With dynamic multipoint tunnels we have two options - automatic 6to4 tunnels and ISATAP tunnels. Both options work pretty similarly.
Automatic 6to4 tunnels.
For this type of tunnels you can choose which type of IPv6 addresses you will provide to your users/customers - private or unique global (routable).
If you don't need the Internet access you can assign addresses from those reserved for 6to4 tunnels - 2002::/16.
The topology is as following:
With dynamic tunnels you don't need to specify tunnel destination, only the source. And if you have any kind of redundancy in the topology it is better to use loopbacks.
The idea is that you incorporate IPv4 address in the 2nd and 3rd quartets of the IPv6 address 2002::/16, which is specially reserved for these tunnels.
For R1 as example it will be 2002:0101:0101::/48. And then you just subnetting this prefix for your LANs. In my topology customers receive network 2002:101:101:1::/64 (for R1).
Then for tunnel you assign the ip address from the first subnet with prefix length of 128 (thus host prefix) - 2002:101:101::/128.
In order for all this to work you need to create a static route for prefix 2002::/16 pointing to your tunnel interface (since dynamic IPv6 tunnels don't support IGPs). Then when a router receives a packet destined to remote IPv6 branch it will deduce destination IPv4 address from destination IPv6 address (2nd and 3rd quartets) and send it to appropriate router.
Configuration is fairly simple:
R1:
ipv6 unicast-routing #I spend about 20 minutes trying to figure out why my lab was refusing to work.
!
interface Tunnel0
ipv6 address 2002:101:101::/128
tunnel source Loopback0
tunnel mode ipv6ip 6to4
!
interface FastEthernet1/0
ipv6 address 2002:101:101:1::1/64
!
ipv6 route 2002::/16 Tunnel0 #This route will cover all the tunnels and customers addresses.
R3:
ipv6 unicast-routing
!
interface Tunnel0
ipv6 address 2002:303:303::/128
tunnel source Loopback0
tunnel mode ipv6ip 6to4
!
interface FastEthernet1/0
ipv6 address 2002:303:303:1::3/64
!
ipv6 route 2002::/16 Tunnel0
VPCS[1]> ping 2002:303:303:1::100
2002:303:303:1::100 icmp6_seq=1 ttl=60 time=94.064 ms
2002:303:303:1::100 icmp6_seq=2 ttl=60 time=69.046 ms
VPCS[1]> trace 2002:303:303:1::100
trace to 2002:303:303:1::100, 64 hops max
1 2002:101:101:1::1 16.011 ms 9.005 ms 9.005 ms
2 2002:303:303:: 59.039 ms 49.033 ms 48.035 ms
3 2002:303:303:1::100 69.046 ms 59.040 ms 89.059 ms
In theory, you can use any /16 prefix for this type of tunnels and addresses assignement while you use related static route and incorporate IPv4 address in the 2nd and 3rd quarters of the tunnel's IP.
And this is how it works when you assign global unique routable addresses to you customers. The only difference is that you need to specify a static route for each branch LAN including next hop ip (remote tunnel IPv6 address) in order to recursive lookup to work.
Let's consider the same topology but with public addresses (ISP assigned prefix 2999:10:20::/48 to your company and you use /64 subnets):
ipv6 unicast-routing
!
interface Tunnel0
ipv6 address 2002:101:101::/128 #The same 2002::/16 prefix for tunnels sources.
tunnel source Loopback0
tunnel mode ipv6ip 6to4
!
interface FastEthernet1/0
ipv6 address 2999:10:20:1::1/64 #And different subnet for customers.
!
ipv6 route 2002::/16 Tunnel0
ipv6 route 2999:10:20:3::/64 Tunnel0 2002:303:303:: #Separate statis route for each branch LAN.
ipv6 route 2999:10:20:4::/64 Tunnel0 2002:404:404::
Configuration of R3 and R4 is similar.
VPCS[2]> ping 2999:10:20:1::100
2999:10:20:1::100 icmp6_seq=1 ttl=60 time=92.064 ms
2999:10:20:1::100 icmp6_seq=2 ttl=60 time=60.038 ms
VPCS[2]> trace 2999:10:20:1::100
trace to 2999:10:20:1::100, 64 hops max
1 2999:10:20:3::1 13.007 ms 10.008 ms 9.005 ms
2 2002:101:101:: 59.039 ms 49.032 ms 59.040 ms
3 2999:10:20:1::100 59.039 ms 69.046 ms 59.039 ms
ISATAP tunnels.
With ISATAP tunnels you don't have reserved address space like 2002::/16 and you have to use global unicast. The good thing is that all of your tunnel sources are in the same subnet, because ISATAP incorporates IPv4 address in 7th and 8th quartets using changed EUI-64 logic.
The topology is almost the same, only tunnel addresses were changed:
ipv6 unicast-routing
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip ospf 1 area 0
!
interface Tunnel0
ipv6 address 2000::/64 eui-64 #Here I use 2000::/64 for my tunnels. EUI-64 is a must for this type of tunnels. It uses changed EUI-64 logic - incorporate IPv4 address in 7th and 8th quartets and add 0000:5EFE before them (5th and 6th quartets respectively).
tunnel source Loopback0
tunnel mode ipv6ip isatap
!
interface FastEthernet1/0
ipv6 address 2999:10:20:1::1/64 #Customers use the same networks.
!
ipv6 route 2999:10:20:3::/64 2000::5EFE:303:303 #As with automatic 6to4 tunnels you need a static route for each brach LAN. Notice that there is remote tunnel source IPv6 address of R3.
ipv6 route 2999:10:20:4::/64 2000::5EFE:404:404
Configuration of R3 and R4 is similar.
VPCS[2]> ping 2999:10:20:1::100
2999:10:20:1::100 icmp6_seq=1 ttl=60 time=95.062 ms
2999:10:20:1::100 icmp6_seq=2 ttl=60 time=81.054 ms
VPCS[2]> trace 2999:10:20:1::100
trace to 2999:10:20:1::100, 64 hops max
1 2999:10:20:3::1 15.011 ms 9.004 ms 10.007 ms
2 2000::5efe:101:101 61.042 ms 49.033 ms 51.034 ms
3 2999:10:20:1::100 60.040 ms 61.041 ms 81.054 ms
Even though these dynamic tunnels are convenient and simple in use, the scalability isn't their strong side (except maybe Automatic tunnels using 2002::/16). I would recommend them only when you really have no opportunity to implement dual stack.
P.S.: and my simple mind map as a bonus:
Please, I'd like if you provided the topology and configuration of the first example (automatic 6to4 tunnels).
ReplyDeleteHere you go - http://rghost.net/50281254 (the link contains GNS3 topology and routers configs), it will be available for 30 days.
Delete