Network Bulls www.networkbulls.com Best Institute for CCNA CCNP CCSP CCIP CCIE Training in India M-44, Old Dlf, Sector-14 Gurgaon, Haryana, India Call: +91-9654672192
Multipoint tunnels give engineers a convenient tool to use when irregular or infrequent
IPv6 traffic occurs between sites. The multipoint topology creates the possibility that
new sites can join into the tunnel without requiring additional configuration on the existing
routers. Additionally, these multipoint tunnels in some cases allow IPv6 hosts to act as
tunnel endpoints, allowing a host at a remote site to connect into the Enterprise IPv6 network
even if the local router has no knowledge of IPv6. This flexibility and ability to add
routers and hosts with potentially no extra configuration makes multipoint IPv6 tunnels a
very useful migration tool.
Multipoint tunnels also have some disadvantages. To take advantage of the possibility to
limit future configuration changes, IPv6 address planning must follow some additional
rules and constraints. These tunnels also do not support IPv6 IGPs, requiring the use of either
static routes or multiprotocol BGP. The dynamic forwarding logic requires more work
per packet as compared with point-to-point tunnels, which is one of the main reasons multipoint
tunnels are best used for less frequent traffic, with point-to-point tunnels best
used for more frequent traffic. Finally, the additional addressing rules and considerations
require a bit more of a learning curve to become comfortable with these tools, at least as
compared with point-to-point tunnels.
www.CareerCert.info
Chapter 18: IPv4 and IPv6 Coexistence 627
This section examines the configuration of two types of multipoint tunnels: automatic
6to4 tunnels, as defined in RFC 3056, and ISATAP tunnels, as defined in RFC 4214.
Automatic 6to4 Tunnels
As previously described in the section “Point-to-Multipoint IPv6 Tunnels,” a multipoint
tunnel does not explicitly define the tunnel endpoint IPv4 addresses. Instead, the incoming
IPv6 packet’s destination IPv6 address implies the IPv4 address that a router should
use when encapsulating and forwarding the packet. Because the tunnels rely on the IPv6
address to determine the destination IPv4 address for these tunnels, network engineers
must spend more time initially planning IPv6 and IPv4 addresses used to deploy IPv6.
The first big planning and design choice when using automatic 6to4 tunnels relates to
whether to use global unicast addresses for the end user subnets, or whether to use a special
reserved range of addresses (2002::/16). If the Enterprise expects all Internet traffic
to/from the Enterprise to remain IPv4-only for the foreseeable future, then the IPv6 addresses
used in the Enterprise do not matter much, and the network engineer can take advantage
of the 2002::/16 reserved range. Using this range allows new sites to be added to
the multipoint tunnel at a later time, without requiring new configuration on the existing
routers in a multipoint tunnel. However, if the Enterprise needs to use its registered global
unicast site prefix, automatic 6to4 tunnels can still be used, just with a little more configuration
effort over time.
This section first examines the case where the Enterprise needs no IPv6 Internet connectivity,
using the 2002::/16 reserved range of addresses. Following that, this section examines
the same tool, this time using a registered global unicast site prefix.
Using the Automatic 6to4 Prefix for All Devices
RFC 3056 defines a reserved range of IPv6 addresses for use with automatic 6to4 tunnels:
2002::/16. Even though this range appears to come from the range of global unicast IPv6
addresses (2000::/3), IANA reserves the 2002::/16 prefix as a set of addresses that will
never be assigned as global unicast addresses.
By starting with the 2002::/16 prefix, a network engineer can then create a /48 prefix:
■ The network engineer can assign each tunnel endpoint (router or host) its own /48
prefix, used for all prefixes connected to that local router, by adding the hex version
of the router’s IPv4 address as bits 17 through 48 (quartets 2 and 3).
■ The engineer can allocate /64 prefixes for each required subnet connected to each
router by allocating a unique subnet number in the fourth quartet (much like when an
Enterprise receives a /48 site prefix from an IPv6 registrar).
Figure 18-7 shows the format of the automatic 6to4 tunnel IPv6 addresses.
Prefix
2002 : AABB : CCDD : Subnet : : /64
4 Octet IPv4 Address
Figure 18-7 Reserved Automatic 6to4 IPv6 Addresses
www.CareerCert.info
628 CCNP ROUTE 642-902 Official Certification Guide
The first half of the address has three major parts, with the second half of the address
structure used for the host ID as with most implementations of global unicast addresses.
