Since IPv4 and IPv6 are not compatible with each other we need some migration strategies. One technique that we can use is tunneling. Basically it means that we encapsulate IPv6 packets into IPv4 packets (or the other way around) so that it can be routed. In this lesson I’ll show you how to configure IPv6 static tunneling over an IPv4 network, there are two methods:
- Manual tunnels
- GRE (Generic Routing Encapsulation) tunnels
Both tunnel types are very similar with just minor differences. Both support IPv6 IGPs through the tunnel interface and forwarding of multicast traffic. The manual tunnels refer to RFC 4213 which defines how to encapsulate IPv6 packets in IPv4. GRE is a generic encapsulation type that rides on top of IPv4 and isn’t only for IPv6. It can carry many different protocols and if you ever configured an IPSEC VPN with IGPs running through it you had to use GRE.
Let’s continue by looking at some examples and how to configure the static point-to-point IPv6 tunnels.
This is the topology we’ll be using. Three routers are running IPv4. R1 and R3 also run IPv6 and we want connectivity between them without adding IPv6 support on R2.
R1(config)#interface loopback 0
R1(config-if)#ipv6 address 2001::1/128
R1(config-if)#exit
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 192.168.12.1 255.255.255.0R2(config)#interface fastEthernet 0/0
R2(config-if)#ip address 192.168.12.2 255.255.255.0
R2(config-if)#exit
R2(config)#interface fastEthernet 1/0
R2(config-if)#ip address 192.168.23.2 255.255.255.0R3(config)#interface fastEthernet 0/0
R3(config-if)#ip address 192.168.23.3 255.255.255.0
R3(config-if)#exit
R3(config)#interface loopback 0
R3(config-if)#ipv6 address 2001::3/128
First we’ll fix the IPv4 and IPv6 addresses on the interfaces. Next step is to create a tunnel interface between R1 and R3. They need to be able to reach each other through IPv4.
R1(config)#interface loopback 1
R1(config-if)#ip address 1.1.1.1 255.255.255.0
R1(config-if)#exit
R1(config)#router eigrp 123
R1(config-router)#no auto-summary
R1(config-router)#network 192.168.12.0
R1(config-router)#network 1.1.1.0R2(config)#router eigrp 123
R2(config-router)#no auto-summary
R2(config-router)#network 192.168.12.0
R2(config-router)#network 192.168.23.0R3(config)#interface loopback 1
R3(config-if)#ip address 3.3.3.3 255.255.255.0
R3(config-if)#exit
R3(config)#router eigrp 123
R3(config-router)#no auto-summary
R3(config-router)#network 192.168.23.0
R3(config-router)#network 3.3.3.0
I’ll create a new loopback interface on R1 and R3. I’ll use these loopback interfaces to establish a tunnel interface between the two routers. I could also use physical interfaces but they can go down. Whenever a physical interface goes down our IGP (EIGRP in this example) could find another path (if there is another path).
R1(config)#interface tunnel 0
R1(config-if)#tunnel source loopback 1
R1(config-if)#tunnel destination 3.3.3.3
R1(config-if)#tunnel mode ipv6ipR3(config)#interface tunnel 0
R3(config-if)#tunnel source loopback 1
R3(config-if)#tunnel destination 1.1.1.1
R3(config-if)#tunnel mode ipv6ip
This is how we configure a tunnel interface. By default a tunnel interface is always GRE so by using the tunnel mode ipv6ip command I changed it to a “manual” tunnel per RFC 4213. You can also configure the tunnel interface between the physical interfaces but I like to use loopback interfaces. This will make sure that when a physical interface fails your IGP will try to find another route to the loopback interface of your neighbor.
R1#show interfaces tunnel 0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 1.1.1.1 (Loopback1), destination 3.3.3.3
Tunnel protocol/transport IPv6/IPR3#show interfaces tunnel 0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 3.3.3.3 (Loopback1), destination 1.1.1.1
Tunnel protocol/transport IPv6/IP
Use the show interfaces tunnel command to check if the tunnel is working. You can see mine is up and the encapsulation type is TUNNEL. At this moment our tunnel is working but we have some things left to do.
