From: naveen M S (navin.ms@gmail.com)
Date: Mon Mar 09 2009 - 06:33:25 ARST
Folks, while we are still on this topic, I did some quick tests a Full Mesh
IPv6 tunnels among 3 neighbors. Below are my notes.
- Here is the scenario I tested and it works correctly:
2002:W2:X2:Y2:Z2::/64 2002:W5:X5:Y5:Z5::/64
| |
| |
*R2 * * R5*
150.1.2.2/24 150.1.5.5/25
| |
| |
+--------------[IPv4 Network]-------------+
|
|
150.1.1.1/24
* R1*
|
|
2002:W1:X1:Y1:Z1::/64
- R1, R2 and R5 each have IPv4 Networks behind them, but want to send
IPv6 packets
over the IPv4 Network. We can use manually configured IPv6 Tunnels
or
IPv6 over GRE tunnels in a full mesh fashion to achieve this. The
other
option is to use automatic 6to4 tunnelling mechanism, in which case
the
tunnel destination IPv4 address is derived from each packet's IPv6
destination
address. Each IPv6 packet in this setup has 2002::/16 prefix and the
host
portion will be the 32-bit IPv4 address of the destination in Hex
form.
Eg: IPv6 packets going from R2 to R5 would have,
source = 2002:W2:X2:Y2:Z2::NNNN/64
destination = 2002:W5:X5:Y5:Z5::PPPP/64
Similary, IPv6 packets going from R5 to R1 woud have,
source = 2002:W5:X5:Y5:Z5::PPPP/64
destination = 2002:W1:X1:Y1:Z1::KKKK/64
Now, the Tunnel destination is derived from each packet.
From the above 2 source/destination examples, the
Tunnel Destination = IPv4 address equivalent of W5:X5:Y5:Z5 for
packets R2 -> R5
Tunnel Destination = IPv4 address equivalent of W1:X1:Y1:Z1 for
packets R5 -> R1
Hence the Tunnel destination need not be specified when Tunnel
interfaces
are created. Just specify the Tunnel source and the tunnel mode, as
shown above.
- NEXT, YOU MUST FORCE THE ALL IPV6 PACKETS WITH 2002::/16 PREFIX TO
ENTER THE TUNNEL,
USING A STATIC IPV6 ROUTE.
* ipv6 route 2002::/16 Tunnel0*
- ALSO, YOU NEED ANOTHER STATIC ROUTE FOR EACH TUNNEL DESTINATION THAT
PACKETS BEHIND
YOUR ROUTER WANTS TO REACH TO.
R1 - ipv6 route 2002::W2:X2:Y2:Z2::/64 2002::9601:0202::2
9601:0202 = 150.1.2.2
R1 - ipv6 route 2002::W5:X5:Y5:Z5::/64 2002::9601:0505::5
9601:0505 = 150.1.5.5
R2 - ipv6 route 2002::W1:X1:Y1:Z1::/64 2002::9601:0101::1
9601:0101 = 150.1.1.1
R2 - ipv6 route 2002::W5:X5:Y5:Z5::/64 2002::9601:0505::5
R5 - ipv6 route 2002::W1:X1:Y1:Z1::/64 2002::9601:0101::1
R5 - ipv6 route 2002::W2:X2:Y2:Z2::/64 2002::9601:0202::2
* - FINAL CONFIGURATION ON EACH ROUTER :*
* hostname R1*
!
ipv6 unicast-routing
!
interface Loopback0
ipv4 address 150.1.1.1 255.255.255.0
!
interface Tunnel0
ipv6 address 2002::9601:0101::1/64
tunnel source Loopback0
tunnel mode ipv6ip 6to4
!
ipv6 route 2002::/16 Tunnel0
ipv6 route 2002::W2:X2:Y2:Z2::/64 2002::9601:0202::2
ipv6 route 2002::W5:X5:Y5:Z5::/64 2002::9601:0505::5
!
