Hi,
what is the general-prefix at the end of the configuration files of r1 and r3?
thanks
Hello Giovanni
The General Prefix is a feature that is used to easily migrate a routerās IPv6 addresses from one general prefix to another. If youāre not sure what a general prefix is, then that sentence probably sounds cryptic. Take a look at this lesson to find out more about it and it should make sense.
Now in this particular case, the general prefix feature is being used on an interface that is performing 6to4 tunneling. Specifically, what the command does is (according to Cisco):
Defines a general prefix for an IPv6 address.
When defining a general prefix based on a 6to4 interface, specify the 6to4 keyword and the interface-type interface-numberarguments.
When defining a general prefix based on an interface used for 6to4 tunneling, the general prefix will be of the form 2001:a.b.c.d::/48, where āa.b.c.dā is the IPv4 address of the interface referenced.
You can find out more about how this feature is implemented at the following Cisco documentation, which is where the above quote was taken fromā¦
I hope this has been helpful!
Laz
So Iāve been looking around some and guess Iām not looking for the right thingā¦ In trying this, how can I make the tunnel dual stack? that is, run both IPv4 and IPv6 over the same tunnel? Initially I had a GRE tunnel that I ran IPv4 over. Looking at this, it switches the tunnel IPv6 over IPv4ā¦ or maybe Iām just confusing myselfā¦ Initially I was doing the following to ātunnelā my PtP over the public internet (IPSEC is on the interfaces but I donāt think that matters)
interface Tunnel10
description GRE:: to core-sv7-rtr1
bandwidth 500000
ip address 208.xxx.xxx.1 255.255.255.252
ip mtu 1476
ip tcp adjust-mss 1436
ip ospf network point-to-point
ip ospf cost 2000
ipv6 address FE80::FEED:2 link-local
ipv6 enable
keepalive 3 2
tunnel source Port-channel32.10
tunnel destination 147.xxx.xxx.xxx
tunnel key 129
I added the tunnel mode ipv6ip and lost my IPv4 OSPFv2 connection (but then my IPv6 addressing started working). What am I missing?
Hello Marcos
I havenāt actually tried this, but based on my experience, and the research of Cisco documentation and RFCs, I have come up with the following.
The ipv6ip keyword causes the tunnel to be able to encapsulate IPv6 packets over the IPv4 infrastructure. If you have this keyword enabled, the device will expect to receive IPv6 packets and encapsulate them into IPv4 packets. When it doesnāt receive IPv6 packets (but IPv4 packets instead), it considers them incompatible and doesnāt send them over the tunnel. The alternative is to use the tunnel mode ipsec ipv4 command which will enable IPv4 traffic to be encapsulated. You canāt have both, even though you can configure both IPv4 and IPv6 addresses to the tunnel interface. The encapsulation mechanism is where one protocol is not compatible with the other.
The best way to perform this is to create two separate tunnels, one for each protocol (v4 or v6).
I hope this has been helpful!
Laz
Ok, so Iāve been experimenting with this on and off and its been frustrating as heck. At this point one of the things Iāve discovered is that regardless of ātunnel key xxxā, it does not actually use that as a selector. Therefore its not possible to create more than one tunnel between two end points. So to use the suggestion to create two tunnels, one for IPv4 and one for IPv6 requires some extra work.
One method I tried was using two different loopbacks (like Loopback0.4 and Loopback0.6) both with different IPv4 addresses on them. Although this worked (as well as just using Loopback0 with secondary addresses) it has rapidly become bulky and messyā¦
My situation is that for my remote sites, I want to go over the public internet for three different ānetworksā (ie, my remove routers have a public interface and two internal mini-VRFs). Since the remote site typically is on someoneās DHCP service, I need to connect from there to one of two entry points in my network. To do this for both IPv4 and IPv6, this immediately calls for 4 tunnels (2 IPv4 and 2 IPv6 tunnels). Once those tunnels are established, I can then tunnel the other VRFs over two of those four IPsec tunnels.
By the time Iām done, Iām up to twelve tunnels. Painfulā¦ Soā¦ Part 1ā¦ Establishing two IPv4/IPv6 tunnels to two redundant sitesā¦ Any way to make this literally two tunnels rather than 4 now?
If I can solve that, I can reduce the others as well. 12 tunnels however is painful. Additionally how can I set up the VRF tunnels to NOT establish unless the public tunnels are established (is there a tracking method?)
Marcos
Hello Marcos
First of all concerning the tunnel key xxx command, after doing some experimentation with Rene it turns out that it can be used to distinguish between two or more tunnels that terminate on the same interface. Rene has put together a lesson that covers the use of this specific feature:
Now as for the remote sites, even with the tunnel key feature, your solution is still not quite so scalable. You would reduce the number of needed tunnels by a factor of 2, but it would still not be scalable.
Without actually having gone in to create specific configurations, and after chatting with Rene for inspiration, I have the following guidelines/suggestions that may help you in achieving what you need.
First of all, since youāre using both IPv4 and IPv6, a possible solution would be to create a DMVPN topology for each of the protocol stacks. So with two DMVPN topologies , you can have a scalable solution with three (or any number of) spokes. And DMVPN does support the use of multiple VRFs. This is called VRF Aware DMVPN or VRF Integrated DMVPN.
Alternatively, a less-scalable solution, although for some situations, it may be suitable, and even more elegant, is to use the DMVPN per VRF feature. This assumes however that there will be a limited number of VRFs, but this may be suitable for your situation. Also note that there is a limited number of platforms on which this feature is available, so you may not be able to implement it.
The lessons and links that may help you in your design are the following:
For VRF Integrated DMVPN:
For DMVPN Per VRF:
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/ngwane/ngwanedmvpn.html
I hope this has been helpful!
Laz