Well, early in this month I went to Cisco Configuration guide to refresh my concept, and interesting enough that I've found this new topic under IPv6 Tunneling. I used to look at 12.4T IOS configuration guide, based on my CCIE lab study habit, until I realized that Cisco always developed their IOS, and now its been 15.2S train >.<.
ok let's go back to the 6RD concept, I will brief out a scenario, then go to an overview of this technology and, finally, followed by the Configuration required to run 6RD:
Scenario
- R1 will act as Border Router (BR) with Prefix [2012:0123::/32], connecting to IPv4 island 192.168.x.x/16 using EIGRP 123 and also connecting to IPv6 Island [2001:1212:2928::/64] using EIGRPv6.
- R2 will act as Customer Edge Router (CE), connecting to IPv4 island 192.168.x.x/16 using EIGRP 123 and also connecting to IPv6 Island [2012:0123:202:2727::/64], which is derived from 6RD using RIPng
- R3 will act as Customer Edge Router (CE), connecting to IPv4 island 192.168.x.x/16 using EIGRP 123 and also connecting to IPv6 Island [2012:0123:303:3434::/64], which is derived from 6RD using OSPFv3
- Make Sure both SW2 and R4 can reach 2001:1212:2928::/64 subnet :)
6RD Overview
6RD (Rapid Deployment), in my oppinion, is a descendant of 6to4 Tunneling. 6to4 tunneling is cool, but think about this, when a SP wanna deploy a large scale deployment of 6to4, they cannot use their own IPv6 prefix, because 2002::/16 is mandatory in 6to4 Deployment.
Well, 6RD is then born to overcome the 6to4 tunneling with give the freedom to the SP to use their own IPv6 prefix. How the 6RD work, in the example above, the SP will have the prefix 150.1.x.x/16 as their IP Public.
SP will assign their own IPv6 Prefix, in this case is : 2012:0123::/32 as their prefix. Well because 150.1.x.x is well known in this SP, they can eventually ‘SUMMARIZE’ or tell the router that the first 16-bit prefix are well know, so they will not converted into the IPv6 Prefix. In this case R1-R3 will have their 6RD prefix:
R1 : 150.1.1.1 ==> OMIT bit.OMIT bit. 00000001. 00000001 ==> 0101 ==> [2012:0123:0101::/48]
R2 : 150.1.2.2 ==> OMIT bit.OMIT bit. 00000010. 00000010 ==> 0202 ==> [2012:0123:0202::/48]
R3 : 150.1.3.3 ==> OMIT bit.OMIT bit. 00000011. 00000011 ==> 0303 ==> [2012:0123:0101::/48]
R2 can use additional subnet to identify that this subnet is sourcing from the R2, here is the idea
2012:123:202::/48 (R2 Tunnel to R1) ==> 2012:123:202:2727::/64 (R2’s own prefix)
While R3 can use additional subnet to identify that this subnet is sourcing from the R3, here is the idea
2012:123:303::/48 (R2 Tunnel to R1) ==> 2012:123:303:3434::/64 (R3’s own prefix)
In this case, if R1,R2,R3 want to communicate each other, they will use 2012:123::/32 prefix, while CE (R2-R3) will have a default-route to the BR (R1) if they want to go outside 2012:123::/32 prefix.
In the production CE device could be a Wi-Fi router, such as Linksys, that will have their inside interface having native IPv6 Prefix to the end user like Windows 7. In our example those client are SW2 and R4. The goal is that those hosts can communicate with each other as well as connecting to the Internet using pure IPv6 prefix [2001:1212:2928::/64], how cool is that.
R2 Configuration
R2 (CE)
!
ipv6 general-prefix PREFIX 6rd Tunnel123
ipv6 unicast-routing
ipv6 cef
!
interface Tunnel123
no ip address
no ip redirects
ipv6 enable
tunnel source Loopback0
tunnel mode ipv6ip 6rd
tunnel 6rd ipv4 prefix-len 16
tunnel 6rd prefix 2012:123::/32
tunnel 6rd br 150.1.1.1
!
ipv6 route 2012:123::/32 Tunnel123
ipv6 route ::/0 Tunnel123 2012:123:101::
!
interface FastEthernet0/1
no ip address
duplex full
speed 100
ipv6 address 2012:123:202:2727::2/64
ipv6 rip RIP6 enable
!
ipv6 router eigrp 12
!
End
R3 Configuration
R3 (CE)
!
ipv6 general-prefix PREFIX 6rd Tunnel123 (Not Mandatory)
ipv6 unicast-routing
ipv6 cef
!
interface Tunnel123
no ip address
no ip redirects
ipv6 enable
tunnel source Loopback0
tunnel mode ipv6ip 6rd
tunnel 6rd ipv4 prefix-len 16
tunnel 6rd prefix 2012:123::/32
tunnel 6rd br 150.1.1.1
!
ipv6 route 2012:123::/32 Tunnel123
ipv6 route ::/0 Tunnel123 2012:123:101::
!
!
interface Serial1/2
description Connecting to R4 using Pure IPv6 prefix
no ip address
encapsulation ppp
no peer neighbor-route
ipv6 address 2012:123:303:3434::3/64
ipv6 ospf 34 area 0
serial restart-delay 0
!
ipv6 router ospf 34
default-information originate metric 333
redistribute static metric-type 1
!
end
R1 Configuration
R1 – BR
!
ipv6 general-prefix PREFIX 6rd Tunnel123
ipv6 unicast-routing
ipv6 cef
!
interface Tunnel123
no ip address
no ip redirects
ipv6 enable
ipv6 eigrp 12
tunnel source Loopback0
tunnel mode ipv6ip 6rd
tunnel 6rd ipv4 prefix-len 16
tunnel 6rd prefix 2012:123::/32
!
ipv6 route 2012:123::/32 Tunnel123
!
