Since IPv4 and IPv6 are not compatible with each other, we need some migration strategies. One technique that we can use is tunneling. Basically, it means that we encapsulate IPv6 packets into IPv4 packets (or the other way around) so they can be routed. In this lesson, I’ll show you how to configure IPv6 static tunneling over an IPv4 network. There are two methods:
- Manual tunnels
- GRE (Generic Routing Encapsulation) tunnels
Both tunnel types are very similar, with just minor differences. Both support IPv6 IGPs through the tunnel interface and forwarding of multicast traffic. The manual tunnels refer to RFC 4213, which defines how to encapsulate IPv6 packets in IPv4. GRE is a generic encapsulation type that rides on top of IPv4 and isn’t only for IPv6. It can carry many different protocols and if you ever configured an IPSEC VPN with IGPs running through it you had to use GRE.
Configuration
Let’s continue by looking at some examples and how to configure the static point-to-point IPv6 tunnels.
This is the topology we’ll be using. Three routers are running IPv4. R1 and R3 also run IPv6, and we want connectivity between them without adding IPv6 support on R2. Let’s configure all IPv4 and IPv6 addresses:
R1(config)#interface loopback 0
R1(config-if)#ipv6 address 2001::1/128
R1(config-if)#exit
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 192.168.12.1 255.255.255.0R2(config)#interface fastEthernet 0/0
R2(config-if)#ip address 192.168.12.2 255.255.255.0
R2(config-if)#exit
R2(config)#interface fastEthernet 1/0
R2(config-if)#ip address 192.168.23.2 255.255.255.0R3(config)#interface fastEthernet 0/0
R3(config-if)#ip address 192.168.23.3 255.255.255.0
R3(config-if)#exit
R3(config)#interface loopback 0
R3(config-if)#ipv6 address 2001::3/128Our next step is to create a tunnel interface between R1 and R3. They need to be able to reach each other through IPv4. I’ll create a new loopback interface on R1 and R3, advertise them in EIGRP, and use these addresses for the tunnel:
R1(config)#interface loopback 1
R1(config-if)#ip address 1.1.1.1 255.255.255.0
R1(config-if)#exit
R1(config)#router eigrp 123
R1(config-router)#no auto-summary
R1(config-router)#network 192.168.12.0
R1(config-router)#network 1.1.1.0R2(config)#router eigrp 123
R2(config-router)#no auto-summary
R2(config-router)#network 192.168.12.0
R2(config-router)#network 192.168.23.0R3(config)#interface loopback 1
R3(config-if)#ip address 3.3.3.3 255.255.255.0
R3(config-if)#exit
R3(config)#router eigrp 123
R3(config-router)#no auto-summary
R3(config-router)#network 192.168.23.0
R3(config-router)#network 3.3.3.0I could also use physical interfaces, but they can go down. Whenever a physical interface goes down, our IGP (EIGRP in this example) could find another path to the loopback interfaces (if there is one).
R1(config)#interface tunnel 0
R1(config-if)#tunnel source loopback 1
R1(config-if)#tunnel destination 3.3.3.3
R1(config-if)#tunnel mode ipv6ipR3(config)#interface tunnel 0
R3(config-if)#tunnel source loopback 1
R3(config-if)#tunnel destination 1.1.1.1
R3(config-if)#tunnel mode ipv6ipThis is how we configure a tunnel interface. By default, a tunnel interface is always GRE, so with the tunnel mode ipv6ip command, I changed it to a “manual” tunnel. Let’s check the tunnel:
R1#show interfaces tunnel 0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 1.1.1.1 (Loopback1), destination 3.3.3.3
Tunnel protocol/transport IPv6/IPR3#show interfaces tunnel 0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 3.3.3.3 (Loopback1), destination 1.1.1.1
Tunnel protocol/transport IPv6/IPUse the show interfaces tunnel command to check if the tunnel is working. You can see mine is up, and the encapsulation type is TUNNEL. Our tunnel is working now, but we have some things left to do. We’ll enable IPv6 routing, and advertise the loopback and tunnel interfaces in RIPNG:
R1(config)#ipv6 unicast-routing
R1(config)#ipv6 router rip RIPNG
R1(config-rtr)#exit
R1(config)#interface loopback 0
R1(config-if)#ipv6 rip RIPNG enable
R1(config-if)#exit
R1(config)#interface tunnel 0
R1(config-if)#ipv6 enable
R1(config-if)#ipv6 rip RIPNG enableR3(config)#ipv6 unicast-routing
R3(config)#ipv6 router rip RIPNG
R3(config-rtr)#exit
R3(config)#interface loopback 0
R3(config-if)#ipv6 rip RIPNG enable
R3(config-if)#exit
R3(config)#interface tunnel 0
R3(config-if)#ipv6 enable
R3(config-if)#ipv6 rip RIPNG enableI enabled RIPNG (I could have chosen OSPFv3 or EIGRP) on the loopback0 and tunnel0 interface. You can see I also added an IPv6 address on the tunnel0 interfaces. We don’t need any IPv4 addresses on our tunnel0 interfaces. Let’s check the routing tables:
R1#show ipv6 route rip
IPv6 Routing Table - 4 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
R 2001::3/128 [120/2]
via FE80::303:303, Tunnel0R3#show ipv6 route rip
IPv6 Routing Table - 4 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
R 2001::1/128 [120/2]
via FE80::101:101, Tunnel0You can see both routers learned about each other IPv6 networks. Let’s try a ping:
R1#ping 2001::3 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::2, timeout is 2 seconds:
Packet sent with a source address of 2001::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/8 msA quick ping proves that we have connectivity.
