Ladee,
You can use static routes to route any IPv6 subnet across 6to4 tunnel.
For example imagine you have R4 and R5 with Loopback0 addresses
150.14.4.4 and 150.14.5.5 with full IPv4 reachability between them.
Both R4 and R5 are dual-stack, while intermediate routers are ipv4
only. Let's assume that R5 has the prefixe 2001:150:14:5::/64 directly
attached or learned via IGP and we want R4 to be able to reach it over
the 6to4 tunnel. Here is how R's configuration may look like:
interface Loopback0
ip address 150.14.4.4 255.255.255.0
!
interface tunnel 0
tunnel source Loopback0
ipv6 address 2002:96:0e:404::4/64
tunnel mode ipv6ip 6to4
!
ipv6 route 2002::/16 Tunnel0
ipv6 route 2001:150:14:5::/64 2002:96:0E:505::5
Here 2002:96:0E:505::5 is R5's 6to4 endpoint address derived from the
loopback address 150.14.5.5.
The way this static route works is that packets going to
2001:150:14:5::/64 will be encapsulated using IP header with the
destionation IP address extracted from the next-hop 2002:96:0E:505::5
i.e. 150.14.5.5. The reason being is the fact that 2002::/16 is routed
across tunnel0 and recursive lookup for 2001:150:14::5/16 allows for
construction of proper IPv4 encapsulation header. Of course, R5 - the
destination, need to have the route 2001:150:14:5::/64 either directly
connected or learned by some other means. Of course, dont forget that
routing should be symmetric and R5 may have to be configured with
similar static routes.
As for BGP multihop, you need it because normally eBGP peers
connecting across 6to4 tunnel appear to be on different IPv6 subents
(due to different IPv4 sources) and therefore eBGP does not consider
them to be directly conneted.
Regards,
Petr
2010/6/12 Ladee Geek <ladeegeek_at_gmail.com>:
> THANK YOU - Bob and Petr for understanding exactly what I was getting at.
>
> I started out trying to use static routes across the tunnel to other 2002
> addresses. A loopback for example with a 2002 address. I thought
> the 2002::/16 static route out the tunnel should have made that work. When
> that didn't work I thought I would try OSPF in an nmba mode so I had
> neighbor statments that gave me a next-hop to build the dynamic tunnel
> from. The problem was that the neigbor statments are link local, not
> 2002:.
>
> So the dynamic point-to-multipoint 6to4 tunnel is only to create the
> tunnel. There's no static way to reach other 2002:: addresses unless they
> are tunnel endpoints? That's what I was originally trying to do.
>
> I knew I could use ISATAP with OSPF point-to-multipoint in NBMA.
>
> I just don't have any professional experience with v6. It's all been study
> so the practical applications of these more esoteric tunnel types escape me.
>
>
>
> Petr -
> I'm a little lost on the "dont forget eBGP multihop if you're running
> external sessions." Are you reminding me because 6to4 uses loopbacks for
> sources which are intern used for the tunnel addresses? So what "appears"
> to be directly connected neighbors are really not. OR is there something
> else?
>
>
> You two are *great!!* Thank you so much for your time.
>
> r/
> LG
>
>
> On Fri, Jun 11, 2010 at 10:11 PM, Bob Sinclair <bob_at_bobsinclair.net> wrote:
>
>
>> Ladee,
>>
>> The ipv6 6to4 tunnel does not support dynamic routing. This tunnel type
>> embeds the IPv4 destination address in the ipv6 prefix. The next hop and
>> neighbor addresses are always link-local addresses. Link local addresses
>> must start FE80::/10. ISATAP tunnels support IGPs, because they embed the
>> ipv4 address in the host portion. If you try ISATAP, make sure to allow
>> the
>> tunnel process to create the link-local address for you; do not hard code
>> it.
