From: anthony.sequeira@thomson.com
Date: Sat Nov 18 2006 - 20:32:54 ART
Ahhh yes! How can we tunnel IPv6 traffic over an IPv4-only network? -
let me count the ways!!!!!
In the Lab environment you will want to be reading VERY carefully here
as you do indeed have a lot of options. And we know that we definitely
need to "know thy options" if we want to have a chance of passing! How
many students think they got a task like this 100% correct only to
receive 0 points? Sad really....
One of the main branches in the decision diagram here you need to
determine right off the bat is - are we needing to create the tunnel
dynamically - or are we going to manually configure the tunnel.
Let's say you read the task carefully and you determine that they seem
to be leaning in the direction of the manual tunnel. Well, you have two
main options - what Cisco calls a manual tunnel - or a GRE IPv6 tunnel.
Two very similar (BUT DIFFERENT) tunnel structures.
<SHAMELESS PLUG>
EVERY tunnel option you need to be aware of is demonstrated, explained,
and "proved by debug" in the upcoming CoD from NMC! Some lunatic named
Anthony Sequeira walks you through them!
</SHAMELESS PLUG>
In the manual tunnel configuration - we are simply using IPv4 as BOTH
the encapsulation and the transport protocol for IPv6 which is the
passenger protocol. Another possible passenger protocol is the BSD (Back
Seat Driver) passenger protocol. Please (unlike my wife) never use this
protocol!
The manual tunnel configuration (IPv4 as transport and encryption/IPv6
as passenger) looks like this on one of your endpoints:
conf t
interface Tunnel12
no ip address
ipv6 address 12::12:1/64
tunnel source 172.16.101.1
tunnel destination 172.16.102.1
tunnel mode ipv6ip
Notice the use of an IPv6 address for the tunnel endpoint and the use of
IPv4 source and destination addresses.
Some "proof by debug" could include:
R1#deb ip pack det
IP packet debugging is on (detailed)
R1#ping 12::12:2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12::12:2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/63/96 ms
R1#
*Mar 1 00:10:46.115: IP: s=172.16.101.1 (Tunnel12), d=172.16.102.1
(Serial1/0), len 120, sending, proto=41
*Mar 1 00:10:46.203: IP: tableid=0, s=172.16.102.1 (Serial1/0),
d=172.16.101.1 (Loopback101), routed via RIB
Notice the protocol number of 41! Look that one up with Google and you
find.....
Decimal Keyword Protocol References
------- ------- -------- ----------
41 IPv6 Ipv6 [Deering]
Here we learn that it is an IP packet with 41 in the protocol field -
the packet is trying to tell us that it has an IPv6 payload! Steve
Deering was not only instrumental in the development of IPv6 - I hear he
is awesome to party with.
The GRE IPv6 tunnel is very similar. But now we are using "IPv6 as the
passenger protocol with the GRE as the carrier protocol and IPv4 or IPv6
as the transport protocol". That is a quote from the DOC-CD. Why in the
world would we want IPv6 as the passenger and the transport protocol?
Well - perhaps we are not using the tunnel for transition over an IPv4
cloud - perhaps we are just creating a simple VPN connection.
In the case of transition - we definitely want IPv6 as the passenger and
IPv4 as the transport. Here is the configuration on an endpoint.....
interface Tunnel12
no ip address
ipv6 address 12::12:1/64
tunnel source 172.16.101.1
tunnel destination 172.16.102.1
Note there is no tunnel mode command! No need since GRE is a Cisco
invention and the default tunnel mode on a Cisco router.
Some "proof by debug"....
R2#deb tunnel
Tunnel Interface debugging is on
R2#ping 12::12:1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12::12:1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/82/136 ms
R2#
*Mar 1 00:08:06.775: Tunnel12: GRE/IP encapsulated
172.16.102.1->172.16.101.1 (linktype=79, len=124)
*Mar 1 00:08:06.843: Tunnel12: GRE/IP to classify
172.16.101.1->172.16.102.1 (len=124 type=0x86DD ttl=254 tos=0x0)
*Mar 1 00:08:06.851: Tunnel12: GRE/IP encapsulated
172.16.102.1->172.16.101.1 (linktype=79, len=124)
*Mar 1 00:08:06.943: Tunnel12: GRE/IP to classify
172.16.101.1->172.16.102.1 (len=124 type=0x86DD ttl=254 tos=0x0)
*Mar 1 00:08:06.951: Tunnel12: GRE/IP encapsulated
172.16.102.1->172.16.101.1 (linktype=79, len=124)
*Mar 1 00:08:06.959: Tunnel12: GRE/IP to classify
172.16.101.1->172.16.102.1 (len=124 type=0x86DD ttl=254 tos=0x0)
You can see the tunnel source and destination IPv4 addresses
(172.16.101.1 and 172.16.102.1) involved in encapsulation/decapsulation.
Type 0x86DD is the Ethernet protocol type for IPv6. It is a payload of
the GRE packet from R1.
R2#deb ip pack detail
IP packet debugging is on (detailed)
R2#ping 12::12:1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12::12:1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/72/124 ms
R2#
*Mar 1 00:14:42.043: IP: s=172.16.102.1 (Tunnel12), d=172.16.101.1
(Serial1/0), len 124, sending, proto=47
*Mar 1 00:14:42.179: IP: s=172.16.102.1 (Tunnel12), d=172.16.101.1
(Serial1/0), len 124, sending, proto=47
....
A lookup on protocol ID number 47.....
Decimal Keyword Protocol References
------- ------- -------- ----------
47 GRE General Routing Encapsulation [Tony Li]
I hope this helps you....remember in the words of the great Mariah
Carey....There is a light at the end of the tunnel... hopefully its not
a freight train!
Anthony J. Sequeira
#15626
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
Michael Stout
Sent: Saturday, November 18, 2006 18:48
To: ccielab@groupstudy.com
Subject: tunn mode gre ipv6
Hello:
I used the doc cd for this configureation but it didin't work.
Of cource the answer key was correct.
Does anybody know why this config doesn't work.
I can say, if you remove the tunnel mode gre ipv6 statement the
tunnel will
go up/up.Thank you.
R2
!
interface Tunnel24
description tunn ipv6 traffic
ipv6 address FEC0:424::2/64
tunnel source FastEthernet0/0
tunnel destination 136.1.4.4
tunnel mode gre ipv6
R4
interface Tunnel24
ipv6 address FEC0:424::4/64
tunnel source FastEthernet0/0
tunnel destination 136.1.2.2
tunnel mode gre ipv6
------------------------------------------------------------------------
Stay up-to-date with your friends through the Windows Live Spaces
friends
list.
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:47 ART