For Part 1 of this series, click here. For Part 2 of this series, click here.
6to4 tunnels allow for the dynamic creation of IPv6 within IPv4 tunnels. While the previous two tunnel mechanisms we examined were point-to-point type structures, this tunneling approach is considered a dynamic point-to-multipoint type. Since it is dynamic tunnel, we are going to do the very strange step of NOT assigning a tunnel destination as you will see.
6to4 tunnels rely on reserved address space. The reserved prefix is 2002::/16 (Core Knowledge Alert!). To this prefix, the IPv4 address of the border router is added, resulting in a /48 prefix. For example, if the border router possesses an external IPv4 address of 192.0.2.1, the resulting 6to4 site address space becomes 2002:c000:0201::/48. Keep in mind that this site will utilize this address space in its whole network, but hosts inside the network do not need to support the 6to4 technology.
Well, as you know, learning these technologies is often best accomplished through example. Let us take the topology from this post series and attempt this configuration:
So in order to build a 6to4 tunnel between the Fa0/0 of R1 and the Fa0/0 of R3, I need to create tunnel interfaces on each and ensure I use the perfect 6to4 IPv6 address that coordinates with the underlying IPv4 address. Here is our configuration on R1:
R1
Not let us do the appropriate configuration on R3.
R3
R1
6to4 tunnels allow for the dynamic creation of IPv6 within IPv4 tunnels. While the previous two tunnel mechanisms we examined were point-to-point type structures, this tunneling approach is considered a dynamic point-to-multipoint type. Since it is dynamic tunnel, we are going to do the very strange step of NOT assigning a tunnel destination as you will see.
6to4 tunnels rely on reserved address space. The reserved prefix is 2002::/16 (Core Knowledge Alert!). To this prefix, the IPv4 address of the border router is added, resulting in a /48 prefix. For example, if the border router possesses an external IPv4 address of 192.0.2.1, the resulting 6to4 site address space becomes 2002:c000:0201::/48. Keep in mind that this site will utilize this address space in its whole network, but hosts inside the network do not need to support the 6to4 technology.
Well, as you know, learning these technologies is often best accomplished through example. Let us take the topology from this post series and attempt this configuration:
So in order to build a 6to4 tunnel between the Fa0/0 of R1 and the Fa0/0 of R3, I need to create tunnel interfaces on each and ensure I use the perfect 6to4 IPv6 address that coordinates with the underlying IPv4 address. Here is our configuration on R1:
R1
interface Tunnel0Notice that 10.10.10.1 (the IPv4 address of the tunnel source Fa0/0) is the 0A0A:0A01 portion of the 6to4 address. The FFFF portion of the address is just a random subnet I picked for this example. Notice how strange this tunnel configuration looks since there is no mention of the tunnel destination. The tunnel destination can be dynamically determined thanks to the embedded IPv4 address. Notice also the need for the static route indicating that the tunnel should be used for all 6to4 communications.
ipv6 address 2002:0A0A:0A01:FFFF::1/64
tunnel source FastEthernet0/0
tunnel mode ipv6ip 6to4
!
ipv6 route 2002::/16 Tunnel0
Not let us do the appropriate configuration on R3.
R3
interface Tunnel0After this configuration, the tunnels are UP/UP which is obviously a great sign. But my “baby step” approach to configuration warrants a ping test here from one tunnel endpoint to another.
ipv6 address 2002:A14:1403:FFFF::3/64
tunnel source FastEthernet0/0
tunnel mode ipv6ip 6to4
!
ipv6 route 2002::/16 Tunnel0
R1#ping 2002:A14:1403:FFFF::3Awesome! But our goal here (like in all the blogs in this series), is to provide connectivity between the remote islands of IPv6 (the loopback 0 interfaces). Once again, the solution is IPv6 static routes, but the “catch” is that we cannot just point to the tunnel interface. We need to point to the remote 6to4 tunnel IP address for proper dynamic tunnel creation.
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2002:A14:1403:FFFF::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/21/36 ms
R1#
R1
ipv6 route 2001:3::/64 2002:A14:1403:FFFF::3R3
ipv6 route 2001:1::/64 2002:A0A:A01:FFFF::1That should provide the required connectivity just fine. Let us verify:
R3#ping 2001:1::1Thanks, as always, for tuning in! I sure hope you are enjoying this series.
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:1::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/10/16 ms
R3#
0 comments:
Post a Comment