That’s all you have to do to create a manual tunnel and encapsulate IPv6 packets in IPv4 packets. Not that bad, right? How about GRE? You can easily change the tunnel type:
R1(config)#interface tunnel 0
R1(config-if)#tunnel mode gre ipR3(config)#interface tunnel 0
R3(config-if)#tunnel mode gre ipUse tunnel mode gre ip or type no tunnel mode ipv6ip so it switches back to the default (GRE). Let’s check the tunnel:
R1#show interfaces tunnel 0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 1.1.1.1 (Loopback1), destination 3.3.3.3
Tunnel protocol/transport GRE/IPIt looks pretty much the same, except it now says GRE. The only difference between GRE and the manual tunnel is that GRE has a higher MTU by default, and there’s something with the link-local IPv6 address of the tunnel interface:
- The link-local address for the GRE tunnel is created with EUI-64 and takes the lowest-numbered interface’s MAC address.
- The link-local address for the manual tunnel is FE80::/96 + 32 bits from the tunnel source IPv4 address.
Configurations
Want to take a look for yourself? Here you will find the final configuration of each device.
R2
hostname R2
!
interface fastEthernet 0/0
ip address 192.168.12.2 255.255.255.0
!
interface fastEthernet 1/0
ip address 192.168.23.2 255.255.255.0
!
router eigrp 123
no auto-summary
network 192.168.12.0
network 192.168.23.0
!
endR3
hostname R3
!
ipv6 unicast-routing
!
interface loopback 0
ipv6 address 2001::3/128
ipv6 rip RIPNG enable
!
interface loopback 1
ip address 3.3.3.3 255.255.255.0
!
interface fastEthernet 0/0
ip address 192.168.23.3 255.255.255.0
!
interface tunnel 0
tunnel source loopback 1
tunnel destination 1.1.1.1
tunnel mode ipv6ip
tunnel mode gre ip
ipv6 rip RIPNG enable
!
router eigrp 123
no auto-summary
network 192.168.23.0
network 3.3.3.0
!
ipv6 router rip RIPNG
!
ipv6 general-prefix MYPREFIX 6to4 fastEthernet 0/0
!
endR1
hostname R1
!
ipv6 unicast-routing
!
interface loopback 0
ipv6 address 2001::1/128
ipv6 rip RIPNG enable
!
interface loopback 1
ip address 1.1.1.1 255.255.255.0
!
interface fastEthernet 0/0
ip address 192.168.12.1 255.255.255.0
!
interface tunnel 0
tunnel source loopback 1
tunnel destination 3.3.3.3
tunnel mode ipv6ip
tunnel mode gre ip
ipv6 rip RIPNG enable
!
router eigrp 123
no auto-summary
network 192.168.12.0
network 1.1.1.0
!
ipv6 router rip RIPNG
!
ipv6 general-prefix MYPREFIX 6to4 fastEthernet 0/0
!
endAnd that’s how you configure IPv6 static tunneling. If you have any questions just leave a comment!
Tunnel interface ip is not required.is it not necessary?
IPv6 uses the link-local addresses as the next-hop for routing entries so there is no need to configure a “global” IPv6 address.
Hello,
I see that you are using multiple interfaces, but our router is only base license.. which means we can only have up to 2 interfaces(that are not psychical).
Will it be possible with only 2 interfaces and(loopback 0&1) and have the tunnel psychical? I see that you write that it can be psychical, but what kind of changes would we need to do if so?
Hi Tor,
The tunnel0 interface is using the source IP addresses of my loopback interfaces. You can also build the tunnel between the IP addresses on the FastEthernet0/0 interfaces. Just use those as the source and destination and you are ready to go.
Rene
Hello Rene, and thanks for previous answer. We got it fixed, we changed two of the routers to cisco 1812, and the one running ipv4 only is a asa 5505. we are kinda stuck again though. I want all the other fastethernet ports(1-9) behind lets say destiny(cisco 1812), to access the servers behind cryo. Whatever I do, it wont work…
Thanks again,
regards