The addresses always begin with a first quartet of 2002. The second and third quartet list
the hex version of the IPv4 address for that site–usually the IPv4 address of a loopback interface
on a router. (In this case, the hex value AABBCCDD represents 170.187.204.221,
found by converting each pair of hex digits to the decimal equivalent.) The fourth quartet
can be conveniently used as a subnet field so that the engineer can assign the various subnets
connected to each router. The /48 prefix chosen for each router works much like
when a registrar gives a company a /48 global unicast prefix, leaving 16 bits for the company
to use for subnetting.
For example, consider the case with a multipoint tunnel with three routers, R1, R3, and
R4, as shown in Figure 18-8. The figure depicts the planning steps taken by the engineer
when using the 2002::/16 prefix for all IPv6 addresses.
Multipoint tunnels give engineers a convenient tool to use when irregular or infrequent
IPv6 traffic occurs between sites. The multipoint topology creates the possibility that
new sites can join into the tunnel without requiring additional configuration on the existing
routers. Additionally, these multipoint tunnels in some cases allow IPv6 hosts to act as
tunnel endpoints, allowing a host at a remote site to connect into the Enterprise IPv6 network
even if the local router has no knowledge of IPv6. This flexibility and ability to add
routers and hosts with potentially no extra configuration makes multipoint IPv6 tunnels a
very useful migration tool.
Multipoint tunnels also have some disadvantages. To take advantage of the possibility to
limit future configuration changes, IPv6 address planning must follow some additional
rules and constraints. These tunnels also do not support IPv6 IGPs, requiring the use of either
static routes or multiprotocol BGP. The dynamic forwarding logic requires more work
per packet as compared with point-to-point tunnels, which is one of the main reasons multipoint
tunnels are best used for less frequent traffic, with point-to-point tunnels best
used for more frequent traffic. Finally, the additional addressing rules and considerations
require a bit more of a learning curve to become comfortable with these tools, at least as
compared with point-to-point tunnels.
www.CareerCert.info
Chapter 18: IPv4 and IPv6 Coexistence 627
This section examines the configuration of two types of multipoint tunnels: automatic
6to4 tunnels, as defined in RFC 3056, and ISATAP tunnels, as defined in RFC 4214.
Automatic 6to4 Tunnels
As previously described in the section “Point-to-Multipoint IPv6 Tunnels,” a multipoint
tunnel does not explicitly define the tunnel endpoint IPv4 addresses. Instead, the incoming
IPv6 packet’s destination IPv6 address implies the IPv4 address that a router should
use when encapsulating and forwarding the packet. Because the tunnels rely on the IPv6
address to determine the destination IPv4 address for these tunnels, network engineers
must spend more time initially planning IPv6 and IPv4 addresses used to deploy IPv6.
The first big planning and design choice when using automatic 6to4 tunnels relates to
whether to use global unicast addresses for the end user subnets, or whether to use a special
reserved range of addresses (2002::/16). If the Enterprise expects all Internet traffic
to/from the Enterprise to remain IPv4-only for the foreseeable future, then the IPv6 addresses
used in the Enterprise do not matter much, and the network engineer can take advantage
of the 2002::/16 reserved range. Using this range allows new sites to be added to
the multipoint tunnel at a later time, without requiring new configuration on the existing
routers in a multipoint tunnel. However, if the Enterprise needs to use its registered global
unicast site prefix, automatic 6to4 tunnels can still be used, just with a little more configuration
effort over time.
This section first examines the case where the Enterprise needs no IPv6 Internet connectivity,
using the 2002::/16 reserved range of addresses. Following that, this section examines
the same tool, this time using a registered global unicast site prefix.
Using the Automatic 6to4 Prefix for All Devices
RFC 3056 defines a reserved range of IPv6 addresses for use with automatic 6to4 tunnels:
2002::/16. Even though this range appears to come from the range of global unicast IPv6
addresses (2000::/3), IANA reserves the 2002::/16 prefix as a set of addresses that will
never be assigned as global unicast addresses.
