---------------
IPV6 can be transport or payload of a tunnel
- IPV6 over ipv4 gre tunnel
-ipv6 over ipv6ip tunnel
- ipv6 over ipv5 udp teredo tunnel (more of end host to end hot tunnel)
- ipv4 over ipv6 gre tunnel
IPV6 over IPV4 tunnels
-----------------------
Static tunnels
- Gre
* default tunnel mode gre (ipv4)
- You could also have IPV6IP tunnel less tunnel overhead but only support IPV6 no other
protocol support like the other tunnels
Automatic Tunnels
- 6 to 4
- Inverse Tunnelling
- Embeds ipv4 into ipv6 prefix to provide automatic tunnel end point determination
-ISATAP
- Intra-site Automatic tunnel
- Addressing Protocol
- Automatic host to router + host to host tunnel
Config of static tunnel
int s0/0/0
no ipv6 addresss disableing ipv6 outbound
int tunnel 0
tunnel source lo0 destiantion 5.5.5.5
access-list 100 permit 41 - if going through firewall
int tunnel 0
ipv6 address 2001:56::6/64
ipv6 rip 1 enable
Gre tunnel with transport over IPV4
if we wanted to tunnel ipv4 or ipv6
int tunnel 0
tunnel mode gre ipv6
tunnel source lo destination 2001:155::5
if we wanted to do a ipv6ip tunnel this is similar to the gre tunnel it transport over ipv4
it only supports ipv6 but does have less overhead than gre. If all wanted is ipv6
transportation it could be good option
int tunnel0
tunnel mode ipv6ip
In the Dynamic tunnels we have a few options
Dynamic Multipoint VPN (DMVPN)
- is multipoint gre tunnel that allow automatic site to site tunnels typically used in
conjuction with ipsec
- this could be used for auto ipsec tunnels.
- dvmp is more complex so if simple ipv6 dynamic tunnels we can look at other options like
6 to 4
- if you do need encryption though this one of the automatic tunneling that supports
encryption
Automatic 6 to 4 tunneling
---------------------------
- Derives destination ipv4 from address embedded inside the ipv6 destination
- 2002:border-router-ipv4-address::/48
-single /48 subnetted down between the site
- only one tunnel needed for all destination
- basically the tunnel can work out the destination based on the embedded ipv4 address
for example if you had an ipv4 address of 150.28.5.5
first convert to hex
150 = 96 in hex
28 = 1c in hex
05 = 05 in hex
so you are left with
150.28.5.5 = 96:1c:06:06
so the full address would be
2002:961c:0606::/48
you then address your ipv6 area with the /48 you may address it /64 subnets which ever suit s
you basically just subnet as usual
so a host of this would
ipv6 adress 2002:961c:0606:67::6/64 - 67 subnet
or another subnet
2002:961c:0606:7::7/64 - 7 subnet
to configure on the tunnel interface
int tun 0
ipv6 address 2002:961c:606:67::6
tunnel mode ipv6ip 6to4
ipv6 route 2002::/16 tunnel 0 - so pointing all 2002 routes at the tunnel you could then
redistribute this into protocol or
originate a default route from the edge router
disadvantages of this
renumbering of address required internally
does not support dynamic routing
LAB
----
OK we have 2 seperate IPV6 area/zones of the network with ipv4 running in between
we will start with config on the edge router r6
r6#sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM up up
FastEthernet0/0.67 unassigned YES NVRAM up up
FastEthernet0/0.146 155.0.146.6 YES NVRAM up up
FastEthernet0/1 unassigned YES NVRAM administratively down down
Serial0/0/0 10.229.254.6 YES NVRAM administratively down down
Loopback0 6.6.6.6 YES NVRAM up up
r6#sh ipv6 int brief
FastEthernet0/0 [up/up]
unassigned
FastEthernet0/0.67 [up/up]
FE80::213:80FF:FEE4:901A
2001:155:0:67::6
FastEthernet0/0.146 [up/up]
unassigned
FastEthernet0/1 [administratively down/down]
unassigned
Serial0/0/0 [administratively down/down]
unassigned
Loopback0 [up/up]
unassigned
ok r6 we the connection to r1 configured with ipv4 and the connection to s1 configured with
ipv6 we are running ospf int ipv6 zone and eigrp just for reachability in the ipv4 zone
this is going be the gre ipv4 tunnel when specify tunnel interface gre is the default
r6(config)#do sh run int tunnel 0
Building configuration...
Current configuration : 93 bytes
!
interface Tunnel0
no ip address
tunnel source Loopback0
tunnel destination 5.5.5.5
end
r6(config)#
r6(config)#int tunnel0
r6(config-if)#ipv6 address 2001:155:6::6/64
r5
===
r5#sh run
*Feb 8 20:42:44.911: %SYS-5-CONFIG_I: Configured from console by console int tunnel 0
Building configuration...