>>
>> Here is a working configuration:
>>
>> interface Tunnel1
>>
>> no ip address
>> no ip redirects
>>
>> ipv6 address 2001:45::/64 eui-64
>>
>> ipv6 ospf network point-to-multipoint non-broadcast
>>
>> ipv6 ospf neighbor FE80::5EFE:AC10:2D05
>> ipv6 ospf 1 area 0
>> tunnel source 172.16.45.4
>> tunnel mode ipv6ip isatap
>>
>> Tunnel destination IP is 172.16.45.5
>>
>> Note local addresses on tunnel:
>> show ipv6 interface:
>>
>> Tunnel1 is up, line protocol is up
>> IPv6 is enabled, link-local address is FE80::5EFE:AC10:2D04
>> Global unicast address(es):
>> 2001:45::5EFE:AC10:2D04, subnet is 2001:45::/64 [EUI]
>>
>> HTH,
>>
>> Bob Sinclair
>>
>> > -----Original Message-----
>> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>> > Ladee Geek
>> > Sent: Friday, June 11, 2010 6:12 PM
>> > To: Cisco certification
>> > Subject: Running Routing Protocol over 6to4 Tunnels
>> >
>>
>> > I'm wrestling with running a routing protocol over 6to4 tunnels. I can
>> > ping
>> > from tunnel end point to end point, but can't get to any other
>> > 2002::/16
>> > addresses I've created. That was based on the static route 2002::/16
>> > out
>> > the tunnel interface. So I am trying a dynamic routing protocol, OSPF
>> > in
>> > p-mp nbma mode. I have configured the neighbor statement so there's a
>> > next
>> > hop address, but I don't get a neighbor relationship.
>> >
>> > When pining the other end of the tunnel I actually see icmp traffic.
>> > But
>> > when I ping another 2002 address I don't see anything. I have the
>> > static
>> > 2002::/16 tunnel 345.
>> >
>> > So my static didn't work and neither did a dynamic protocol to get to
>> > 2002
>> > addresses other than the tunnel end points.
>> >
>> > What am I missing?
>> >
>> >
>> > Topology: R3, R4 and R5 are set up with 6-to-4 tunnels.
>> >
>> > *Rack1R3*(config-if)#do sh run int tun 345
>> > Building configuration...
>> > Current configuration : 267 bytes
>> > !
>> > interface Tunnel345
>> > no ip address
>> > no ip redirects
>> > ipv6 address 2002:9B01:2503::/64 eui-64
>> > ipv6 ospf network point-to-multipoint non-broadcast
>> > ipv6 ospf neighbor FE80::9B01:9204
>> > ipv6 ospf 1 area 345
>> > tunnel source FastEthernet0/0
>> > tunnel mode ipv6ip 6to4
>> > *Rack1R3(config-if)#do pin 2002:9B01:3A05::9B01:3A05 - this is the
>> > fastether
>> > of R5*
>> > **
>> > Type escape sequence to abort.
>> > Sending 5, 100-byte ICMP Echos to 2002:9B01:3A05::9B01:3A05, timeout is
>> > 2
>> > seconds:
>> > !!!!!
>> > Success rate is 100 percent (5/5), round-trip min/avg/max = 60/78/140
>> > ms
>> >
>> > *Rack1R3(config)#do sirv | se 2002*
>> > S 2002::/16 [1/0]
>> > via Tunnel345, directly connected
>> >
>> >
>> > *Rack1R5(config)#do sh run int tun 345
>> > *Building configuration...
>> > Current configuration : 156 bytes
>> > !
>> > interface Tunnel345
>> > no ip address
>> > no ip redirects
>> > ipv6 address 2002:9B01:3A05::/64 eui-64
>> > tunnel source FastEthernet0/0
>> > tunnel mode ipv6ip 6to4
>> > end
>> > *Rack1R5(config)#do sh run int lo 105*
>> > Building configuration...
>> > Current configuration : 80 bytes
>> > !
>> > interface Loopback105
>> > no ip address
>> > ipv6 address 2002:9601:505:1::5/64
>> >
>> >
>> > *Rack1R3(config)#do ping 2002:9601:505::1*
>> > Type escape sequence to abort.
>> > Sending 5, 100-byte ICMP Echos to 2002:9601:505::1, timeout is 2
>> > seconds:
>> > .....
>> > Success rate is 0 percent (0/5)
>> > Rack1R3(config)#
>> >
>> > *Rack1R5(config-if)#do shipv*
>> > Loopback0 [up/up]
>> > FE80::21A:6CFF:FE9F:9FA8
>> > * 2002:9601:505::1
>> > *
>> > --
>> > r/
>> > LG
>> >
>> >
>>
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > No virus found in this incoming message.
>> > Checked by AVG - www.avg.com
>> > Version: 9.0.829 / Virus Database: 271.1.1/2930 - Release Date:
>> > 06/11/10 02:35:00
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> r/
> LG
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sat Jun 12 2010 - 10:07:48 ART
This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 09:11:37 ART