!
interface Serial1/1
description Connecting to R2 VRF using Pure IPv6 prefix
no ip address
encapsulation ppp
no peer neighbor-route
ipv6 address 2001:1212:2928::1/64
ipv6 eigrp 12
serial restart-delay 0
!
ipv6 router eigrp 12
no shutdown
!
end
Verification
R2#show tunnel 6rd
Interface Tunnel123:
Tunnel Source: 150.1.2.2
6RD: Operational, V6 Prefix: 2012:123::/32
V4 Prefix, Length: 16, Value: 150.1.0.0
V4 Suffix, Length: 0, Value: 0.0.0.0
Border Relay address: 150.1.1.1
General Prefix: 2012:123:202::/48
R2#
R2#show ipv6 interface tunnel 123
Tunnel123 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::9601:202
No Virtual link-local address(es):
No global unicast address is configured
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF01:202
MTU is 1480 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
Post_Encap features: Tunnel 6RD
ND DAD is not supported
ND reachable time is 30000 milliseconds (using 30000)
ND RAs are suppressed (periodic)
Hosts use stateless autoconfig for addresses.
R3#show tunnel 6rd
Interface Tunnel123:
Tunnel Source: 150.1.3.3
6RD: Operational, V6 Prefix: 2012:123::/32
V4 Prefix, Length: 16, Value: 150.1.0.0
V4 Suffix, Length: 0, Value: 0.0.0.0
Border Relay address: 150.1.1.1
General Prefix: 2012:123:303::/48
R3#
R3#show ipv6 int
R3#show ipv6 interface tun
R3#show ipv6 interface tunnel 123
Tunnel123 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::9601:303
No Virtual link-local address(es):
No global unicast address is configured
Joined group address(es):
FF02::1
FF02::2
FF02::5
FF02::1:FF01:303
MTU is 1480 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
Post_Encap features: Tunnel 6RD
ND DAD is not supported
ND reachable time is 30000 milliseconds (using 30000)
ND RAs are suppressed (periodic)
Hosts use stateless autoconfig for addresses.
R1#show tunnel 6rd
Interface Tunnel123:
Tunnel Source: 150.1.1.1
6RD: Operational, V6 Prefix: 2012:123::/32
V4 Prefix, Length: 16, Value: 150.1.0.0
V4 Suffix, Length: 0, Value: 0.0.0.0
General Prefix: 2012:123:101::/48
R1#
R1#show ipv6 interface tunnel 123
Tunnel123 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::9601:101
No Virtual link-local address(es):
No global unicast address is configured
Joined group address(es):
FF02::1
FF02::2
FF02::A
FF02::1:FF01:101
MTU is 1480 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
Post_Encap features: Tunnel 6RD
ND DAD is not supported
ND reachable time is 30000 milliseconds (using 30000)
ND RAs are suppressed (periodic)
Hosts use stateless autoconfig for addresses.
Conectivity Testing
SW2#ping 2001:1212:2928::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:1212:2928::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/68/96 ms
SW2#traceroute 2001:1212:2928::1
Type escape sequence to abort.
Tracing the route to 2001:1212:2928::1
1 2012:123:202:2727::2 52 msec 28 msec 4 msec
2 2001:1212:2928::1 64 msec 108 msec 48 msec
R4#ping 2001:1212:2928::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:1212:2928::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/108/120 ms
R4#trace 2001:1212:2928::1
Type escape sequence to abort.
Tracing the route to 2001:1212:2928::1
1 2012:123:303:3434::3 52 msec 40 msec 32 msec
2 2001:1212:2928::1 116 msec 112 msec 112 msec
Indeed a great and cool feature there. I hope that have been informative, and you can get the big picture of the 6RD techhnology
3 comments:
i dont get this part
"SP will assign their own IPv6 Prefix, in this case is : 2012:0123::/32 as their prefix. Well because 150.1.x.x is well known in this SP, they can eventually ‘SUMMARIZE’ or tell the router that the first 16-bit prefix are well know, so they will not converted into the IPv6 Prefix. In this case R1-R3 will have their 6RD prefix"
1. is it 2012:0123::/32 configurable? or just like IPv6IP auto-tunnel?
2.what do you mean by summarize? 150.1.X.X can be summarized using IPv6? if true..how? is it this IP is converted to IPv6?
i'm writting IPv6 tunneling...and somehow this "6rd" is confuses me
1. 2012:0123::/32 is a SP IPv6 Public which they get from the IANA Miftah ;)
2. Since we define
interface Tunnel123
tunnel source Loopback0
tunnel 6rd ipv4 prefix-len 16
!
where the SP Agree that all Loopback0 should start with 150.1.X.X/16, the command explicitly stated that 6rd will agree to not using the first "same" 16 bits, which means that they focus only on the last 16 bits of the IPv4 to be translated into IPv6 6Rd Prefix as a 'additional NID'.
so the bottom-line is, 6rd is the enhancement 6to4 Tunnelling mechanism, where the SP can use their own prefix, and not limited to 2002::/48 prefixes ;)
This is the Best example I have ever seen. Very clear and self explanatory. Great Stuff!!
Julius
Post a Comment