www.routermonkey.org | March 2008
search
calendar
« March 2008 »
Su Mo Tu We Th Fr Sa
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          
recently...
Categories
Links
archives
Syndicate
Credits
LifeType IE7 XHTML CSS Firefox

IPv6 over GRE Tunnel howto with Cisco IOS

2008-03-06 @ 01:16 in Routing & Switching:

IPv6 over IPv4 based GRE Tunnel howto with Cisco IOS
Barney Gaumer 03/05/2008

This short howto covers carrying IPv6 traffic over a IPv4 cloud to another IPv6 network. It’s a simplified method using an IPv4 based GRE Tunnel.  There’s more than one method to make this work but this is the way I set it up in my lab and it worked well.

First; the IOS levels on routers that will run “Dual Stack” need to be high enough to support IPv6 obviously.

Also, I use a Cisco 3640 as my frame-relay switch which is not depicted in the diagram.  Maybe I will cover setting up a frame-relay switch in another LAB for anyone interested.

The main point I would like to make is this LAB is fairly simple as long as careful planning is done before you get behind the console.

Plan out the networks ahead of time for loopbacks, WAN, LAN and Tunnel Interfaces, Loopback0 and the WAN networks will be advertised into the dynamic routing process.

I’m using RIPv2 as my routing process, as I said - intermediary networks and local loopbacks will be advertised but NOT the tunnel interface networks, also DON’T advertise LAN interfaces via your dynamic process as you may end up with a situation referred to as “recursive routes”.

In our example we had a need to tunnel through multiple routers to get to the IPv6 destination.

On the both endpoint routers, Loopback 0 is setup and each endpoint has a distinct IPv4 network addresses.  Also, the two endpoint routers Tunnel 0 interface will be on the same distinct network.

Loopback 0 as-well-as the LAN interface will have both IPv6 and IPv4 addresses on them, this is referred to as “Dual Stack”.

Taking the following illustration for example; the tunnel source for Router A is its own loop0 Interface. The tunnel destination is the ip address of the loop0 on Router C.

Conversely, the tunnel source for Router C is its own loop0 Interface and its tunnel destination is the ip address of Router A’s loop0.  Router B should participate in the RIP process.


Now add IPv4 route on Router A for Net2 and the next hop should be tun0.  On Router C set a route for Net1 with next hop Tun0.  Now use ping to test.

If your test is successful add routes for IPv6 on each router for the same as you did for IPv4.  Make sure to type the “ipv6 enable” command on your tunnel interfaces.

I am not going into IPv4 or IPv6 in this document but I will mention that if you need a nice subnet calculator to help with either version of IP, check out:

http://www.bitcricket.com/

(direct download)
http://www.bitcricket.com/downloads/IPCalculator.msi

That’s the short version.

I'm including configs and a diagram from my lab if you want more detail than was presented in the material above.

lab-3620b Config:

Current configuration : 1373 bytes
!
version 12.3                                                                       
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname lab-3620b
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
ip subnet-zero  
!
!
ip cef
ip domain name ankeny-labs.local
ip name-server 10.200.2.11
ip name-server FEC0:0:1:2:250:4FF:FE43:4363
!
ip audit po max-events 100
ipv6 unicast-routing
ipv6 cef  
!                                                                                  
!  
interface Loopback0
 ip address 172.21.10.1 255.255.255.0
 ipv6 address FEC0:0:1:8::/64 eui-64
!
interface Tunnel0
 ip address 192.168.100.2 255.255.255.0
 ipv6 enable
 tunnel source Loopback0
 tunnel destination 172.21.20.1
!
interface Ethernet0/0
 ip address 192.168.1.9 255.255.255.0
 half-duplex
 ipv6 address FEC0:0:1:4::/64 eui-64
!
interface Serial0/0
 no ip address
 encapsulation frame-relay
!
interface Serial0/0.1 point-to-point
 ip address 172.16.100.2 255.255.255.252
 ip rip send version 2
 ip rip receive version 2
 frame-relay interface-dlci 16
!
router rip
 version 2
 passive-interface Ethernet0/0
 network 172.16.0.0  
 network 172.21.0.0
 default-metric 2
 no auto-summary
!
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 10.200.2.0 255.255.255.0 Tunnel0
!
!
ipv6 route FEC0:0:1:2::/64 Tunnel0
!
!
!
line con 0
line aux 0
line vty 0 4
 password cisco
 login
!
!
end 

lab-3620a Config:

Current configuration : 786 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname lab-3620a
!
enable password cisco
!
!
!
!
!
ip subnet-zero
no ip finger
!
!
!
!
interface Ethernet0/0
 ip address 192.168.250.2 255.255.255.0
 ip rip send version 2
 ip rip receive version 2
!
interface Serial0/0
 no ip address
 encapsulation frame-relay
!
interface Serial0/0.1 point-to-point
 ip address 172.16.100.1 255.255.255.252
 ip rip send version 2
 ip rip receive version 2
 frame-relay interface-dlci 16
!
router rip
 version 2
 redistribute connected
 network 172.16.0.0
 network 192.168.250.0
 default-metric 2
 no auto-summary
!
ip classless
ip http server
!
!
line con 0
 transport input none
line aux 0
line vty 0 4
 password cisco
 login
!
end

lab-3640b Config:

Current configuration : 2211 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname lab-3640b
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
!
resource policy
!
memory-size iomem 10
ip subnet-zero
!
!
ip cef
ip domain name ankeny-labs.local
ip name-server 10.200.2.11
ip name-server FEC0:0:1:2:250:4FF:FE43:4363
no ip dhcp use vrf connected
!
!
no ip ips deny-action ips-interface
!
ipv6 unicast-routing
ipv6 cef
!
!
!
interface Tunnel0
 ip address 192.168.100.1 255.255.255.0
 ipv6 enable
 tunnel source Loopback0
 tunnel destination 172.21.10.1
!
interface Loopback0
 ip address 172.21.20.1 255.255.255.0
 ipv6 address FEC0:0:1:9::/64 eui-64
!
interface FastEthernet0/0
 ip address 192.168.250.1 255.255.255.0
 ip rip send version 2
 ip rip receive version 2
 speed 10
 half-duplex
!
interface FastEthernet0/1
 ip address 10.200.2.2 255.255.255.0
 ip nbar protocol-discovery
 duplex auto
 speed auto
 ipv6 address FEC0:0:1:2::/64 eui-64
 ipv6 enable
 ipv6 rip 1 enable
!
interface Serial1/0
 no ip address
 shutdown
 serial restart-delay 0
 no fair-queue
!
interface Serial1/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface FastEthernet2/0
 ip address 10.200.0.7 255.255.255.0
 duplex auto
 speed auto
!
router eigrp 100
 network 10.200.0.0 0.0.0.255
 network 10.200.2.0 0.0.0.255
 default-metric 1000 100 255 10 1500
 no auto-summary     
!
router rip
 version 2
 network 172.21.0.0
 network 192.168.250.0
 default-metric 2
 no auto-summary
!
ip http server
no ip http secure-server
ip classless
ip route 192.168.1.0 255.255.255.0 Tunnel0
!
!
!
logging 10.200.0.100
access-list 90 permit any log
access-list 111 permit tcp any any eq telnet log
ipv6 route FEC0:0:1:4::/64 Tunnel0
ipv6 router rip 1
 redistribute static
!
!
!
!
control-plane
!
!
!
!
line con 0
line aux 0
line vty 0 4
 access-class 90 in
 password cisco
 login
!
!
end

 

Posted by bgaumer | Trackback (0) | Permalink