6to4 Tunnelling (GNS3 Lab)
Grab the initial configs and GNS3 files (including VPCS) [here].
First off we should have full v4 connectivity so confirm the Host_PC can ping the “BBC” @ 192.168.4.2. Worth checking all other interfaces too have full v4 reachability.
Again just to confirm we are actuall doing something useful here make sure the m00nie.com and Host PC can ping the v6 address on their local routers (both routers use ::1 for their subnet)
6to4 has been reserved a v6 range (2002::/16) for “mapping” v4 addresses into v6 ones. Any IPv6 address starting 2002 should be a 6to4 address and would be used to route towards a 6to4 gateway. More about this address “mapping” can be found here on wiki. The interfaces we are using for our tunnel sources will be fa0/0 on IPv6_Internet and fa0/1 on Branch. So from Branches IP of 192.168.3.1 this should be mapped to a 6to4 IPv6 address of 2002:C0A8:301::/48. There is a little feature in IOS to save typing out long v6 addresses, the “general-prefix”. This allows you to create “named” prefixes to make managment easier but it also has the benefit of calculating our 6to4 for us too (saving mistakes? :)). Lets try it for Branch:
Enter configuration commands, one per line. End with CNTL/Z.
Branch(config)# ipv6 general-prefix Branch-6to4 6to4 fastEthernet 0/1
Branch#show ipv6 general-prefix
IPv6 Prefix Branch-6to4, acquired via 6to4
2002:C0A8:301::/48 Valid lifetime infinite, preferred lifetime infinite
Here we created a named prefix called “Branch-6to4” and IOS has kindly calculated it for us and it look like what we expected! Important to note this command does not apply the address anywhere and does not actually calculate a host IP just the prefix. Do the same for Internet_IPv6 and call the prefix “Internet-6to4”.
Now we have vaild v6 ranges we can use (that via the “mapping” point to v4 IPs!) we can create the tunnel interfaces and add them to our routers to join the v6 islands. First of create a tunnel interface on Branch and using the general prefix we named earlier address it along with defining it as a 6to4 tunnel so it will accept 6to4 traffic sent to it.
Branch#conf t Enter configuration commands, one per line. End with CNTL/Z. Branch(config)#int tun 0 Branch(config-if)#ipv6 address Branch-6to4 ::1/128 Branch(config-if)#tunnel mode ipv6ip 6to4 Branch(config-if)#tunnel source fa 0/1 *Mar 1 00:45:58.851: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up Branch(config-if)#^Z *Mar 1 00:46:02.931: %SYS-5-CONFIG_I: Configured from console by console Branch#show ipv6 inter brief FastEthernet0/0 [up/up] FastEthernet0/1 [up/up] FastEthernet1/0 [up/up] FE80::C001:59FF:FE5F:10 2A01::1 FastEthernet2/0 [administratively down/down] Tunnel0 [up/up] FE80::C0A8:301 2002:C0A8:301::1
You can see how we used the general prefix name and picked the host address of ::1 out of this prefix to use as the address. Can save a lot of typos and copying? 🙂 After doing the same on the IPv6_Internet router you should have the same config as below:
IPv6_Internet#show run int tunnel 0 Building configuration... interface Tunnel0 no ip address no ip redirects ipv6 address Internet-6to4 ::2/128 tunnel source FastEthernet0/0 tunnel mode ipv6ip 6to4 end
Now we just need to configure both our routers to send v6 traffic over the tunnel interfaces to encapsulate the traffic in v4 and off to the opposing router. Lets configure the Branch router again:
Branch#conf t Enter configuration commands, one per line. End with CNTL/Z. Branch(config)#ipv6 unicast-routing Branch(config)#ipv6 route 2002::/16 tunnel 0 Branch(config)#ipv6 route ::/0 2002:C0A8:302::2
First off we enable v6 routing then configure all 6to4 IPs to be reachable over the tunnel then route a default (makes it simple for this lab) to a next hop within that 6to4 range. You cannot just configure an outgoing interface of the tunnel. Do the same on IPv6_Internet using Branch’s IP for the next hop. Now we should be done but lets confirm….
Lets test full connectivity 🙂 First off from Branches LAN side interface to IPv6_Internet LAN interface:
Branch#ping 200f::1 source 2A01::1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 200F::1, timeout is 2 seconds: Packet sent with a source address of 2A01::1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/8/12 ms
Its worth running a wireshark at the same time as the pings to look at how the traffic is encapsulated on the wire. You can see the IPv6 packets are encapsulated in IPv4 with the protocol changed to 41 which wireshark identifies as IPv6 🙂
We can check the IPv4 connectivity is unchanged and our v6 islands are fully connected now, job done 🙂