How to configure IPv6 Automatic 6to4 Tunneling

Dynamic multipoint IPv6 tunnels are another migration technique we can use. It’s called dynamic because we don’t have to specify the end-point IPv4 address ourselves but its being automatically determined. The downside of multipoint IPv6 tunnels is that they don’t support IPv6 IGPs. You have to use static routes or BGP.

There are two different flavors:

Let’s dive in the automatic 6to4 tunnel to see how it works. We don’t configure the IPv4 end-point address ourselves but instead the IPv4 end-point address will be wrapped in the IPv6 destination address. Our IPv4 address is only 32-bit so it’s easy to fit it in a 128-bit IPv6 address right?

The 2002::/16 range has been reserved to use for tunneling. This IPv6 address space is only for tunneling and will never be used for IPv6 global unicast addresses. If we start with the 2002::/16 prefix we create a /48 prefix for each tunnel end-point. What we have to do is take the IPv4 address of the end-point and convert it into hexadecimal as bits 17 to 48.

The second step is that we can create subnets from /48 up to /64 prefixes for all the subnets behind the end-point.

IPv6 Tunneling Prefix

Here’s a graphical overview. 2002::/16 is the range we can use for the tunnels. The second part is the IPv4 end-point address converted to hexadecimal. Up to /64 we can use to create subnets. C0A8:1703 converts to IPv4 address 192.168.23.3. Do you have trouble calculating from hex to binary/decimal and vice versa?

R3(config)#ipv6 general-prefix MYPREFIX 6to4 fastEthernet 0/0

R3#show ipv6 general-prefix  
IPv6 Prefix MYPREFIX, acquired via 6to4
  2002:C0A8:1703::/48

There is a neat trick on Cisco routers that can do the work for you. First you have to configure an IPv4 address on an interface and then use the ipv6 general-prefix command. It will convert the IPv4 address in hexadecimal and give you the correct IPv6 tunnel prefix with the show ipv6 general-prefix command. I’m not sure if this is available on the CCNP ROUTE exam but it’s nice to know anyway! Let’s take a look at an actual configuration of automatic 6to4 tunneling, this is the topology:

ipv6 static tunneling

Let’s look at another example and configure automatic tunneling. The idea is that I don’t want to configure a tunnel destination on R1 nor R3…it should be created dynamically!

We’ll start with the configuration of the interfaces and IPv4 / IPv6 addresses:

R1(config)#interface loopback 0
R1(config-if)#ipv6 address 2001::1/128
R1(config-if)#exit
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 192.168.12.1 255.255.255.0
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip address 192.168.12.2 255.255.255.0
R2(config-if)#exit  
R2(config)#interface fastEthernet 1/0
R2(config-if)#ip address 192.168.23.2 255.255.255.0
R3(config)#interface fastEthernet 0/0
R3(config-if)#ip address 192.168.23.3 255.255.255.0
R3(config-if)#exit
R3(config)#interface loopback 0
R3(config-if)#ipv6 address 2001::3/128

Next step is to configure routing so that we have reachability in IPv4:

R1(config)#router eigrp 123
R1(config-router)#no auto-summary 
R1(config-router)#network 192.168.12.0
R2(config)#router eigrp 123
R2(config-router)#no auto-summary 
R2(config-router)#network 192.168.12.0
R2(config-router)#network 192.168.23.0
R3(config)#router eigrp 123
R3(config-router)#no auto-summary 
R3(config-router)#network 192.168.23.0

We will use the FastEthernet0/0 interfaces to build the tunnel. Since the tunnel is created automatically we need to know the IPv6 equivalent of the IPv4 addresses:

R1(config)#ipv6 general-prefix MYPREFIX 6to4 fastEthernet 0/0
R3(config)#ipv6 general-prefix MYPREFIX 6to4 fastEthernet 0/0
R1#show ipv6 general-prefix 
IPv6 Prefix MYPREFIX, acquired via 6to4
  2002:C0A8:C01::/48
R3#show ipv6 general-prefix 
IPv6 Prefix MYPREFIX, acquired via 6to4
  2002:C0A8:1703::/48

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 660 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

503 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags:


Forum Replies

  1. HI Rene’

    I not understand very well why the eui-64 i s needed, and also why on R1 the command
    tunnel mode ipv6ip isatap
    is not needed.
    Also I’m testing this configuration on gns3 and router r1 not install a static route.

  2. Hello Giovanni

    According to Cisco documentation, when configuring ISATAP:

    The IPv6 tunnel interface must be configured with a modified EUI-64 address
    because the last 32 bits in the interface identifier are constructed using the IPv4 tunnel source address.

    If you were to specify the address fully, the ISATAP operation would not function.

    Also, when you configure tunnel mode ipv6ip isatap on the headend, there is no need to specify the mode in which the tunnel will be functioning on the client. On the client, you also set ipv6 address autoconfig, which means

    ... Continue reading in our forum

  3. Hi Rene and Laz,

    Would you say that the ISATAP operation is very similar to the DMVPN Phase 1 where all of the tunnel traffic has to traverse the “Headend” router just like with DMVPN phase 1 and its “HUB”?

  4. Hello Nitay

    It is similar only so far as the traffic actually traverses the router itself (either the head end or the HUB in each case) to get to its destination. However, beyond that, the purpose and the mechanisms of the two features you mention are completely different.

    I hope this has been helpful!

    Laz

Ask a question or join the discussion by visiting our Community Forum