*hostname R2*
!
ipv6 unicast-routing
!
interface Loopback0
ipv4 address 150.1.2.2 255.255.255.0
!
interface Tunnel0
ipv6 address 2002::9601:0202::2/64
tunnel source Loopback0
tunnel mode ipv6ip 6to4
!
ipv6 route 2002::/16 Tunnel0
ipv6 route 2002::W1:X1:Y1:Z1::/64 2002::9601:0101::1
ipv6 route 2002::W5:X5:Y5:Z5::/64 2002::9601:0505::5
!
*hostname R5*
!
ipv6 unicast-routing
!
interface Loopback0
ipv4 address 150.1.5.5 255.255.255.0
!
interface Tunnel0
ipv6 address 2002::9601:0505::5/64
tunnel source Loopback0
tunnel mode ipv6ip 6to4
!
ipv6 route 2002::/16 Tunnel0
ipv6 route 2002::W1:X1:Y1:Z1::/64 2002::9601:0101::1
ipv6 route 2002::W2:X2:Y2:Z2::/64 2002::9601:0202::2
!
I would be glad if that helped you.
Naveen.
On Mon, Mar 9, 2009 at 12:23 AM, Narbik Kocharians <narbikk@gmail.com>wrote:
> Thanks mate, but here in GS, i do not want to be boring and respond in 149
> pages.
>
>
> See you soon, study hard.
>
> On Mon, Mar 9, 2009 at 12:18 AM, Thameem Maranveetil Parambath <
> tparamba@thecontactcentre.ae> wrote:
>
> >
> > Narbik,
> >
> > I have done all those wonderful labs.. its awesome.. and i agree it
> > contains more explanation .. but the way you presented here is in short
> > good..
> >
> > Regards,
> >
> >
> >
> > *Narbik Kocharians <narbikk@gmail.com>*
> > Sent by: nobody@groupstudy.com
> >
> > 09/03/2009 10:56 AM Please respond to
> > Narbik Kocharians <narbikk@gmail.com>
> >
> > To
> > Thameem Maranveetil Parambath <tparamba@thecontactcentre.ae>
> > cc
> > Cisco certification <ccielab@groupstudy.com>, GAURAV MADAN <
> > gauravmadan1177@gmail.com>, Modular <modulartx@gmail.com>,
> > nobody@groupstudy.com, Scott Morris <smorris@internetworkexpert.com>
> > Subject
> > Re: IPV6 Tunnels...
> >
> >
> >
> >
> > Thameem,
> >
> > I hate to do this to you, but this came right out of the WORK BOOK,
> > actually
> > the work book has MORE explanation, but you need to open up the pages and
> > read. have you been studying or just playing around?
> >
> > On Sun, Mar 8, 2009 at 9:27 PM, Thameem Maranveetil Parambath <
> > tparamba@thecontactcentre.ae> wrote:
> >
> > >
> > > Narbik,
> > >
> > > This is more explained than the one you give in the workbook ;)
> > >
> > > Is there no IPv4/IPv6 tunnel ?
> > >
> > > Also soln 3: Eventhough it is not having tunnel mode command, it will
> > use
> > > GRE by default right? I would say this is the GRE tunnel fo IPv6/IPv4
> > >
> > > Warm Regards,
> > >
> > >
> > >
> > >
> > > *Narbik Kocharians <narbikk@gmail.com>*
> > > Sent by: nobody@groupstudy.com
> > >
> > > 08/03/2009 08:55 PM Please respond to
> > > Narbik Kocharians <narbikk@gmail.com>
> > >
> > > To
> > > Scott Morris <smorris@internetworkexpert.com>
> > > cc
> > > GAURAV MADAN <gauravmadan1177@gmail.com>, Modular <modulartx@gmail.com
> >,
> > > Cisco certification <ccielab@groupstudy.com> Subject
> > > Re: IPV6 Tunnels...