By starting with the 2002::/16 prefix, a network engineer can then create a /48 prefix:
■ The network engineer can assign each tunnel endpoint (router or host) its own /48
prefix, used for all prefixes connected to that local router, by adding the hex version
of the router’s IPv4 address as bits 17 through 48 (quartets 2 and 3).
■ The engineer can allocate /64 prefixes for each required subnet connected to each
router by allocating a unique subnet number in the fourth quartet (much like when an
Enterprise receives a /48 site prefix from an IPv6 registrar).
Figure 18-7 shows the format of the automatic 6to4 tunnel IPv6 addresses.
Prefix
2002 : AABB : CCDD : Subnet : : /64
4 Octet IPv4 Address
Figure 18-7 Reserved Automatic 6to4 IPv6 Addresses
www.CareerCert.info
628 CCNP ROUTE 642-902 Official Certification Guide
The first half of the address has three major parts, with the second half of the address
structure used for the host ID as with most implementations of global unicast addresses.
The addresses always begin with a first quartet of 2002. The second and third quartet list
the hex version of the IPv4 address for that site–usually the IPv4 address of a loopback interface
on a router. (In this case, the hex value AABBCCDD represents 170.187.204.221,
found by converting each pair of hex digits to the decimal equivalent.) The fourth quartet
can be conveniently used as a subnet field so that the engineer can assign the various subnets
connected to each router. The /48 prefix chosen for each router works much like
when a registrar gives a company a /48 global unicast prefix, leaving 16 bits for the company
to use for subnetting.
For example, consider the case with a multipoint tunnel with three routers, R1, R3, and
R4, as shown in Figure 18-8. The figure depicts the planning steps taken by the engineer
when using the 2002::/16 prefix for all IPv6 addresses.
The underlying logic hinges on the two static routes in R1’s IPv6 routing table, as shown in
Figure 18-9. One route is the old route for 2002::/16, whereas the other route, added because
of the use of global unicast addresses, matches the prefix for R3’s LAN. Following
the numbered sequence in the figure
Step 1. PC1 sends an IPv6 packet to PC3, destination address 2000:0:1:3::33.
Step 2. R1 compares the destination IPv6 address, matching the first route (destination
2000:0:1:3::/64) with outgoing interface Tunnel0 and next-hop router
2002:A09:903:: (R3’s tunnel IPv6 address).
Step 3. R1 needs to decide how to forward packets to 2002:A09:903::, so R1 performs
route recursion to find the matching route for this destination. R1 matches the
R1
634 CCNP ROUTE 642-902 Official Certification Guide
static route for 2002::/16 with outgoing interface tunnel0 and with no nexthop
address listed.
At this point, the usual automatic 6to4 tunnel logic kicks in but based on the first route’s
next-hop address of 2002:a09:903::.
Summarizing, the differences in planning and configuration for using global unicasts with
automatic 6to4 tunnels are
Step 1. Plan the prefixes and addresses for the LANs using the global unicast range assigned
to the Enterprise.
Step 2. Configure an additional static route for each remote subnet, configuring the
tunnel as outgoing interface and configuring the next-hop IPv6 address. That
next-hop must be the remote router’s tunnel IPv6 address, which embeds the
destination IPv4 address as the second and third octets.
Note: You also can use BGP for IPv6 to learn the route listed in Step 2.
For R1 to forward traffic to the IPv6 hosts PC3 and PC4 in Figure 18-9, R1 would need
the following two additional routes:
■ ipv6 route 2000:0:1:3::/64 tunnel0 2002:a09:903::
■ ipv6 route 2000:0:1:4::/64 tunnel0 2002:a09:904::
Finally, the introduction to this section mentioned that the use of global unicast addresses
required more configuration changes. When a new router is added to the multipoint tunnel,
each router already on the tunnel needs to add additional static routes or the alternative
additional BGP configuration.
IPv6 ISATAP Tunnels
You can use ISATAP–the Intra-site Automatic Tunnel Addressing Protocol–to identify the
IPv4 address of the remote site for the purposes of tunneling IPv6 packets. As a result,
you can create dynamic multipoint tunnels using ISATAP, in general a concept much like
the multipoint tunnels created using automatic 6to4 tunnels.
