How to configure IPv6 Automatic 6to4 Tunneling

Hello Rene,

Thanks for the explanation of 6to4.

Do you describe the ISATAP flavour in another post?

19 posts were merged into an existing topic: How to configure IPv6 Automatic 6to4 Tunneling

Hi Rene,

Can you give me an example using BGP instead of static route ??

Hi @hussien.samer

Remove the following two static routes:

R1(config)#ipv6 route 2001::3/128 2002:C0A8:1703::3  
R3(config)#ipv6 route 2001::1/128 2002:C0A8:C01::1  

And then add a BGP configuration like this. R1:

R1(config)#router bgp 13
R1(config-router)#bgp log-neighbor-changes
R1(config-router)#neighbor 2002:C0A8:1703::3 remote-as 13

R1(config-router)#address-family ipv6
R1(config-router-af)# neighbor 2002:C0A8:1703::3 activate
R1(config-router-af)#exit-address-family

R3:

R3(config)#router bgp 13
R3(config-router)#bgp log-neighbor-changes
R3(config-router)#neighbor 2002:C0A8:C01::1 remote-as 13

R3(config-router)#address-family ipv6
R3(config-router-af)#neighbor 2002:C0A8:C01::1 activate

This will establish a BGP IPv6 neighbor adjacency:

R1#show ip bgp ipv6 unicast neighbors
BGP neighbor is 2002:C0A8:1703::3,  remote AS 13, internal link
  BGP version 4, remote router ID 192.168.23.3
  BGP state = Established, up for 00:05:06
  Last read 00:00:01, last write 00:00:31, hold time is 180, keepalive interval is 60 seconds
  Neighbor sessions:
    1 active, is not multisession capable (disabled)
1 Like

Thanks Rene, that was helpful.

1 Like

Helle Boss Rene,

I have 2 questions:
1/is it possble to get ipv4 in hex without MYPREFIX in this command ?

ipv6 general-prefix **MYPREFIX** 6to4 fastEthernet 0/0

2/ Could we directly put

R1(config)#ipv6 route 2001::3/128 tunnel 0 or
R1(config)#ipv6 route 2002::/16 tunnel 0

BR,
Ulrich

Hello Djan

Yes it is possible. What you can do is enter the following command: ipv6 general-prefix MYPREFIX 2002:C0A8:1703::/48. This will explicitly state the prefix rather than having the router calculate it for you from the IPv4 address of the FastEthernet 0/0 interface.

No this wouldn’t work because you require both these commands on both routers.

Rene explains it like so:

The first static route we need to tell our routers how to reach the loopback0 interface of the other side. It points to the IPv6 address which has the IPv4 address in hex in it. The routers will have to do recursive routing to find an entry for 2002:: which is why we need the second static route. Since 2002::/16 is reserved for tunneling I’m creating a static that points directly to our tunnel0 interface.

I hope this has been helpful!

Laz

Hi,

Can anyone please explain me when the remaining 16 bits of the prefix part of a 6to4 IPV6 are used ? Since it is to allocate to a point to point tunnel interface and not to the IPv6 hosts behind the routers I can’t see why more than one IP should be needed

Thanks a lot

Hello Imen

The components of an 6to4 tunneling IPb6 address are:

  1. The prefix which is 16 bits which is always 2002 in HEX.
  2. The next 32 bits are the IPv4 address being tunneled in HEX
  3. The next 16 bits are the subnet ID which is used to define the subnet in which that IPv4 address exists.

Now the subnet ID must be unique for the link to the specific 6to4 site. This subnet ID is like a tunnel identifier. It allows for addressing multiple IPv6 subnets behind the same 6to4 router…

I hope this has been helpful!

Laz

thanks Rene, this is a nice addition, would be great to add to the same article…

Reading the How To Master CCNP Route book, I came across static and dynamic IPv6 tunnels for IPv6 migration. I keep getting caught up on the statement (page 318):

“Dynamic multipoint IPv6 tunnels are another migration technique we can use. It’s called
dynamic because we don’t have to specify the end-point IPv4 address ourselves but its
being automatically determined.”

However, after successfully configuring the topology and being able to ping the loopbacks…I am still left wondering how the “end-point IPv4 address is automatically determined”.

How are the end-point IPv4 address automatically determined? By the two static routes we configure? I understand that the keyword 6to4 enables the 2002::/16 prefix and then it uses the IPv4 address on the interface being used to create the tunnel, and converts it to HEX and then adds it to the 2002::/16 prefix. But that isn’t the destination IPv4 address…its the local IPv4 address…so I am not sure how the end-points are “automatically determined”.