> > >
> > >
> > >
> > >
> > > Modular,
> > >
> > >
> > > *There are 5 tunneling solution in IPv6:*
> > >
> > >
> > >
> > > *1. Using the "Tunnel mode ipv6ip", in this case the tunnel source and
> > > destination are configured with IPv4 addressing and the tunnel
> interface
> > is
> > > configured with IPv6. This will use protocol 41. This is used for
> > > IPv6/IPv4.
> > > *
> > >
> > >
> > >
> > > R1(config)#int tunnel 1
> > >
> > > R1(config-if)#ipv6 address 12:1:12::1/64
> > >
> > > R1(config-if)#tunnel source 10.1.12.1
> > >
> > > R1(config-if)#tunnel destination 10.1.12.2
> > >
> > > R1(config-if)#*tunnel mode ipv6ip*
> > >
> > >
> > >
> > > *2. Using the "Tunnel mode gre ipv6", in this case the tunnel source
> and
> > > destination are all configured with IPv6 addressing. This is used for
> > > IPv6/IPv6. *
> > >
> > >
> > >
> > > BB1(config)#int tunnel 1
> > >
> > > BB1(config-if)#ipv6 address 121:1:121::111/64
> > >
> > > BB1(config-if)#tunnel source 10:1:111::111
> > >
> > > BB1(config-if)#tunnel destination 10:1:112::112
> > >
> > > BB1(config-if)#*tunnel mode gre ipv6*
> > >
> > >
> > >
> > > *3. In this case, the tunnel mode is NOT used at all, note that the
> > tunnel
> > > interface is configured with IPv6 and the tunnel source and destination
> > is
> > > configured with IPv4 but no mention of tunnel mode. This configuration
> > will
> > > use protocol 47. This is used for IPv6/IPv4. *
> > >
> > >
> > >
> > > R1(config)#int tunnel 13
> > >
> > > R1(config-if)#ipv6 address 13:1:13::1/64
> > >
> > > R1(config-if)#tunnel source 10.1.13.1
> > >
> > > R1(config-if)#tunnel destination 10.1.13.3
> > >
> > >
> > >
> > > *4. Note in this case a special addressing is assigned to the tunnel
> > > interface which is a concatenation of a reserved IPv6 address of
> > > 2002followed by the translated
> > >
> > > IPv4 address of a given interface on the router. In this configuration
> > ONLY
> > > the tunnel source address is used and since the tunnel is automatic,
> > > the destination
> > > address is NOT configured. The tunnel mode is set to "Tunnel mode
> ipv6ip
> > > 6to4". Note the IPv4 address of 10.1.1.1 is translated to 0A.01.01.01
> and
> > > once concatenated, it will be "2002:0A01:0101: or 2002:A01:101. This is
> > > used
> > > for IPv6/IPv4.*
> > >
> > >
> > >
> > > R1(config)#interface Tunnel14
> > >
> > > R1(config-if)#ipv6 address 2002:A01:101::/128
> > >
> > > R1(config-if)#tunnel source 10.1.1.1
> > >
> > > R1(config-if)#*tunnel mode ipv6ip 6to4*
> > >
> > >
> > >
> > > *5. ISATAP, ISATAP works like 6to4 tunnels, with one major difference,
> it
> > > uses a special IPv6 address which is formed as follows: *
> > >
> > > *In this tunnel mode, the network portion can be any IPv6 address,
> > whereas,
> > > in 6to4 it had to start with 2002.*
> > >
> > > *Note when the IPv6 address is assigned to the tunnel interface, the
> > > "eui-64" is used, in this case the host portion of the IPv6 address
> > starts
> > > with "0000.5EFE" and then the rest of the host portion is the
> translated
> > > IPv4 address of the tunnel's source IPv4 address. This translation is
> > > performed automatically unlike 6to4. This is used for IPv6/IPv4.*
> > >
> > >
> > >
> > > R4(config)#int tunnel 46
> > >
> > > R4(config-if)#ipv6 address 46:1:46::/64 eui-64
> > >
> > > R4(config-if)#tunnel source 10.44.44.44
> > >
> > > R4(config-if)#*tunnel mode ipv6ip ISATAP*
> > >
> > > *A "Show ipv6 int tunnel xx" will reveal the IPv6 address, in this case
> > > 10.44.44.44 is used so 10 is translated to "0A" and 44 is translated to
> > > "2C", therefore, your new address should be "46:1:46::5EFE:a2c.2c2c"*
> > > I hope this helped.
