How to configure IPv6 Automatic 6to4 Tunneling

HI Rene ,

Thanks a lot , this was very helpful for me

Dionisis

Hello,

I have a question regarding the 6to4 implementation:
Should it work if i use another prefix than 2002:?

I read couple of articles and in every place it’s written that 2002 is reserved for 6to4 implementation (like router knows how to extract 32 bit IPv4 address encoded in Hex format that goes after that prefix).

But in my lab i just used another prefix (just for testing): 1002: and the 6to4 stuff worked properly as well.

Can you please explain this behavior? Is it a correct and expected behavior or not?

Thanks,
Vladimir

This might have to do with the complexity (or lack thereof) for your lab. As you indicated, the 2002::/16 is a signal to IPv6 routers that they are supposed to convert the next 32 bits into an IPv4 address for routing over an IPv4 network. Without that signal, the IPv6 routers would not do this conversion, so they would have to have a native IPv6 route and path for delivery to the destination.

So to answer your question, this would be unexpected behavior unless you were in an environment so simple that 1002::/? could take place via some other native IPv6 capabilities.

Hi Rene,

Thank you for the great write-up. I am just wondering that you mentioned ISATAP but you did not explain it or has any example.

BR,
Collin

Hello Rene,

Thanks for the explanation of 6to4.

Do you describe the ISATAP flavour in another post?

19 posts were merged into an existing topic: How to configure IPv6 Automatic 6to4 Tunneling

Hi Rene,

Can you give me an example using BGP instead of static route ??

Hi @hussien.samer

Remove the following two static routes:

R1(config)#ipv6 route 2001::3/128 2002:C0A8:1703::3  
R3(config)#ipv6 route 2001::1/128 2002:C0A8:C01::1  

And then add a BGP configuration like this. R1:

R1(config)#router bgp 13
R1(config-router)#bgp log-neighbor-changes
R1(config-router)#neighbor 2002:C0A8:1703::3 remote-as 13

R1(config-router)#address-family ipv6
R1(config-router-af)# neighbor 2002:C0A8:1703::3 activate
R1(config-router-af)#exit-address-family

R3:

R3(config)#router bgp 13
R3(config-router)#bgp log-neighbor-changes
R3(config-router)#neighbor 2002:C0A8:C01::1 remote-as 13

R3(config-router)#address-family ipv6
R3(config-router-af)#neighbor 2002:C0A8:C01::1 activate

This will establish a BGP IPv6 neighbor adjacency:

R1#show ip bgp ipv6 unicast neighbors
BGP neighbor is 2002:C0A8:1703::3,  remote AS 13, internal link
  BGP version 4, remote router ID 192.168.23.3
  BGP state = Established, up for 00:05:06
  Last read 00:00:01, last write 00:00:31, hold time is 180, keepalive interval is 60 seconds
  Neighbor sessions:
    1 active, is not multisession capable (disabled)
1 Like

Thanks Rene, that was helpful.

1 Like

Helle Boss Rene,

I have 2 questions:
1/is it possble to get ipv4 in hex without MYPREFIX in this command ?

ipv6 general-prefix **MYPREFIX** 6to4 fastEthernet 0/0

2/ Could we directly put

R1(config)#ipv6 route 2001::3/128 tunnel 0 or
R1(config)#ipv6 route 2002::/16 tunnel 0

BR,
Ulrich

Hello Djan

Yes it is possible. What you can do is enter the following command:ipv6 general-prefix MYPREFIX 2002:C0A8:1703::/48. This will explicitly state the prefix rather than having the router calculate it for you from the IPv4 address of the FastEthernet 0/0 interface.

No this wouldn’t work because you require both these commands on both routers.

image

Rene explains it like so:

The first static route we need to tell our routers how to reach the loopback0 interface of the other side. It points to the IPv6 address which has the IPv4 address in hex in it. The routers will have to do recursive routing to find an entry for 2002:: which is why we need the second static route. Since 2002::/16 is reserved for tunneling I’m creating a static that points directly to our tunnel0 interface.

I hope this has been helpful!

Laz

Hi,

Can anyone please explain me when the remaining 16 bits of the prefix part of a 6to4 IPV6 are used ? Since it is to allocate to a point to point tunnel interface and not to the IPv6 hosts behind the routers I can’t see why more than one IP should be needed

Thanks a lot

Hello Imen

The components of an 6to4 tunneling IPb6 address are:

  1. The prefix which is 16 bits which is always 2002 in HEX.
  2. The next 32 bits are the IPv4 address being tunneled in HEX
  3. The next 16 bits are the subnet ID which is used to define the subnet in which that IPv4 address exists.

