The multipoint topology creates the possibility that new sites can join into the tunnel without requiring additional configuration on the existing routers.
These tunnels also do not support IPv6 IGPs, requiring the use of either static routes or multiprotocol BGP.A. Automatic 6to4 Tunnels
A multipoint tunnel does not explicitly define the tunnel endpoint IPv4 addresses. Instead, the incoming IPv6 packet’s destination IPv6 address implies the IPv4 address that a router should use when encapsulating and forwarding the packet.
When we are going to use automatic 6to4 tunnels we can use global unicast addresses for the end user subnets or a special reserved range of addresses (2002::/16):
A1. If the Enterprise expects all Internet traffic to/from the Enterprise to remain IPv4-only for the foreseeable future, then the IPv6 addresses used in the Enterprise do not matter much, and the network engineer can take advantage of the 2002::/16 reserved range.
Using this range allows new sites to be added to the multipoint tunnel at a later time, without requiring new configuration on the existing routers in a multipoint tunnel.
A2. If the Enterprise needs to use its registered global unicast site prefix, automatic 6to4 tunnels can still be used, just with a little more configuration effort over time.
A1. Using the Automatic 6to4 Prefix for All Devices
By starting with the 2002::/16 prefix, a network engineer can then create a /48 prefix:
- The network engineer can assign each tunnel endpoint (router or host) its own /48 prefix, used for all prefixes connected to that local router, by adding the hex version of the router’s IPv4 address as bits 17 through 48 (quartets 2 and 3).
- The engineer can allocate /64 prefixes for each required subnet connected to each router by allocating a unique subnet number in the fourth quartet (much like when an Enterprise receives a /48 site prefix from an IPv6 registrar).
6to4 tunnel IPv6 address format:
2002 : AABB : CCDD : Subnet : : /64
Prefix 4 Octet IPv4 Address
The first half of the address has three major parts, with the second half of the address structure used for the host ID as with most implementations of global unicast addresses.
The addresses always begin with a first quartet of 2002. The second and third quartet list the hex version of the IPv4 address for that site–usually the IPv4 address of a loopback interface on a router.
The fourth quartet can be conveniently used as a subnet field so that the engineer can assign the various subnets connected to each router.
Steps for choosing tunnel addresses:
Step 1. The engineer chooses an IPv4 address on each router to use as the tunnel end-points. In this case, he chose loopback IPv4 addresses, which is typical.
Step 2. The engineer then derives the /48 prefix used for allocating subnets off each router by converting each octet of the IPv4 addresses to hex to form the /48 prefix used on each router.
Step 3. The engineer then allocates the first /64 prefixes, one for each router’s LAN subnet. The IPv6 hosts on these LANs uses IPv6 addresses from these prefixes.
Step 4. The engineer picks an IPv6 address to use on each tunnel interface. With automatic 6to4 tunnels, these IPv6 addresses typically come from each router’s own prefix, so each router’s tunnel IPv6 address will actually be in different IPv6 subnets.
Note: Multipoint IPv6 tunnels do not support IGP routing protocols, but to trigger the dynamic encapsulation process for the tunnel, the routers must route IPv6 traffic out the tunnel interface.
The solution is actually simple: because all the IPv6 addresses start with 2002::/16 (by implementation choice), the engineer plans a static route for prefix 2002::/16, forwarding all packets destined for these special 2002::/16 addresses out the multipoint tunnel interface.
So, what happens when an IPv6 packet now arrives at one of these routers? With these well-chosen IPv6 address, the following occurs:
Step 1. The packet’s IPv6 destination address begins with 2002, so the router tries to forward the packet out its tunnel interface, triggering the process.
Step 2. The router notices the tunnel type (automatic 6to4), which tells IOS to encapsulate and send the IPv6 packet to the destination IPv4 address found in quartets 2 and 3.
Configuring the Automatic 6to4 Tunnel
Note: The multipoint tunnel configuration does not need a configured tunnel destination command, because the destination IPv4 address is instead embedded in the destination IPv6 address.
Note: An IPv6 IGP is not needed, because the router finds the destination IPv4 address on the other end of the tunnel embedded in the destination IPv6 address in the received packet.