> > >
> > > On Sun, Mar 8, 2009 at 6:22 AM, Scott Morris <
> > > smorris@internetworkexpert.com
> > > > wrote:
> > >
> > > > The pro/con I'd look at is overall packet size.
> > > >
> > > > IPv6IP you have a 40-byte IPv6 header + 20-byte IP header
> > > >
> > > > GRE you have a 40-byte IPv6 header + 8 byte GRE header + 20 byte IP
> > > header
> > > >
> > > > Which is smaller?
> > > >
> > > > Scott
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of
> > > > GAURAV MADAN
> > > > Sent: Sunday, March 08, 2009 7:18 AM
> > > > To: Modular
> > > > Cc: Cisco certification
> > > > Subject: Re: IPV6 Tunnels...
> > > >
> > > > No pros / cons as such .. but sometimes language of ques can make us
> go
> > > mad
> > > >
> > > > protocol 47 : GRE
> > > > protocol 41 : IPV6IP
> > > >
> > > > I rememebr these 2 numbers always and can be useful in desiging ACLs
> as
> > > > well
> > > >
> > > >
> > > > Gaurav Madan.
> > > >
> > > > On Sun, Mar 8, 2009 at 4:37 AM, Modular <modulartx@gmail.com> wrote:
> > > >
> > > > > So I've learned that if you want to tunnel IPv6 over IPv4, there
> are
> > > two
> > > > > easy options you can turn to.
> > > > >
> > > > > 1. Normal GRE tunnel, using the default tunnel type.
> > > > >
> > > > > 2. Configuring ipv6ip tunnel type.
> > > > >
> > > > > What are the pros/cons of using each?
> > > > >
> > > > > Thanks,
> > > > > Mod...
> > > > >
> > > > >
> > > > > Blogs and organic groups at http://www.ccie.net
> > > > >
> > > > >
> > _______________________________________________________________________
> > > > > Subscription information may be found at:
> > > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> > > > Blogs and organic groups at http://www.ccie.net
> > > >
> > > >
> _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> > > > Blogs and organic groups at http://www.ccie.net
> > > >
> > > >
> _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Narbik Kocharians
> > > CCSI#30832, CCIE# 12410 (R&S, SP, Security)
> > > www.MicronicsTraining.com <http://www.micronicstraining.com/> <
> > http://www.micronicstraining.com/>
> > > www.Net-Workbooks.com <http://www.net-workbooks.com/> <
> > http://www.net-workbooks.com/>
> > > Sr. Technical Instructor
> > >
> > >
> > > Blogs and organic groups at http://www.ccie.net
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > ------------------------------
> > >
> > >
> > > *
> > > The content of this email together with any attachments, statements
> > > and opinions expressed herein contains information that is private
> > > and confidential, are intended for the named addressee/s only. If
> > > you are not the addressee of this email you may not copy, forward,
> > > disclose or otherwise use it or any part of it in any form
> > > whatsoever. If you have received this message in error, please
> > > notify postmaster@etisalat.ae by email immediately and delete the
> > > message without making any copies.
> > > *
> > >
> >
> >
> >
> > --
> > Narbik Kocharians
> > CCSI#30832, CCIE# 12410 (R&S, SP, Security)
> > www.MicronicsTraining.com <http://www.micronicstraining.com/>
> > www.Net-Workbooks.com <http://www.net-workbooks.com/>
> > Sr. Technical Instructor
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> Narbik Kocharians
> CCSI#30832, CCIE# 12410 (R&S, SP, Security)
> www.MicronicsTraining.com
> www.Net-Workbooks.com
> Sr. Technical Instructor
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:04 ART