Now the subnet ID must be unique for the link to the specific 6to4 site. This subnet ID is like a tunnel identifier. It allows for addressing multiple IPv6 subnets behind the same 6to4 router…

I hope this has been helpful!

Laz

thanks Rene, this is a nice addition, would be great to add to the same article…

Reading the How To Master CCNP Route book, I came across static and dynamic IPv6 tunnels for IPv6 migration. I keep getting caught up on the statement (page 318):

Dynamic multipoint IPv6 tunnels are another migration technique we can use. It’s called
dynamic because we don’t have to specify the end-point IPv4 address ourselves but its
being automatically determined.

However, after successfully configuring the topology and being able to ping the loopbacks…I am still left wondering how the “end-point IPv4 address is automatically determined”.

How are the end-point IPv4 address automatically determined? By the two static routes we configure? I understand that the keyword 6to4 enables the 2002::/16 prefix and then it uses the IPv4 address on the interface being used to create the tunnel, and converts it to HEX and then adds it to the 2002::/16 prefix. But that isn’t the destination IPv4 address…its the local IPv4 address…so I am not sure how the end-points are “automatically determined”.

Please advise.

Hello Brandon

Take a look at Rene’s lesson on “How to configure IPv6 Automatic 6to4 Tunneling.” In it he has configured a tunnel where the endpoint IPv4 addresses have been automatically determined. In his example, he is not using the addresses of loopback interfaces, but the actual physical interfaces. The result is the same however.

When configuring the tunnel interface, he assigns an IPv6 address to the interface using a 2002:XXXX:XXXX::1/64 address where XXXX:XXXX is the IPv4 address of the tunnel source interface being used expressed in hex. Now in the same tunnel interface he also uses the command tunnel mode ipv6ip 6to4. It is this command that informs the router to automatically get the IPv4 address from the IPv6 address. Take a look at the lesson for more details:

I hope this has been helpful!

Laz

Thank you for the reply. I already purchased and finished the How to Master CCNP ROUTE book. I am just reviewing all of the material, and more specifically the material I feel weak with. I do understand how the IPv6 6to4 tunneling works now.

The way it is phrased is what kept tripping me up. This part in particular:

“In it, he has configured a tunnel where the endpoint IPv4 addresses have been automatically determined.”

For some reason, when I read this originally, I automatically thought that the endpoint IPv4 addresses (that are converted to HEX) were the destination IPv4 addresses (the IP address on the physical interface at the remote end of the tunnel) and not the local IPv4 address on the interface referenced in the command R1(config)# ipv6 general-prefix MYPREFIX 6to4 fastEthernet 0/0.

However, I believe that I understand how this tunneling mechanism works now. The automatic part occurs when the 6to4 command tells the router to “extract” the IPv4 address from the 2002:C0A8:C01::1 type of address, an then use it as the tunnel destination address for the router at the remote end of the tunnel…correct?

Hello Brandon

Yes I can see how that can be misunderstood. As for your subsequent explanation, yes it looks like you have indeed understood the concept correctly.

I hope this has been helpful!

Laz

Hey, can you please explain this sentence more thoroughly:
“The second step is that we can create subnets from /48 up to /64 prefixes for all the subnets behind the end-point.”

Why shouldn’t we always use a host mask (/128) for the tunnel 6to4 address?
(2002:C0A8:1703::/128 for your configuration)

Hello Inon

If we have an IPv4 address of 192.168.23.3 as in the lesson, then the automatic 6to4 tunnelling will use 2002:C0A8:1703 as the beginning of the IPv6 address. Now from this, we can use any subnet prefix of /48 to /64 to represent the IPv6 addresses behind each end of the tunnel. So in a sense, 2002:C0A8:1703::/48 represents the tunnel interface on R1. All IPv6 addresses behind R1 will be mapped to the appropriate address. For example:

We ping from 2001::3/128 to 2001::1/128. When the ping reaches R3, it will be converted to 2002:C0A8:1703::1, sent over the tunnel to R1 where it will be converted back to 2001::1.

When you are referring to specific hosts, you would use the host mask of /128, but when referring to the tunnelling prefix, you will always use the /48 prefix.

Now the general-prefix command automatically configures the prefix as /48 but you are able to use a /64 or anything in between if you like.

I hope this has been helpful!

Laz

1 Like