Note: Even though the tunnel interface must be enabled for IPv6, as with point-to-point tunnels, the IPv6 addresses are not in the same subnet as the other routers’ tunnel interfaces.
6to4 tunnel configuration steps:
Step 1. Configure the planned loopback interface (interface loopback number global command), and assign the planned IPv4 address. (Ensure that the IPv4 IGP advertises a route for this address.)
Step 2. Create a tunnel interface using the interface tunnel number command, selecting a locally significant integer as the tunnel interface number.
Step 3. Define the source IPv4 address of the tunnel using the tunnel source {interface-type interface-number | ipv4-address} interface subcommand using the loopback IP address from Step 1.
Step 4. Do NOT define a tunnel destination with the tunnel destination interface subcommand.
Step 5. Identify the tunnel as an automatic 6to4 tunnel using the tunnel mode ipv6ip 6to4 interface subcommand.
Step 6. Enable IPv6 on the tunnel interface, typically with the ipv6 address interface subcommand.
Step 7. Complete the normal IPv6 configuration, include defining the LAN interface IPv6 addresses per the planning chart, and enable IPv6 routing with the ipv6 unicast-routing command.
Step 8. Define a static route for 2002::16, with outgoing interface of the tunnel interface, using the ipv6 route 2002::/16 tunnel number global command.
Let's consider routers R5, R3 and R1 and establish a 6to4 tunnel between R5-R3 and R5-R1 for the forwarding of IPv6 packets over the IPv4 core (including R2).
Our goal is to see how the IPv6 traffic is encapsulated into IPv4 across the R5-R3 and R5-R1 tunnels and then decapsulated to be sent to the destinations.
We will consider R5's Lo0 (2005::5) as the source of the IPv6 packets and R3's Se0/0 (2003::1) and R1's Fa0/0 (2000:0:0:2::1) as the IPv6 destinations.
No IPv6 addresses are configured on the inner interfaces, just IPv4.
R5:
!
ipv6 unicast-routing
!
interface Loopback0
no ip address
ipv6 address 2005::5/64
!
interface FastEthernet0/0
ip address 152.0.0.2 255.255.255.252
duplex auto
speed auto
!
R3:
!
ipv6 unicast-routing
!
interface FastEthernet0/0
ip address 132.0.0.2 255.255.255.252
duplex auto
speed auto
!
interface Serial0/0
ip address 163.0.0.1 255.255.255.252
ipv6 address 2003::1/64
clock rate 2000000
!
R1:
!
ipv6 unicast-routing
!
interface FastEthernet0/0
ip address 131.0.0.1 255.255.255.252
duplex auto
speed auto
ipv6 address 2000:0:0:2::1/64
!
interface Serial0/0
ip address 121.0.0.1 255.255.255.252
clock rate 2000000
!
Step 1:
R5(config)#interface loopback 5
R5(config-if)#ip address 5.5.5.5 255.255.255.255
R3(config)#interface loopback 3
R3(config-if)#ip address 3.3.3.3 255.255.255.255
R1(config)#interface loopback 1
R1(config-if)#ip address 1.1.1.1 255.255.255.255
R5#show ip interface brief fastEthernet 0/0
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 152.0.0.2 YES NVRAM up up
R3#show ip interface brief fastEthernet 0/0
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 132.0.0.2 YES NVRAM up up
R1#show ip interface brief serial 0/0
Interface IP-Address OK? Method Status Protocol
Serial0/0 121.0.0.1 YES NVRAM up up
Establishing connectivity between loopback interfaces, using OSPF:
R5(config)#router ospf 1
R5(config-router)#network 5.5.5.5 0.0.0.0 area 0
R5(config-router)#network 152.0.0.0 0.0.0.3 area 0
R3(config)#router ospf 1
R3(config-router)#network 3.3.3.3 0.0.0.0 area 0
R3(config-router)#network 132.0.0.0 0.0.0.3 area 0
R1(config)#router ospf 1
R1(config-router)#network 1.1.1.1 0.0.0.0 area 0
R1(config-router)#network 121.0.0.0 0.0.0.3 area 0
R2(config)#router ospf 1
R2(config-router)#network 121.0.0.0 0.0.0.3 area 0