R1(config)#ipv6 unicast-routing
R1(config)#ipv6 router rip RIPNG
R1(config-rtr)#exit
R1(config)#interface loopback 0
R1(config-if)#ipv6 rip RIPNG enable
R1(config-if)#exit
R1(config)#interface tunnel 0
R1(config-if)#ipv6 enable
R1(config-if)#ipv6 rip RIPNG enableR3(config)#ipv6 unicast-routing
R3(config)#ipv6 router rip RIPNG
R3(config-rtr)#exit
R3(config)#interface loopback 0
R3(config-if)#ipv6 rip RIPNG enable
R3(config-if)#exit
R3(config)#interface tunnel 0
R3(config-if)#ipv6 enable
R3(config-if)#ipv6 rip RIPNG enable
I enabled RIPNG (could have chosen OSPFv3 or EIGRP as well) on the loopback0 and tunnel0 interface. You can see I also added an IPv6 address on the tunnel0 interfaces. We don’t need any IPv4 addresses on our tunnel0 interfaces.
R1#show ipv6 route rip
IPv6 Routing Table - 4 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
R 2001::3/128 [120/2]
via FE80::303:303, Tunnel0R3#show ipv6 route rip
IPv6 Routing Table - 4 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
R 2001::1/128 [120/2]
via FE80::101:101, Tunnel0
You can see both routers learned about each other IPv6 networks.
R1#ping 2001::3 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::2, timeout is 2 seconds:
Packet sent with a source address of 2001::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/8 ms
A quick ping proves us that we have connectivity.
That’s all you have to do to create a manual tunnel and encapsulate IPv6 packets in IPv4 packets. Not that bad right? How about GRE?
R1(config)#interface tunnel 0
R1(config-if)#tunnel mode gre ipR3(config)#interface tunnel 0
R3(config-if)#tunnel mode gre ip
Use tunnel mode gre ip or type no tunnel mode ipv6ip so it switches back to the default (GRE).
R1#show interfaces tunnel 0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 1.1.1.1 (Loopback1), destination 3.3.3.3
Tunnel protocol/transport GRE/IP
It looks pretty much the same except it now says GRE. The only difference between GRE and the manual tunnel is that GRE has a higher MTU by default and there’s something with the link-local IPv6 address of the tunnel interface:
- The link-local address for the GRE tunnel is created with EUI-64 and takes the lowest numbered interface’s MAC address.
- The link-local address for the manual tunnel is FE80::/96 + 32 bits from tunnel source IPv4 address.
hostname R2
!
interface fastEthernet 0/0
ip address 192.168.12.2 255.255.255.0
!
interface fastEthernet 1/0
ip address 192.168.23.2 255.255.255.0
!
router eigrp 123
no auto-summary
network 192.168.12.0
network 192.168.23.0
!
endhostname R3
!
ipv6 unicast-routing
!
interface loopback 0
ipv6 address 2001::3/128
ipv6 rip RIPNG enable
!
interface loopback 1
ip address 3.3.3.3 255.255.255.0
!
interface fastEthernet 0/0
ip address 192.168.23.3 255.255.255.0
!
interface tunnel 0
tunnel source loopback 1
tunnel destination 1.1.1.1
tunnel mode ipv6ip
tunnel mode gre ip
ipv6 rip RIPNG enable
!
router eigrp 123
no auto-summary
network 192.168.23.0
network 3.3.3.0
!
ipv6 router rip RIPNG
!
ipv6 general-prefix MYPREFIX 6to4 fastEthernet 0/0
!
endhostname R1
!
ipv6 unicast-routing
!
interface loopback 0
ipv6 address 2001::1/128
ipv6 rip RIPNG enable
!
interface loopback 1
ip address 1.1.1.1 255.255.255.0
!
interface fastEthernet 0/0
ip address 192.168.12.1 255.255.255.0
!
interface tunnel 0
tunnel source loopback 1
tunnel destination 3.3.3.3
tunnel mode ipv6ip
tunnel mode gre ip
ipv6 rip RIPNG enable
!
router eigrp 123
no auto-summary
network 192.168.12.0
network 1.1.1.0
!
ipv6 router rip RIPNG
!
ipv6 general-prefix MYPREFIX 6to4 fastEthernet 0/0
!
endAnd that’s how you configure IPv6 static tunneling. If you have any questions just leave a comment!
No comments:
Post a Comment