Comparing ISATAP and Automatic 6to4 Concepts
ISATAP tunnels differ in some ways with automatic 6to4 tunnels. However, ISATAP IPv6
tunnels use concepts that closely match those used by automatic 6to4 tunnels when using
global unicast addresses (as previously shown in Figure 18-9). The following list makes
some important comparisons between these two options with the items that differ between
ISATAP tunnels and automatic 6to4 tunnels highlighted in gray:
Step 1. ISATAP tunnels use global unicast prefixes for user subnets.
Step 2. ISATAP tunnel interfaces use IPv6 addresses that embed the tunnel’s destination
IPv4 address inside the IPv6 address.
Key
Topic
www.CareerCert.info
Chapter 18: IPv4 and IPv6 Coexistence 635
Step 3. The routers need static routes for the destination end-user IPv6 prefixes; the
route must list a next-hop IPv6 address, which in turn embeds the tunnel
destination IPv4 address.
Step 4. ISATAP tunnel interface IPv6 addresses embed the IPv4 address in the last two
quartets.
Step 5. ISATAP tunnels do not use a special reserved range of IPv6 addresses at all,
instead using just normal IPv6 unicast prefixes.
Step 6. ISATAP tunnels typically use a single prefix to which all tunnel interfaces
connect, so all routers have a connected IPv6 route to that same subnet.
Step 7. ISATAP tunnels can automatically derive the tunnel interface’s interface ID by
using modified EUI-64 rules.
As usual, an example can help sift through some of the details; Figure 18-10 shows just
such an example. The figure is the same as Figure 18-9’s automatic 6to4 tunnel example
with the same user IPv6 prefixes from the global unicast range. However, the design and
configuration has been changed to work with ISATAP tunnels, as follows:
■ The three tunnel interfaces now have IPv6 addresses in common IPv6 subnet
2000:0:1:9::/64. (The actual subnet number is not important; just choose a currently
unused IPv6 subnet.)
■ The tunnel interfaces’ IPv6 addresses conform to modified EUI-64 rules (explained
following the figure) embedding the IPv4 address in the last two quartets.
Chapter 18: IPv4 and IPv6 Coexistence 637
Step 7. Complete the normal IPv6 configuration, include defining the LAN interface
IPv6 addresses per the planning chart and enabling IPv6 routing with the ipv6
unicast-routing command.
Step 8. Define static IPv6 routes (using the ipv6 route global command) for each destination
IPv6 prefix, with an outgoing interface and next-hop address. (The
next-hop should be the destination router’s IPv6 address that embeds the IPv4
address as the last two octets.)
Example 18-8 shows the configuration on Routers R1 and R3 from Figure 18-10 with the
tunnel details highlighted.
Example 18-8 Configuring R1 and R3 for an ISATAP Tunnel per Figure 18-10
! First, on router R1:
R1# show running-config
! only relevant portions shown
ipv6 unicast-routing
!
interface Loopback1
ip address 10.9.9.1 255.255.255.255
!
interface Tunnel9
no ip address
ipv6 address 2000:0:1:9::/64 eui-64
tunnel source Loopback1
tunnel mode ipv6ip isatap
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
ipv6 address 2000:0:1:1::1/64
!
ipv6 route 2000:0:1:3::/64 2000:0:1:9:0:5EFE:A09:903
ipv6 route 2000:0:1:4::/64 2000:0:1:9:0:5EFE:A09:904
! Next, on router R3:
R3# show running-config
! only relevant portions shown
ipv6 unicast-routing
!
interface Loopback3
ip address 10.9.9.3 255.255.255.255
!
interface Tunnel9
no ip address
ipv6 address 2000:0:1:9::/64 eui-64
tunnel source Loopback3
tunnel mode ipv6ip isatap
www.CareerCert.info
638 CCNP ROUTE 642-902 Official Certification Guide
!
interface FastEthernet0/1
ip address 10.1.3.3 255.255.255.0
ipv6 address 2000:0:1:3::3/64
!
ipv6 route 2000:0:1:1::/64 2000:0:1:9:0:5EFE:A09:901
ipv6 route 2000:0:1:4::/64 2000:0:1:9:0:5EFE:A09:904
The most important parts of the configurations are the tunnel configuration and the static
routes. First, on R1’s new tunnel interface (Tunnel 9), the configuration sets the mode to
ISATAP (tunnel mode ipv6ip isatap). This command, in combination with the ipv6 address
2000:0:1:9::/64 eui-64 command, tells R1 to use the modified EUI-64 rules to give
R1’s Tunnel 9 interface an IPv6 address of 2000:0:1:9:0:5EFE:A09:901. R1 derives the last
two octets based on the indirect reference made in the tunnel source loopback 1 command,
using loopback 1’s IPv4 address (10.9.9.1) to complete Tunnel 9’s IPv6 address.