R2(config-router)#network 152.0.0.0 0.0.0.3 area 0
R2(config-router)#network 132.0.0.0 0.0.0.3 area 0
R5#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/29/48 ms
R5#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/46/100 ms
R3#ping 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/52/84 ms
R1#ping 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/29/52 ms
Steps 2, 3, 4, 5, 6, 7, 8:
R1 6to4 config:
R1(config)#interface tunnel 1
R1(config-if)#ipv6 address 2002:0101:0101::/128
R1(config-if)#tunnel source loopback 1
R1(config-if)#tunnel mode ipv6ip 6to4
R1(config)#interface serial 0/0
R1(config-if)#ipv6 address 2002:0101:0101:1::1/64
R1(config)#ipv6 route 2002::/16 tunnel 1
R3 6to4 config:
R3(config)#interface tunnel 3
R3(config-if)#ipv6 address 2002:0303:0303::/128
R3(config-if)#tunnel source loopback 3
R3(config-if)#tunnel mode ipv6ip 6to4
R3(config)#interface fastEthernet 0/0
R3(config-if)#ipv6 address 2002:0303:0303:1::1/64
R3(config)#ipv6 route 2002::/16 tunnel 3
R5 6to4 config:
R5(config)#interface tunnel 5
R5(config-if)#ipv6 address 2002:0505:0505::/128
R5(config-if)#tunnel source loopback 5
R5(config-if)#tunnel mode ipv6ip 6to4
R5(config)#int fastEthernet 0/0
R5(config-if)#ipv6 address 2002:0505:0505:1::1/64
R5(config)#ipv6 route 2002::/16 tunnel 5
The following logic occurs in the background:
Step 1. R5 will have two connected IPv6 routes (Fa 0/0’s and Tunnel5’s) in the 2002::/16 range, plus a static route for the entire 2002::/16 range.
Step 2. When R5 receives an IPv6 packet, destination in the 2002::/16 range, and the destination is not in one of the connected subnets, R1 will try to forward the packet out tunnel0.
Step 3. The tunnel mode ipv6ip 6to4 command tells R1 to look to the 2nd/3rd octets to find the destination IPv4 address, and perform the tunneling.
Note: Notice that R5 does not reference anything specific about either R1 or R3. So, if this Enterprise decided to enable the automatic tunnel on yet another router, only the configuration in that one new router would need to be changed, but the configuration on R5, R3, and R1 would be unchanged.
Verification commands:
R5#show ipv6 route
IPv6 Routing Table - 8 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
S 2002::/16 [1/0]
via ::, Tunnel5
LC 2002:505:505::/128 [0/0]
via ::, Tunnel5
C 2002:505:505:1::/64 [0/0]
via ::, FastEthernet0/0
L 2002:505:505:1::1/128 [0/0]
via ::, FastEthernet0/0
C 2005::/64 [0/0]
via ::, Loopback0
L 2005::5/128 [0/0]
via ::, Loopback0
L FE80::/10 [0/0]
via ::, Null0
L FF00::/8 [0/0]
via ::, Null0
R5#show ipv6 interface brief
FastEthernet0/0 [up/up]
FE80::C204:12FF:FE7C:0
2002:505:505:1::1
FastEthernet0/1 [administratively down/down]
Loopback0 [up/up]
FE80::C204:12FF:FE7C:0
2005::5
Loopback5 [up/up]
Tunnel5 [up/up]
FE80::505:505
2002:505:505::
The following tests prove the tunnel works between R5 and both destinations at the other ends of the tunnel:
R5#ping 2002:0101:0101:1::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2002:101:101:1::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/30/68 ms
R5#ping 2002:0303:0303:1::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2002:303:303:1::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/50/84 ms
R5#traceroute 2002:0101:0101:1::1
Type escape sequence to abort.
Tracing the route to 2002:101:101:1::1
1 2002:101:101:1::1 36 msec 48 msec 16 msec
R5#traceroute 2002:0303:0303:1::1
Type escape sequence to abort.
Tracing the route to 2002:303:303:1::1
1 2002:303:303:1::1 104 msec 80 msec 28 msec
Finally, we should start a Wireshark capture on the R5-R2 link, capturing R5's Fa0/0 interface sending pings to R1 and R3 and encapsulating IPv6 into IPv4.
