DMVPN IPv6 over IPv4

DMVPN uses multipoint GRE (Generic Routing Encapsulation) tunnel interfaces. We can use GRE to encapsulate multiple protocols, including IPv6.

This allows us to run IPv6 on our DMVPN tunnel interfaces while using IPv4 (or IPv6) on the underlay network. In this lesson I’ll show you how to run DMVPN IPv6 over an IPv4 underlay network.

Here’s the topology we will use:

DMVPN IPv6 over IPv4

Above we have a hub and two spoke routers. The underlay network uses IPv4 and subnet 192.168.123.0/24. On the tunnel interfaces we will use 2001:DB8::/64.

Before we start working on the DMVPN configuration, let’s make sure the underlay network is up and running:

Hub#ping 192.168.123.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.123.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms
Hub#ping 192.168.123.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.123.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/4 ms

No issues there, the hub can ping both spoke routers. Let’s take a look at the tunnel interfaces…

Configuration








Let’s start with the hub configuration:

Hub(config)#interface Tunnel 0
Hub(config-if)#ipv6 address 2001:DB8::1/64
Hub(config-if)#ipv6 nhrp authentication DMVPN
Hub(config-if)#ipv6 nhrp map multicast dynamic 
Hub(config-if)#ipv6 nhrp network-id 1
Hub(config-if)#tunnel source GigabitEthernet 0/1
Hub(config-if)#tunnel mode gre multipoint 

The only difference between IPv4 and IPv6 is that we now have to use the “ipv6 nhrp” command. Let’s take a look at the spoke router:

Spoke1(config)#interface Tunnel 0
Spoke1(config-if)#ipv6 address 2001:DB8::2/64
Spoke1(config-if)#ipv6 nhrp authentication DMVPN
Spoke1(config-if)#ipv6 nhrp map 2001:DB8::1/128 192.168.123.1
Spoke1(config-if)#ipv6 nhrp map multicast 192.168.123.1
Spoke1(config-if)#ipv6 nhrp network-id 1
Spoke1(config-if)#ipv6 nhrp nhs 2001:DB8::1
Spoke1(config-if)#tunnel source GigabitEthernet 0/1
Spoke1(config-if)#tunnel mode gre multipoint

The configuration above is pretty much the same as for IPv4, there are a few differences:

  • We map the IPv6 tunnel address to the IPv4 NBMA address of the hub router.
  • We map multicast traffic to the IPv4 NBMA address of the hub router.
  • The NHS server is the IPv6 address on the tunnel interface of our hub router.

We are using GRE multipoint on the spoke router which makes it a DMVPN phase 2 network. The spoke2 router will use the exact same configuration as spoke1 but we use another IPv6 address:

Spoke2(config)#interface Tunnel0
Spoke2(config-if)#ipv6 address 2001:DB8::3/64
Spoke2(config-if)#ipv6 nhrp authentication DMVPN
Spoke2(config-if)#ipv6 nhrp map 2001:DB8::1/128 192.168.123.1
Spoke2(config-if)#ipv6 nhrp map multicast 192.168.123.1
Spoke2(config-if)#ipv6 nhrp network-id 1
Spoke2(config-if)#ipv6 nhrp nhs 2001:DB8::1
Spoke2(config-if)#tunnel source GigabitEthernet0/1
Spoke2(config-if)#tunnel mode gre multipoint

That’s all we have to configure.

Verification

Let’s verify our work, first we’ll check if the hub router has NHRP registrations:

Hub#show dmvpn 
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        T1 - Route Installed, T2 - Nexthop-override
        C - CTS Capable
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
        UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel0, IPv6 NHRP Details 
Type:Hub, Total NBMA Peers (v4/v6): 2
    1.Peer NBMA Address: 192.168.123.2
        Tunnel IPv6 Address: 2001:DB8::2
        IPv6 Target Network: 2001:DB8::2/128
        # Ent: 1, Status: UP, UpDn Time: 00:00:58, Cache Attrib: D
    2.Peer NBMA Address: 192.168.123.3
        Tunnel IPv6 Address: 2001:DB8::3
        IPv6 Target Network: 2001:DB8::3/128
        # Ent: 1, Status: UP, UpDn Time: 00:00:56, Cache Attrib: D

Above you can see the two NHRP registrations from the spoke routers. We see the IPv4 NBMA addresses and the IPv6 tunnel addresses. Below you can see the NHRP registration request in wireshark:

DMVPN NHRP IPv6 Registration Request

And here’s the reply from the hub:

DMVPN NHRP IPv6 Registration Reply

Let’s make sure that the tunnels are working, we’ll send some quick pings from the hub to the spoke routers:

Hub#ping 2001:DB8::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/6/10 ms
Hub#ping 2001:DB8::3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/6/6 ms

Excellent these pings are working. What about spoke-to-spoke traffic?

Spoke1#ping 2001:DB8::3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/6 ms

No problem, this is also working!

Digiprove sealCopyright protected by Digiprove © 2015-2016 Rene Molenaar

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 745 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

582 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , , ,


Forum Replies

  1. Hi Rene
    i suspect a typo error:

    Spoke1(config-if)#ipv6 nhrp map 2001:DB8::1/128 192.168.123.1

    should be

    Spoke1(config-if)#ipv6 nhrp map 2001:DB8::1/64 192.168.123.1

    same for spoke2

    thank you to confirm

    Cheers

  2. Hi Fethi,

    The /128 addresses are correct. It’s a specific mapping between the IPv6 address and the IPv4 address.

    Rene

  3. Hi
    Is possible to transport ipv4 and ipv6 addresses in the same tunnel interface?

    If I debug the tunnel of the hub with debug tunnel comand , I recive this output.

    R1-Hub#ping 2001:db8::2
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 2001:DB8::2, timeout is 2 seconds:
    
    *Apr 20 12:36:50.128: Tunnel0: Drop, Encap failed, pak if = Tunnel0,desthost 0.0.0.0, linktype 79.
    *Apr 20 12:36:52.133: Tunnel0: Drop, Encap failed, pak if = Tunnel0,desthost 0.0.0.0, linktype 79.
    *Apr 20 12:36:53.224: Tunnel0: Drop, Encap failed, pak if = Tunnel0,desthost 0.0
    ... Continue reading in our forum

  4. Hello Giovanni

    It is possible to tunnel both IPv4 and IPv6 over the same GRE tunnel, and since DMVPN is based on GRE, it can be done, as you yourself have provided with your configuration.

    Can you share with us the difference between your configurations when you received the “Encap failed” message and the successful tunneling of both protocols?

    Thanks!

    Laz

  5. The log message was caused by a wrong configuration on Spokes.
    The command below was missing in the tunnel configuration.

    ipv6 nhrp nhs 2001:DB8::1
    

1 more reply! Ask a question or join the discussion by visiting our Community Forum