For Part 1 of this series, click here. For Part 2 of this series, click here.
6to4 tunnels allow for the dynamic creation of IPv6 within IPv4 tunnels. While the previous two tunnel mechanisms we examined were point-to-point type structures, this tunneling approach is considered a dynamic point-to-multipoint type. Since it is dynamic tunnel, we are going to do the very strange step of NOT assigning a tunnel destination as you will see.
6to4 tunnels rely on reserved address space. The reserved prefix is 2002::/16 (Core Knowledge Alert!). To this prefix, the IPv4 address of the border router is added, resulting in a /48 prefix. For example, if the border router possesses an external IPv4 address of 192.0.2.1, the resulting 6to4 site address space becomes 2002:c000:0201::/48. Keep in mind that this site will utilize this address space in its whole network, but hosts inside the network do not need to support the 6to4 technology.
Well, as you know, learning these technologies is often best accomplished through example. Let us take the topology from this post series and attempt this configuration:
So in order to build a 6to4 tunnel between the Fa0/0 of R1 and the Fa0/0 of R3, I need to create tunnel interfaces on each and ensure I use the perfect 6to4 IPv6 address that coordinates with the underlying IPv4 address. Here is our configuration on R1:
R1
interface Tunnel0 ipv6 address 2002:0A0A:0A01:FFFF::1/64 tunnel source FastEthernet0/0 tunnel mode ipv6ip 6to4 ! ipv6 route 2002::/16 Tunnel0
Notice that 10.10.10.1 (the IPv4 address of the tunnel source Fa0/0) is the 0A0A:0A01 portion of the 6to4 address. The FFFF portion of the address is just a random subnet I picked for this example. Notice how strange this tunnel configuration looks since there is no mention of the tunnel destination. The tunnel destination can be dynamically determined thanks to the embedded IPv4 address. Notice also the need for the static route indicating that the tunnel should be used for all 6to4 communications.
Not let us do the appropriate configuration on R3.
R3
interface Tunnel0 ipv6 address 2002:A14:1403:FFFF::3/64 tunnel source FastEthernet0/0 tunnel mode ipv6ip 6to4 ! ipv6 route 2002::/16 Tunnel0
After this configuration, the tunnels are UP/UP which is obviously a great sign. But my “baby step” approach to configuration warrants a ping test here from one tunnel endpoint to another.
R1#ping 2002:A14:1403:FFFF::3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2002:A14:1403:FFFF::3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/21/36 ms R1#
Awesome! But our goal here (like in all the blogs in this series), is to provide connectivity between the remote islands of IPv6 (the loopback 0 interfaces). Once again, the solution is IPv6 static routes, but the “catch” is that we cannot just point to the tunnel interface. We need to point to the remote 6to4 tunnel IP address for proper dynamic tunnel creation.
R1
ipv6 route 2001:3::/64 2002:A14:1403:FFFF::3
R3
ipv6 route 2001:1::/64 2002:A0A:A01:FFFF::1
That should provide the required connectivity just fine. Let us verify:
R3#ping 2001:1::1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:1::1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/10/16 ms R3#
Thanks, as always, for tuning in! I sure hope you are enjoying this series.
About Anthony Sequeira, #15626:
Anthony Sequeira brings decades of teaching, technical writing, and consulting experience to INE. Anthony began his career as an author and lecturer within the IT community, featuring best-selling titles for Microsoft and Cisco Press. Best known as one of the training voices for the revolutionary e-learning company called KnowledgeNet, Anthony now teaches online and in-classroom exclusively for INE. When not helping his students master Cisco networking, Anthony can be found at the poker tables, or flying the Florida skies in a Cessna.
You can leave a response, or trackback from your own site.
12 Responses to “IPv6 Transition Mechanisms Part 3: 6to4 Tunnels”
Leave a Reply
Loading ...
Hi Anthony,
Great post !!!!!…Now the 6to4 tunnel is so understandble after you eplained it.Also good highlight on the core knowledge trivia(2002::/16)
Thanks
Regards
Anantha Subramanian Natarajan
To ALL:
A follow-up question – can you do 6to4 tunneling using any other prefix than 2002::/16?
Can the IPV4 tunnel address be determined by doing a show interface tunnel 0 or do I have to do a manual calculation inorder to get this address.
no?
Petr-
ISATAP can use any ol’ prefix but you said ‘6to4′. Kind of close (syntax) is RFC 2529 which describes forming IPv6 link-local subnets over an IPv4 multicast enabled domain (virtual ethernet), FE80::/64 would prefix an IPv4 address to create an ‘6over4′ endpoint.
Hi Rodney – I have yet to find a workaround other than the manual calculation.
the Petr question is no
thanks Anthony for this blog!
To: ALL
Contrary to many beliefs, you CAN configure 6to4 tunneling using any appropriate (/16) prefix. The specific encapsulation and address extraction method is determined by the tunnel TYPE, not the prefix itself.
However, just to have a common ground, word-wide IPv6 tunneling implementations use this prefix for consistency. Still, in the lab, you may use any other /16 prefix if you have to
Can I still use RIPng or other dynamic protocol instead of static route like when we did manual tunnel?
Anthony,
Thanks for your posts. Will there be another one to cover ISATAP tunneling? I’d really like to know if it has any use for interconnecting routers and the details of its interaction with DNS. Any RTFMs (with links) are highly appreciated! (F is for Friendly, of course; for unfriendly we have RFC4214).
Thanks for these articles Anthony, they are a great review of IPv6 tunneling. One thing that seemed to confuse me a little in 6to4 documentation was the idea of taking a “public” IPv4 address and then converting it and using it throughout your network… Yet from the example above it seems that the important step is to take the IPv4 address of the interface pointing towards the destination router interface and covert that to the Hex address to add to the 2002 IPv6 prefix??? and the same for the other side.
This is a little strange as it makes both end points of the IPv6 Tunnel reside on a different IP Address, which I know the dynamic part of 6to4 takes care of!?
So I guess what I am really asking is that there is no “One” unique IPv4 address that is translated to all IPv6 addresses in the network?
Thanks!
Method to “calculate” 6to4 tunnel address.
Command was introduced: 12.3(4)T
!
interface Loopback0
ip address 157.1.1.1 255.255.255.0
!
R1(config)#ipv6 unicast-routing
R1(config)#ipv6 general-prefix myPref 6to4 loop0
R1(config)#do sh ipv6 general-prefix
IPv6 Prefix myPref, acquired via 6to4
2002:9D01:101::/48
R1(config)#
I think the “ipv6 general-prefix myPref Fa0/0″ will give us a correct tunnel address.
Thanks for this blog.
Regards,
Zsolt