Expanding the IPv6 header in Wireshark, we can see that 6to4 tunneling is recognized.
Click on the image to enlarge.
We can also establish 6to4 tunnel connectivity between R5's Lo0 (2005::5/64) and R3 and R1 if we configure static routes on both those routers back to R5's Lo0.
R3(config)#ipv6 route 2005::/64 2002:505:505:1::1
R1(config)#ipv6 route 2005::/64 2002:505:505:1::1
R5#ping 2002:0101:0101:1::1 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2002:101:101:1::1, timeout is 2 seconds:
Packet sent with a source address of 2005::5
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/25/56 ms
R5#ping 2002:0303:0303:1::1 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2002:303:303:1::1, timeout is 2 seconds:
Packet sent with a source address of 2005::5
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/36/60 ms
The only thing that has changed is the source IPv6 address when ping-ing from R5 to each router.
A2. Using Global Unicasts with Automatic Tunnels
The big conceptual difference that occurs when using global unicast addresses relates to when using an assigned global unicast prefix, the second and third quartets are set, are the same for all subnets in the Enterprise, and can no longer be used to store the tunnel destination’s IPv4 address.
For example, if an Enterprise were assigned 2000:0:1::/48 as a site prefix, then all the subnets at the Enterprise would need to begin 2000:0:1, instead of encoding the IPv4 address of the site in the second and third quartets.
The problem can be overcome, however, through a piece of logic used when the router forwards packets out the tunnel interface after doing a recursive route lookup:
When the router matches a route with an outgoing 6to4 tunnel interface, but with no next-hop IPv6 address, AND this route was matched due to route recursion, then derive the tunnel’s destination IPv4 address based on the previously matched route’s next-hop IPv6 address.
Summarizing, the differences in planning and configuration for using global unicasts with automatic 6to4 tunnels are:
Step 1. Plan the prefixes and addresses for the LANs using the global unicast range assigned to the Enterprise.
Step 2. Configure an additional static route for each remote subnet, configuring the tunnel as outgoing interface and configuring the next-hop IPv6 address. That next-hop must be the remote router’s tunnel IPv6 address, which embeds the destination IPv4 address as the second and third octets.
B. IPv6 ISATAP Tunnels - Intra-site Automatic Tunnel Addressing Protocol
Comparing ISATAP and Automatic 6to4 Concepts
Step 1. ISATAP tunnels use global unicast prefixes for user subnets.
Step 2. ISATAP tunnel interfaces use IPv6 addresses that embed the tunnel’s destination IPv4 address inside the IPv6 address.
Step 3. The routers need static routes for the destination end-user IPv6 prefixes; the route must list a next-hop IPv6 address, which in turn embeds the tunnel destination IPv4 address.
Step 4. ISATAP tunnel interface IPv6 addresses embed the IPv4 address in the last two quartets.
Step 5. ISATAP tunnels do not use a special reserved range of IPv6 addresses at all, instead using just normal IPv6 unicast prefixes.
Step 6. ISATAP tunnels typically use a single prefix to which all tunnel interfaces connect, so all routers have a connected IPv6 route to that same subnet.
Step 7. ISATAP tunnels can automatically derive the tunnel interface’s interface ID by using modified EUI-64 rules.
The design and configuration should be changed to work with ISATAP tunnels, as follows:
- The three tunnel interfaces now have IPv6 addresses in common IPv6 subnet.
- The tunnel interfaces’ IPv6 addresses conform to modified EUI-64 rules, embedding the IPv4 address in the last two quartets.
- The routers no longer need a route for 2002::/16, instead relying on the connected route created for the common subnet.
The format of the ISATAP-defined IPv6 address: The addresses can be configured manually but can also be derived by the router using modified EUI-64 rules.
The rules work as follows:
- Configure a 64-bit prefix on the tunnel interface, and use the eui-64 parameter, telling the router to derive the second half (interface ID) of the address.
- The router adds 0000:5EFE as quartets 5 and 6.
- The router finds the tunnel’s source IPv4 address, converts it to hex, and adds that as quartets 7 and 8.
