RE: ipv6 6to4 tunnels

From: Rohan Grover \(rohang\) (rohang@cisco.com)
Date: Wed Aug 10 2005 - 14:57:53 GMT-3

• Next message: Security Candidate: "Break key for password recovery of 3550"
• Previous message: Scott Morris: "RE: ISIS removal"
• Maybe in reply to: Rohan Grover \(rohang\): "ipv6 6to4 tunnels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks a lot Brian for the great explanation!!

As usual, it comes down to the fact that if you really know your basics
and think logically, any problem is solvable.

I knew about the solicited node muticast address in IPv6 and the proxy
arp in IPv4 but could not put 2+2 together.

Thanks
Rohan

-----Original Message-----
From: Brian McGahan [mailto:bmcgahan@internetworkexpert.com]
Sent: Wednesday, August 10, 2005 7:45 PM
To: Rohan Grover (rohang); Jaycee Cockburn - BCX SS;
ccielab@groupstudy.com
Subject: RE: ipv6 6to4 tunnels

        Yes there are issues with this routing statement you have
configured. When you say "ipv6 route ::/0 e1/0" you are saying to look
in the ICMP ND cache for layer 3 to layer 2 resolution for all
destinations. Like in IPv4 if you say "ip route 0.0.0.0 0.0.0.0
ethernet0/0" you are telling the router to ARP for all destinations. In
IPv4 this works okay because of the feature known as proxy ARP. If a
remote device on the segment with routing information is running proxy
ARP it will respond with its own layer 2 address on behalf of the
destination. With IPv6 it gets a little more complicated.

        When an IPv6 host is trying to resolve layer 3 (IPv6 address) to
layer 2 (MAC address) on Ethernet it sends an ICMP ND neighbor
solicitation message to the solicited node multicast address of the
destination. This address is derived from the layer 3 destination
address. Therefore in order to support proxy ICMP ND a router would
have to listen for all possible solicited node multicast addresses :o It
is a lot to say the least. So long story short... there is no ICMP
proxy ND for this type of purpose (mobile IPv6 aside).

        To fix this all you need to do is reference a specific next-hop
value when you are routing out a multipoint interface such as Ethernet,
main interfaces & multipoint subs in Frame-Relay, and ATM, etc. For
point-to-point interfaces like HDLC, PPP, GRE, etc you can reference the
interface itself because layer 3 to layer 2 resolution is not required.

HTH,

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Rohan Grover (rohang)
> Sent: Wednesday, August 10, 2005 8:26 AM
> To: Jaycee Cockburn - BCX SS; ccielab@groupstudy.com
> Subject: RE: ipv6 6to4 tunnels
>
> Hi JC,
>
> Nope, thats not right. The whole concept of 6to4 tunnels is that the
> tunnel endpoints can be on diff subnets (as long as there is ipv4
> reachability between the two edge routers)
>
> I can ping from R2 to R3.
>
> btw I figured out the problem, i had a static route on R1 'ipv6 route

> ::/0 e1/0', I changed that to 'ipv6 route ::/0 2002:c800:0001:1::2'
and
> everything is fine.
>
> Which brings me to another question, any caveat in static routes with
> ipv6 which says connected interfaces cannot be used?
>
> Thanks
> Rohan
>
> -----Original Message-----
> From: Jaycee Cockburn - BCX SS [mailto:Jaycee.Cockburn@bcx.co.za]
> Sent: Wednesday, August 10, 2005 6:45 PM
> To: Rohan Grover (rohang); ccielab@groupstudy.com
> Subject: RE: ipv6 6to4 tunnels
> Importance: High
>
> Hi R,
> From what I understand and according to your description your tunnel
> interface ipv6 addresses is On R2
> 2002:c800:0001::1/64
>
> On R3
> 2002:c900:0001::1/64
>
> As you can see they are not on the same subnet...
> Change on R2 tunn to 2002:c900:0001::2/64 and with the proper static
> routes it should be fine...
>
> Let me know if I'm of my rocker...
> Cheers
> JC
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Rohan Grover (rohang)
> Sent: 10 August 2005 02:46 PM
> To: ccielab@groupstudy.com
> Subject: ipv6 6to4 tunnels
>
> Hi,
>
> I am unable to figure out one part of this feature
>
>
> R1----R2------(ipv4 cloud)-----R3---R4
>
> The ipv4 uplink on R2 is 200.0.0.1 i.e c800:0001 The ipv4 ulink on R3
is
> 201.0.0.1 i.e c900:0001
>
> The ipv6 address on R1 is 2002:c800:0001:1::1/64 The ipv6 address on
R2
> is 2002:c800:0001:1::2/64 for the physical link and
2002:c800:0001::1/64
> for the tunnel
>
>
> The ipv6 address on R4 is 2002:c900:0001:1::1/64 The ipv6 address on
R3
> is 2002:c900:0001:1::2/64 for the physical link and
2002:c900:0001::1/64
> for the tunnel
>
> I can ping to 2002:c900:0001::1(R3) and 2002:c900:0001:1::2(R3) from
R2,
> which means the tunnel is functioning.
>
> However I cannot ping to 2002:c900:0001::1(R3) and
> 2002:c900:0001:1::2(R3) from R1, despite having a default ipv6 route
> (::/0) on R1 pointing to the physical link between R1-R2.
>
> Am I doing anything wrong?
>
> Thanks
> Rohan
>
>

• Next message: Security Candidate: "Break key for password recovery of 3550"
• Previous message: Scott Morris: "RE: ISIS removal"
• Maybe in reply to: Rohan Grover \(rohang\): "ipv6 6to4 tunnels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:19 GMT-3