tunnel source GigabitEthernet0/1
 tunnel mode gre multipoint
!
interface GigabitEthernet0/1
 ip address 192.168.123.3 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
!
end

Conclusion

The configuration of DMVPN IPv6 over IPv4 is pretty much the same as using IPv4 everywhere. The main difference is that you have to use the “ipv6 nhrp” command instead of “ip nhrp” and you need to map the correct addresses.
I hope you enjoyed this lesson, if you have any questions feel free to leave a comment!
at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)