Configuring ISATAP IPv6 Tunnels
Step 1. Configure the planned loopback interface and its IPv4 address, ensuring the IPv4 IGP advertises a route for this address.
Step 2. Create a tunnel interface using the interface tunnel number command.
Step 3. Define the tunnel source (tunnel source {interface-type interface-number | ipv4-address}) using the loopback IP address from Step 1.
Step 4. Do NOT define a tunnel destination with the tunnel destination interface subcommand.
Step 5. Identify the tunnel as an ISATAP tunnel using the tunnel mode ipv6ip isatap interface subcommand.
Step 6. Configure an IPv6 prefix with EUI-64 option using the e ipv6 address prefix/length eui-64 interface subcommand.
Step 7. Complete the normal IPv6 configuration, include defining the LAN interface IPv6 addresses per the planning chart and enabling IPv6 routing with the ipv6 unicast-routing command.
Step 8. Define static IPv6 routes (using the ipv6 route global command) for each destination IPv6 prefix, with an outgoing interface and next-hop address.
(The next-hop should be the destination router’s IPv6 address that embeds the IPv4 address as the last two octets.)
Let's consider routers R5, R3 and R1 and establish an ISATAP tunnel between R5-R3 and R5-R1 for the forwarding of IPv6 packets over the IPv4 core (including R2).
Our goal is to see how the IPv6 traffic is encapsulated into IPv4 across the R5-R3 and R5-R1 tunnels and then decapsulated to be sent to the destinations.
We will consider R5's Lo0 (2005::5) as the source of the IPv6 packets and R3's Se0/0 (2003::1) and R1's Fa0/0 (2000:0:0:2::1) as the IPv6 destinations.
No IPv6 addresses are configured on the inner interfaces, just IPv4.
R5:
!
ipv6 unicast-routing
!
interface Loopback0
no ip address
ipv6 address 2005::5/64
!
interface FastEthernet0/0
ip address 152.0.0.2 255.255.255.252
duplex auto
speed auto
!
R3:
!
ipv6 unicast-routing
!
interface FastEthernet0/0
ip address 132.0.0.2 255.255.255.252
duplex auto
speed auto
!
interface Serial0/0
ip address 163.0.0.1 255.255.255.252
ipv6 address 2003::1/64
clock rate 2000000
!
R1:
!
ipv6 unicast-routing
!
interface FastEthernet0/0
ip address 131.0.0.1 255.255.255.252
duplex auto
speed auto
ipv6 address 2000:0:0:2::1/64
!
interface Serial0/0
ip address 121.0.0.1 255.255.255.252
clock rate 2000000
!
Step 1:
R5(config)#interface loopback 5
R5(config-if)#ip address 5.5.5.5 255.255.255.255
R3(config)#interface loopback 3
R3(config-if)#ip address 3.3.3.3 255.255.255.255
R1(config)#interface loopback 1
R1(config-if)#ip address 1.1.1.1 255.255.255.255
R5#show ip interface brief fastEthernet 0/0
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 152.0.0.2 YES NVRAM up up
R3#show ip interface brief fastEthernet 0/0
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 132.0.0.2 YES NVRAM up up
R1#show ip interface brief serial 0/0
Interface IP-Address OK? Method Status Protocol
Serial0/0 121.0.0.1 YES NVRAM up up
Establishing connectivity between loopback interfaces, using OSPF:
R5(config)#router ospf 1
R5(config-router)#network 5.5.5.5 0.0.0.0 area 0
R5(config-router)#network 152.0.0.0 0.0.0.3 area 0
R3(config)#router ospf 1
R3(config-router)#network 3.3.3.3 0.0.0.0 area 0
R3(config-router)#network 132.0.0.0 0.0.0.3 area 0
R1(config)#router ospf 1
R1(config-router)#network 1.1.1.1 0.0.0.0 area 0
R1(config-router)#network 121.0.0.0 0.0.0.3 area 0
R2(config)#router ospf 1
R2(config-router)#network 121.0.0.0 0.0.0.3 area 0