Please advise.

Hello Brandon

Take a look at Rene’s lesson on “How to configure IPv6 Automatic 6to4 Tunneling.” In it he has configured a tunnel where the endpoint IPv4 addresses have been automatically determined. In his example, he is not using the addresses of loopback interfaces, but the actual physical interfaces. The result is the same however.

When configuring the tunnel interface, he assigns an IPv6 address to the interface using a 2002:XXXX:XXXX::1/64 address where XXXX:XXXX is the IPv4 address of the tunnel source interface being used expressed in hex. Now in the same tunnel interface he also uses the command tunnel mode ipv6ip 6to4. It is this command that informs the router to automatically get the IPv4 address from the IPv6 address. Take a look at the lesson for more details:

I hope this has been helpful!

Laz

Thank you for the reply. I already purchased and finished the How to Master CCNP ROUTE book. I am just reviewing all of the material, and more specifically the material I feel weak with. I do understand how the IPv6 6to4 tunneling works now.

The way it is phrased is what kept tripping me up. This part in particular:

“In it, he has configured a tunnel where the endpoint IPv4 addresses have been automatically determined.”

For some reason, when I read this originally, I automatically thought that the endpoint IPv4 addresses (that are converted to HEX) were the destination IPv4 addresses (the IP address on the physical interface at the remote end of the tunnel) and not the local IPv4 address on the interface referenced in the command R1(config)# ipv6 general-prefix MYPREFIX 6to4 fastEthernet 0/0.

However, I believe that I understand how this tunneling mechanism works now. The automatic part occurs when the 6to4 command tells the router to “extract” the IPv4 address from the 2002:C0A8:C01::1 type of address, an then use it as the tunnel destination address for the router at the remote end of the tunnel…correct?

Hello Brandon

Yes I can see how that can be misunderstood. As for your subsequent explanation, yes it looks like you have indeed understood the concept correctly.

I hope this has been helpful!

Laz

Hey, can you please explain this sentence more thoroughly:
“The second step is that we can create subnets from /48 up to /64 prefixes for all the subnets behind the end-point.”

Why shouldn’t we always use a host mask (/128) for the tunnel 6to4 address?
(2002:C0A8:1703::/128 for your configuration)

Hello Inon

If we have an IPv4 address of 192.168.23.3 as in the lesson, then the automatic 6to4 tunnelling will use 2002:C0A8:1703 as the beginning of the IPv6 address. Now from this, we can use any subnet prefix of /48 to /64 to represent the IPv6 addresses behind each end of the tunnel. So in a sense, 2002:C0A8:1703::/48 represents the tunnel interface on R1. All IPv6 addresses behind R1 will be mapped to the appropriate address. For example:

We ping from 2001::3/128 to 2001::1/128. When the ping reaches R3, it will be converted to 2002:C0A8:1703::1, sent over the tunnel to R1 where it will be converted back to 2001::1.

When you are referring to specific hosts, you would use the host mask of /128, but when referring to the tunnelling prefix, you will always use the /48 prefix.

Now the general-prefix command automatically configures the prefix as /48 but you are able to use a /64 or anything in between if you like.

I hope this has been helpful!

Laz

1 Like

A post was merged into an existing topic: IPv6 ISATAP (Intra Site Automatic Tunnel Addressing Protocol)

Hi,

I have come across Cisco documentation that gives another option for creating 6to4 tunnels:

tunnel mode ipv6ip auto-tunnel

And it states that:

Automatic IPv4-compatible tunnels use IPv4-compatible IPv6 addresses. IPv4-compatible IPv6 addresses are IPv6 unicast addresses that have zeros in the high-order 96 bits of the address, and an IPv4 address in the low-order 32 bits. They can be written as 0:0:0:0:0:0:A.B.C.D or ::A.B.C.D, where “A.B.C.D” represents the embedded IPv4 address.

Looks similar to ipv6ip 6to4 except the way the address is imbedded in the IPv6 address is different.

Is this method deprecated?

Thanks,

Sam

Hello Samir

This method is simply tunnelling IPv6 packets over an IPv4 infrastructure using a manual tunnel configuration. This method is detailed in this lesson:

The addition of the auto-tunnel keyword simply indicates that an IPv4 compatible tunnel will use an IPv4-compatible IPv6 address. This simply means exactly what you stated in your post above.

I hope this has been helpful!

Laz

Hello friend, thanks for your content, I am very happy.

Could you help me with these questions that I was left at my university. The truth is that I do not understand even though I studied the subject:

Q: What is the key difference between stateful NAT64 and stateless NAT64?

Thank you very much for your help, blessings!