Sep
09

For Part 1 of this series, click here. For Part 2 of this series, click here.

6to4 tunnels allow for the dynamic creation of IPv6 within IPv4 tunnels. While the previous two tunnel mechanisms we examined were point-to-point type structures, this tunneling approach is considered a dynamic point-to-multipoint type. Since it is dynamic tunnel, we are going to do the very strange step of NOT assigning a tunnel destination as you will see.

6to4 tunnels rely on reserved address space. The reserved prefix is 2002::/16 (Core Knowledge Alert!). To this prefix, the IPv4 address of the border router is added, resulting in a /48 prefix. For example, if the border router possesses an external IPv4 address of 192.0.2.1, the resulting 6to4 site address space becomes 2002:c000:0201::/48. Keep in mind that this site will utilize this address space in its whole network, but hosts inside the network do not need to support the 6to4 technology.

Well, as you know, learning these technologies is often best accomplished through example. Let us take the topology from this post series and attempt this configuration:

IPv6p1So in order to build a 6to4 tunnel between the Fa0/0 of R1 and the Fa0/0 of R3, I need to create tunnel interfaces on each and ensure I use the perfect 6to4 IPv6 address that coordinates with the underlying IPv4 address. Here is our configuration on R1:

R1

interface Tunnel0
ipv6 address 2002:0A0A:0A01:FFFF::1/64
tunnel source FastEthernet0/0
tunnel mode ipv6ip 6to4
!
ipv6 route 2002::/16 Tunnel0

Notice that 10.10.10.1 (the IPv4 address of the tunnel source Fa0/0) is the 0A0A:0A01 portion of the 6to4 address. The FFFF portion of the address is just a random subnet I picked for this example. Notice how strange this tunnel configuration looks since there is no mention of the tunnel destination. The tunnel destination can be dynamically determined thanks to the embedded IPv4 address. Notice also the need for the static route indicating that the tunnel should be used for all 6to4 communications.

Not let us do the appropriate configuration on R3.

R3

interface Tunnel0
ipv6 address 2002:A14:1403:FFFF::3/64
tunnel source FastEthernet0/0
tunnel mode ipv6ip 6to4
!
ipv6 route 2002::/16 Tunnel0

After this configuration, the tunnels are UP/UP which is obviously a great sign. But my "baby step" approach to configuration warrants a ping test here from one tunnel endpoint to another.

R1#ping 2002:A14:1403:FFFF::3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2002:A14:1403:FFFF::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/21/36 ms
R1#

Awesome! But our goal here (like in all the blogs in this series), is to provide connectivity between the remote islands of IPv6 (the loopback 0 interfaces). Once again, the solution is IPv6 static routes, but the "catch" is that we cannot just point to the tunnel interface. We need to point to the remote 6to4 tunnel IP address for proper dynamic tunnel creation.

R1

ipv6 route 2001:3::/64 2002:A14:1403:FFFF::3

R3

ipv6 route 2001:1::/64 2002:A0A:A01:FFFF::1

That should provide the required connectivity just fine. Let us verify:

R3#ping 2001:1::1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:1::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/10/16 ms
R3#

Thanks, as always, for tuning in! I sure hope you are enjoying this series.

Aug
16

This blog series was recommended by another of our awesome students and IEOC community members, Marcio A. Costa.

In the first part of this series, we will look at the Manual IPv6 tunnels that are simple to create in order to connect two "islands" of IPv6 separated by IPv4-only devices. For this blog, we will use the following simple topology:

IPv6p1

Let us pretend that the R2 device is not capable of IPv6. How can we connect the islands of IPv6? Well, one option is the manual IPv6 tunnel. This is for stable connections that might require regular communication between two edge routers. To create this tunnel, you assign an IPv6 address to the tunnel, and you use the IPv4 addresses for tunnel source and destination. Obviously, the routers forming the tunnel must support IPv6 and IPv4. But remember, the IPv4-only devices in the middle are passing IPv4-looking packets, so they are just fine.

I have configured the topology above for us. EIGRP is ensuring all IPv4 addresses are reachable. I have also created the loopbacks and the islands of IPv6. We begin our configurations by enabling RIP for IPv6 (RIP Next Generation;RIPng) on the loopbacks:

R1(config)#ipv6 unicast-routing
R1(config)#interface loopback 0
R1(config-if)#ipv6 rip CCIERIP enable
R1(config-if)#end

R3(config)#ipv6 unicast-routing
R3(config)#interface loopback 0
R3(config-if)#ipv6 rip CCIERIP enable
R3(config-if)#end

So now we have real islands of IPv6. There is no chance for connectivity between these networks since RIPng is not running on the interfaces facing R2, nor is RIPng running anywhere on R2.

It is time now to create the manual IPv6 tunnel. If we run RIPng on the tunnel, we should have dynamic routing across the IPv4-only device and full IPv6 connectivity! Here we go:

R1(config)#interface tunnel 0
R1(config-if)#ipv6 address 2001:13::1/64
R1(config-if)#tunnel source fastethernet0/0
R1(config-if)#tunnel destination 10.20.20.3
R1(config-if)#tunnel mode ipv6ip
R1(config-if)#ipv6 rip CCIERIP enable
R1(config-if)#end

R3(config)#interface tunnel 0
R3(config-if)#ipv6 address 2001:13::3/64
R3(config-if)#tunnel source fastethernet0/0
R3(config-if)#tunnel destination 10.10.10.1
R3(config-if)#tunnel mode ipv6ip
R3(config-if)#ipv6 rip CCIERIP enable
R3(config-if)#end

Now it is time for verification (drumroll please!). Here, the obvious most efficient verification is a simple IPv6 ping from R1 to the remote IPv6 island on R3.

R1#ping 2001:3::3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:3::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/10/16 ms
R1#

Excellent!We will investigate another transition option in the next part of this series. Thanks for tuning in! If you want more training targeted at this subject, check out any CCIE R&S product! You should have your Tier 1 understanding of this feature now, so you should target Tier 2 or Tier 3 products. Tier 2 would be workbook practice, while Tier 3 would be Poly-labs or Graded Mock Labs.

Subscribe to INE Blog Updates