R2(config-router)#network 152.0.0.0 0.0.0.3 area 0
R2(config-router)#network 132.0.0.0 0.0.0.3 area 0
R5#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/29/48 ms
R5#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/46/100 ms
R3#ping 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/52/84 ms
R1#ping 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/29/52 ms
Steps 2, 3, 4, 5, 6, 7, 8:
R1 ISATAP config:
R1(config)#interface tunnel 1
R1(config-if)#ipv6 address 2007:0:1:1::/64 eui-64
R1(config-if)#tunnel source loopback 1
R1(config-if)#tunnel mode ipv6ip isatap
R3 ISATAP config:
R3(config)#interface tunnel 3
R3(config-if)#ipv6 address 2007:0:1:1::/64 eui-64
R3(config-if)#tunnel source loopback 3
R3(config-if)#tunnel mode ipv6ip isatap
R5 ISATAP config:
R5(config)#interface tunnel 5
R5(config-if)#ipv6 address 2007:0:1:1::/64 eui-64
R5(config-if)#tunnel source loopback 5
R5(config-if)#tunnel mode ipv6ip isatap
R1#show ipv6 interface brief tunnel 1
Tunnel1 [up/up]
FE80::5EFE:101:101
2007:0:1:1:0:5EFE:101:101
R3#show ipv6 interface brief tunnel 3
Tunnel3 [up/up]
FE80::5EFE:303:303
2007:0:1:1:0:5EFE:303:303
R5#show ipv6 interface brief tunnel 5
Tunnel5 [up/up]
FE80::5EFE:505:505
2007:0:1:1:0:5EFE:505:505
R5(config)#ipv6 route 2000:0:0:2::/64 2007:0:1:1:0:5EFE:101:101
R5(config)#ipv6 route 2003:0:0:0::/64 2007:0:1:1:0:5EFE:303:303
R3(config)#ipv6 route 2005::/64 2007:0:1:1:0:5EFE:505:505
R1(config)#ipv6 route 2005::/64 2007:0:1:1:0:5EFE:505:505
Verification commands:
R5#show ipv6 route
IPv6 Routing Table - 8 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
S 2000:0:0:2::/64 [1/0]
via 2007:0:1:1:0:5EFE:101:101
S 2003::/64 [1/0]
via 2007:0:1:1:0:5EFE:303:303
C 2005::/64 [0/0]
via ::, Loopback0
L 2005::5/128 [0/0]
via ::, Loopback0
C 2007:0:1:1::/64 [0/0]
via ::, Tunnel5
L 2007:0:1:1:0:5EFE:505:505/128 [0/0]
via ::, Tunnel5
L FE80::/10 [0/0]
via ::, Null0
L FF00::/8 [0/0]
via ::, Null0
R5#show ipv6 interface brief
FastEthernet0/0 [up/up]
unassigned
FastEthernet0/1 [administratively down/down]
Loopback0 [up/up]
FE80::C204:17FF:FE48:0
2005::5
Loopback5 [up/up]
Tunnel5 [up/up]
FE80::5EFE:505:505
2007:0:1:1:0:5EFE:505:505
R5#ping 2000:0:0:2::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2000:0:0:2::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/24/44 ms
R5#ping 2003:0:0:0::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2003::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/36/52 ms
R5#ping 2000:0:0:2::1 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2000:0:0:2::1, timeout is 2 seconds:
Packet sent with a source address of 2005::5
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/30/68 ms
R5#ping 2003:0:0:0::1 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2003::1, timeout is 2 seconds:
Packet sent with a source address of 2005::5
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/40/60 ms
R5#traceroute 2000:0:0:2::1
Type escape sequence to abort.
Tracing the route to 2000:0:0:2::1
1 2000:0:0:2::1 56 msec 32 msec 20 msec
R5#traceroute 2003:0:0:0::1
Type escape sequence to abort.
Tracing the route to 2003::1
1 2003::1 72 msec 36 msec 28 msec
Finally, we should start a Wireshark capture on the R5-R2 link, capturing R5's Fa0/0 interface sending pings to R1 and R3 and encapsulating IPv6 into IPv4.
Expanding the IPv6 header in Wireshark, we can see that ISATAP tunneling is recognized.
Click on the image to enlarge.
No comments:
Post a Comment