First a reminder about a IPv4 GRE tunnel, the most simple and GENERIC one.
Configuration is really simple, create the Tunnel interface, define the MODE and assign the Source and Destination IP or Interface:
(Config)#Interface tunnel
(Config-if)#tunnel mode GRE IP
(Config-if)# tunnel source IP 10.1.1.2
(Config-if)#tunnel destination IP 172.26.182.15
Then define the GRE tunnel IP (needs to be in the same subnet on the both sides):
(Config-if)#ip address 15.4.4.6 255.255.255.0
By default GRE keep-alives are off, butt they can be turned on
Now the IPv6. There are 4 types of IPv6 Tunnels:
1. IPv6 over IPv6 GRE tunnel, the configuration similar as the IPv4 one:
(Config-tunnel)#tunnel source lo0
(Config-tunnel)#tunnel destination 10.187.166.15
(Config)#interface tunnel0
(Config-if)#ipv6 add 1:1:1:1::1/64
2. IPv6 over IPv6IP Tunnel
3. IPv6 over IPv4 UDP Teredo Tunnel
4. IPv4 over IPv6 GRE Tunnel
STATIC Tunnels: GRE, IPv6IP
AUTOMATIC Tunnels: 6to4 (IPv4 into IPv6 prefix), ISATAP - have a standard format of the IP address, so only the tunnel source and the IP address are configured in accordance to that standard - and the Tunnel goes UP.
When you configure them MANUALLY the Tunnel mode can be IPv6IP:
(config)#interface tunnel 0
(config-if)#tunnel mode ipv6ip <- DEFAULT IS GRE
GRE is Protocol 47, and IPV6IP is Protocol 41. You can check this by PINGING one side from another, and debuging
"ip packet details" on the other side:
IPv6IP - PROTOCOL 41:
*Nov 29 18:23:52.126: IP: tableid=0, s=10.1.12.1 (Serial0/1/0.21), d=10.1.12.2 (Serial0/1/0.21), routed via RIB
*Nov 29 18:23:52.126: IP: s=10.1.12.1 (Serial0/1/0.21), d=10.1.12.2 (Serial0/1/0.21), len 136, rcvd 3, proto=41
*Nov 29 18:23:52.126: IP: s=10.1.12.2 (Tunnel0), d=10.1.12.1 (Serial0/1/0.21), len 96, sending, proto=41
*Nov 29 18:23:53.110: IP: tableid=0, s=10.1.12.1 (Serial0/1/0.21), d=10.1.12.2 (Serial0/1/0.21), routed via RIB
*Nov 29 18:23:53.110: IP: s=10.1.12.1 (Serial0/1/0.21), d=10.1.12.2 (Serial0/1/0.21), len 120, rcvd 3, proto=41
GRE - PROTOCOL 47:
*Nov 29 18:25:30.506: IP: tableid=0, s=10.1.12.1 (Serial0/1/0.21), d=10.1.12.2 (Serial0/1/0.21), routed via RIB
*Nov 29 18:25:30.506: IP: s=10.1.12.1 (Serial0/1/0.21), d=10.1.12.2 (Serial0/1/0.21), len 140, rcvd 3, proto=47
*Nov 29 18:25:30.574: IP: s=10.1.12.2 (Tunnel0), d=10.1.12.1 (Serial0/1/0.21), len 140, sending, proto=47
*Nov 29 18:25:30.622: IP: tableid=0, s=10.1.12.1 (Serial0/1/0.21), d=10.1.12.2 (Serial0/1/0.21), routed via RIB
*Nov 29 18:25:30.622: IP: s=10.1.12.1 (Serial0/1/0.21), d=10.1.12.2 (Serial0/1/0.21), len 140, rcvd 3, proto=47
6to4 Tunnels: AUTOMATICALLY established, allowing IPv6 connection through IPv4. They require SPECIAL ADDRESSING:
IPv6 of 2002 followed by TRANSLATED IPv4 address. So, we need these steps:
Step 1:
Translate IPv4 into IPv6 address. For example 10.1.1.1:
10 1 1 1
0A 01 01 01
Step 2:
Identify tunnel source. IMPORTANT: Tunnel is AUTOMATIC, so DONT CONFIGURE THE DESTINATION
So using the 2002 which is the 6to4 marker, you get> 2002:A01:101::/128, so:
(config-if)#ipv6 add 2002:A01:101::/128
Step 3:
Configure the TUNNEL MODE as IPV6IP 6to4:
(config-if)#tunnel mode ipv6ip 6to4
Step 4:
Make sure that the Tunnel Interface is going UP/UP
*Nov 29 19:10:13.709: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel7, changed state to up
ISATAP Tunnel: It's a IETF transition mechanism that allows IPv6 networks to connect over IPv4 Networks. The IPv6 tunnel interface must be configured with a modified EUI-64 address because the last 32 bits in the interface identifier are constructed using the IPv4 tunnel source address. ISATAP also has it's own IPv6 Address Format, which is formed like this:
NETWORK PORTION: can be any IPv6 address
HOST PORTION: starts with 0000:5EFE, and the rest of host portion is TRANSLATED IPv4 of the TUNNEL SOURCE
Step 1:
Define the Tunnel SOURCE address
(config-if)#tunnel source 10.44:44:44
Step 2:
Sending of IPv6 router advertisements is disabled by default on tunnel interfaces. This command reenables the sending of IPv6 router advertisements to allow client autoconfiguration:
(config-if)# no ipv6 nd ra suppress
Step 3: ISATAP
The only difference from standard IPv6IP configuration is that the IPv6 address needs to be eui-64 generated, and that the MODE needs to be defined as ISATAP:
(config-if)#ipv6 address 46:1:46::/64 eui-64 <- EUI CONVERTS IPv4 TO IPv6 AUTOMATICALLY
(config-if)#tunnel mode ipv6ip isatap
Subscribe to:
Post Comments (Atom)
Most Popular Posts
-
Before we start, lets once again make sure we fully understand what Bridge Domain is. The bridge domain can be compared to a giant distribut...
-
Ever since Cisco bought Insieme and created Cisco ACI, and VMware bought Nicira and created NSX, I've been intensively deep-diving and b...
-
[In collaboration with the guest blogger, Marc Espinosa ] Let's start with the messaging protocols, MQTT and CoAP, and consider which ...
-
By know you should know the following facts about ACI: Cisco Nexus 9k Switches make the ACI Fabric, which is the Control and the Data pla...
-
Get ready to have your mind blown. One of the easiest procedures I've encountered. You just need to follow these 3 steps, to migrate the...
-
The VM-Series firewall for VMware NSX is jointly developed by Palo Alto Networks and VMware. NetX APIs are used to integrate the Palo Alto N...
-
First time we “unpack” ACI, we will find a certain number of potential Spine and potential Leaf switches, and hopefully 3 (or 5) APIC Contro...
-
Google has made their Cloud Platform (GCP) so that you can host your application any way your business requires. When we talk about the ...
-
Narbik Topology for web-iou Disclaimer: I DON’T OWN NOR HAVE AN ACCESS TO THE TOPOLOGY, INITIAL CONFIGS, IOU/IOL BINARIES OR ANY OTHER ...
-
Before I get into the Python for NX-OS, let me explain a few concepts that I've seen Network Engineers have been struggling with. Dev...
No comments:
Post a Comment