Dynamic multipoint IPv6 tunnels are another migration technique we can use. It’s called dynamic because we don’t have to specify the end-point IPv4 address ourselves, but it is being automatically determined. The downside of multipoint IPv6 tunnels is that they don’t support IPv6 IGPs. You have to use static routes or BGP.
There are two different flavors:
- Automatic 6to4
- ISATAP
Let’s dive into the automatic 6to4 tunnel to see how it works. We don’t configure the IPv4 end-point address ourselves, but instead, the IPv4 end-point address will be wrapped in the IPv6 destination address. Our IPv4 address is only 32-bit, so it’s easy to fit it in a 128-bit IPv6 address, right?
The 2002::/16 range has been reserved to use for tunneling. This IPv6 address space is only for tunneling and will never be used for IPv6 global unicast addresses. If we start with the 2002::/16 prefix, we create a /48 prefix for each tunnel end-point. We have to take the IPv4 address of the end-point and convert it into hexadecimal as bits 17 to 48.
The second step is to create subnets from /48 up to /64 prefixes for all the subnets behind the end-point.
Here’s a graphical overview. 2002::/16 is the range we can use for the tunnels. The second part is the IPv4 end-point address converted to hexadecimal. Up to /64, we can use to create subnets. C0A8:1703 converts to IPv4 address 192.168.23.3. Do you have trouble calculating from hex to binary/decimal and vice versa? There is a neat trick on Cisco routers that can do the work for you. First, you have to configure an IPv4 address on an interface and then use the ipv6 general-prefix
command:
R3(config)#ipv6 general-prefix MYPREFIX 6to4 fastEthernet 0/0
R3#show ipv6 general-prefix
IPv6 Prefix MYPREFIX, acquired via 6to4
2002:C0A8:1703::/48
It will convert the IPv4 address in hexadecimal and give you the correct IPv6 tunnel prefix with the show ipv6 general-prefix
command.
Configuration
Let’s take a look at an actual configuration of automatic 6to4 tunneling. This is the topology:
Let’s look at another example and configure automatic tunneling. The idea is that I don’t want to configure a tunnel destination on R1 or R3…it should be created dynamically!
We’ll start with the configuration of the interfaces and IPv4 / IPv6 addresses:
R1(config)#interface loopback 0
R1(config-if)#ipv6 address 2001::1/128
R1(config-if)#exit
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 192.168.12.1 255.255.255.0
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip address 192.168.12.2 255.255.255.0
R2(config-if)#exit
R2(config)#interface fastEthernet 1/0
R2(config-if)#ip address 192.168.23.2 255.255.255.0
R3(config)#interface fastEthernet 0/0
R3(config-if)#ip address 192.168.23.3 255.255.255.0
R3(config-if)#exit
R3(config)#interface loopback 0
R3(config-if)#ipv6 address 2001::3/128
The next step is to configure routing so that we have reachability in IPv4:
R1(config)#router eigrp 123
R1(config-router)#no auto-summary
R1(config-router)#network 192.168.12.0
R2(config)#router eigrp 123
R2(config-router)#no auto-summary
R2(config-router)#network 192.168.12.0
R2(config-router)#network 192.168.23.0
R3(config)#router eigrp 123
R3(config-router)#no auto-summary
R3(config-router)#network 192.168.23.0
We will use the FastEthernet0/0 interfaces to build the tunnel. Since the tunnel is created automatically, we need to know the IPv6 equivalent of the IPv4 addresses:
R1(config)#ipv6 general-prefix MYPREFIX 6to4 fastEthernet 0/0
R3(config)#ipv6 general-prefix MYPREFIX 6to4 fastEthernet 0/0
R1#show ipv6 general-prefix
IPv6 Prefix MYPREFIX, acquired via 6to4
2002:C0A8:C01::/48
R3#show ipv6 general-prefix
IPv6 Prefix MYPREFIX, acquired via 6to4
2002:C0A8:1703::/48
Nice write-up. I think what would be cool is a follow-up blog entry on why the 6to4 automatic tunnels should NOT be used today in anything other than the lab networks. The 6to4 mechanism itself is pretty cool but it can create the problems if used for one’s real-world live traffic. Managed tunnels, if one has to use tunnels, are a much better approach.
Is it possible if we use dynamic routing protocol instead of static route for both of ipv6 segments ?
or we just use static route for ipv6 route 2002::/16 tunnel 0 as recursive routing whereas for segment ipv6 2001::YY/128 we use dynamic route.
Is it possible ? please advice me.
Hi Andria,
For the automatic 6to4 tunneling we can’t use dynamic routing on the Tunnel interfaces. If you have a lot of IPv6 prefixes, it’s better to create some tunnels yourself and configure EIGRP or OSPFv3 on it.
Rene
Great explanation and example!!!
I did the same scenario using BGP instead of static routing.
Glad to hear you like it Jose! BGP will also work, I used the static routes for this example to keep it simple.