Current configuration : 93 bytes
!
interface Tunnel0
no ip address
tunnel source Loopback0
tunnel destination 6.6.6.6
end
r5#
r5(config-if)#int tunnel0
r5(config-if)#ipv6 address 2001:155:0::5/64
r6
---
r6(config)#ipv6 router ospf 1
r6(config-rtr)#default-information originate always
r6(config-rtr)#
i will originate a default route of r6 into the ospf process
r5
---
i will originate a default route in rip
r5(config-if)#int f0/0
r5(config-if)#ipv6 rip 1 default-information originate
r5(config-if)#
I also need a route pointing at the tunnel for the destinations
i will do a floating static route pointing at the destinations
r5(config)#ipv6 route ::/0 tunnel 0 245
so i done a default route with high admin distance pointing at the tunnel
r6
--
same on r6
r6(config)#ipv6 route ::/0 tunnel 0 245
r6(config)#
s2
---
s2#ping 2001:155:0:67::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:155:0:67::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/82/84 ms
s2#
i can ping s1 it is goin over the tunnel
TO enable IPV6IP TUNNEL
-----------------------
same above config but we just change the tunnel mode on the end points
r5
--
r5(config-if)#int tunnel0
r5(config-if)#tunnel mode ipv6ip
r5(config-if)#
r6
---
r6(config)#int tunnel0
r6(config-if)#tunnel mode ipv6ip
r6(config-if)#
s2
---
s2#ping 2001:155:0:67::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:155:0:67::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/80/84 ms
s2#
this is basically a lower overhead tunnel but will only support ipv6 where as gre supports
any payload
DYNAMIC TUNNELS
----------------
6 to 4 Tunnel
--------------
so the interface we are using for the tunnel on r5 is 5.5.5.5
so 5.5.5.5 converted to hex is
0505:0505:
and we add the prefix for 6 to 4
end address is
2002:0505:0505::/48
ok so the link between r5 and sw2 will be changed to 2002:0505:0505:58::/64
The link between sw2 and sw 4 will be changed to 2002:0505:0505:108::/64
SO i will start to readdress
r5
--
r5(config-if)#ipv6 address 2002:0505:0505:58::5/64
r5(config-if)#
sw2
---
s2(config)#int vlan 58
s2(config-if)#ipv6 address 2002:0505:0505:58.2/64
% Incomplete command.
s2(config-if)#ipv6 address 2002:0505:0505:58::2/64
s2(config-if)#exit
s2(config)#exit
s2#
03:18:22: %SYS-5-CONFIG_I: Configured from console by console
s2#ping 2002:0505:0505:58::5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2002:505:505:58::5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/1/8 ms
s2#
s2(config)#int po4
s2(config-if)#ipv6 address 2002:505:505:108::2/64
s2(config-if)#exit
s2(config)#exit
s2#
sw4
----
s4(config)#int po2
s4(config-if)#ipv6 address 202:505:505:108::4/64
s4(config-if)#exiy
^
% Invalid input detected at '^' marker.
s4(config-if)#exit
s4(config)#do ping 202:505:505:108::4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202:505:505:108::4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms
s4(config)#
r5
---
We need to address the tunnel interface and change the tunnel mode to 6 to 4
r5#sh run int tunnel0
Building configuration...
Current configuration : 145 bytes
!
interface Tunnel0
no ip address
no ip redirects
ipv6 address 2002:505:505:FFFF::5/64
tunnel source Loopback0
tunnel mode ipv6ip 6to4
end
r5#
r5#sh run int lo0
Building configuration...
Current configuration : 96 bytes
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
ipv6 address 2002:505:505::5/64
end
r5#
so i am not specfying any destination just the 6to4 tunnel ip address with embedded ipv4 and
source of lo0
r6
---
so r6 lo 6.6.6.6
so in hex
0606.0606
2002:0606:0606::/48
so the link r6 to sw1 i will address as 2002:0606:0606:67::/64
link sw1 to sw3 will be 2002:0606:0606:79::/64
s3
---
s3(config)#int vlan 79
s3(config-if)#ipv6 address 2002:0606:0606:79::3/64
s3(config-if)#
s1
---
s1(config)#int vlan 79
s1(config-if)#ipv6 address 2002:0606:0606:79::1/64
s1(config-if)#do ping 2002:0606:0606:79::3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2002:606:606:79::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/3/9 ms
s1(config-if)#
s1(config)#int vlan 67
s1(config-if)#ipv6 address 2002:0606:0606:67::1/64
s1(config-if)#
R6
---
r6#config t
Enter configuration commands, one per line. End with CNTL/Z.
r6(config)#int fa0/0.67
r6(config-subif)#ipv6 address 2002:0606:0606:67::6/64
r6(config-subif)#do ping 2002:0606:0606:67::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2002:606:606:67::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/1/4 ms
r6(config-subif)#
r6#sh run int tunnel0
Building configuration...
Current configuration : 145 bytes
!
interface Tunnel0
no ip address
no ip redirects
ipv6 address 2002:606:606:FFFF::6/64
tunnel source Loopback0
tunnel mode ipv6ip 6to4
end
r6#sh run int lo0
Building configuration...
Current configuration : 96 bytes
!
interface Loopback0
ip address 6.6.6.6 255.255.255.255
ipv6 address 2002:606:606::6/64
end
s2#ping 2002:606:606:67::1 source 2002:505:505:108::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2002:606:606:67::1, timeout is 2 seconds:
Packet sent with a source address of 2002:505:505:108::2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 75/82/84 ms
i can now ping switch1 interface from s2 over the ipv6 tunnel
No comments:
Post a Comment