The two static routes on R1 simply define routes to the LAN subnet on each remote router
with the important part being the next-hop IPv6 address. The listed addresses exist on R3
and R4, generated by the modified EUI-64 process on those routers.
Example 18-9 shows some supporting verification commands on Router R1.
Example 18-9 Verifying Tunnel Operation on R1
R1# show ipv6 interface brief
FastEthernet0/0 [up/up]
FE80::213:19FF:FE7B:5026
2000:0:1:1::1
! irrelevant interfaces removed
Loopback1 [up/up]
unassigned
Tunnel9 [up/up]
FE80::5EFE:A09:901
2000:0:1:9:0:5EFE:A09:901
R1# show ipv6 route
IPv6 Routing Table - Default - 7 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C 2000:0:1:1::/64 [0/0]
via FastEthernet0/0, directly connected
L 2000:0:1:1::1/128 [0/0]
via FastEthernet0/0, receive
www.CareerCert.info
Chapter 18: IPv4 and IPv6 Coexistence 639
S 2000:0:1:3::/64 [1/0]
via 2000:0:1:9:0:5EFE:A09:903
S 2000:0:1:4::/64 [1/0]
via 2000:0:1:9:0:5EFE:A09:904
C 2000:0:1:9::/64 [0/0]
via Tunnel9, directly connected
L 2000:0:1:9:0:5EFE:A09:901/128 [0/0]
via Tunnel9, receive
L FF00::/8 [0/0]
via Null0, receive
R1# traceroute
Protocol [ip]: ipv6
Target IPv6 address: 2000:0:1:3::3
Source address: 2000:0:1:1::1
Insert source routing header? [no]:
Numeric display? [no]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Priority [0]:
Port Number [0]:
Type escape sequence to abort.
Tracing the route to 2000:0:1:3::3
1 2000:0:1:9:0:5EFE:A09:903 0 msec 0 msec 4 msec
The example begins with the show ipv6 interfaces brief command, which shows the two
IPv6 addresses R1 derives. It lists the 2000:0:1:9::5EFE:A09:901 address, derived using the
modified EUI-64 rules. It also lists a link local address on the interface, formed not with
traditional EUI-64 rules but instead with the same modified EUI-64 rules used for the
global unicast address.
The show ipv6 route command output highlights the same routes shown in Figure 18-10.
It lists the static route for R3’s LAN subnet, a route to 2000:0:1:3::/64, with R3’s modified
EUI-64 IPv6 address as the next hop. The output also shows R1’s connected route for the
tunnel subnet (2000:0:1:9::/64). Finally, the traceroute command at the end confirms that
R1 can send packets to R3’s LAN IPv6 address (2000:0:1:3::3) from R1’s LAN IPv6 address
(2000:0:1:1::1).
Multipoint IPv6 Tunnel Summary
Multipoint IPv6 tunnels give engineers a good means to implement IPv6 connectivity for
short periods of time. The tunnels can allow easier addition of new sites, with less configuration
on existing routers. These tunnels also support tunneling with IPv6 hosts. However,
these tunnels do not support IPv6 IGPs. Also, the extra processing required to
www.CareerCert.info
640 CCNP ROUTE 642-902 Official Certification Guide
Key
Topic
Table 18-4 Comparing IPv6 Multipoint Tunnels
Automatic 6to4 ISATAP
RFC 3056 4214
Uses a reserved IPv6 address prefix. Yes (2002::/16) No
Supports the use of global unicast addresses? Yes Yes
Quartets holding the IPv4 destination address. 2/3 7/8
End-user host addresses embed the IPv4 destination? Sometimes No
Tunnel endpoints IPv6 addresses embed IPv4 destination. Sometimes Yes
Uses modified EUI-64 to form tunnel IPv6 addresses? No Yes
No comments:
Post a Comment