Interface and Hardware Component Configuration Guide, Cisco IOS Release 15S
IP over IPv6 Tunnels
Downloads: This chapterpdf (PDF - 1.32MB) The complete bookPDF (PDF - 6.45MB) | The complete bookePub (ePub - 1.45MB) | Feedback

IP over IPv6 Tunnels

IP over IPv6 Tunnels

IPv6 supports IP over IPv6 tunnels, which includes the following:

  • Generic routing encapsulation (GRE) IPv4 tunnel support for IPv6 traffic—IPv6 traffic can be carried over IPv4 GRE tunnels using the standard GRE tunneling technique that is designed to provide the services to implement any standard point-to-point encapsulation scheme. The primary use of GRE tunnels is for stable connections that require regular secure communication between two edge devices or between an edge device and an end system. The edge devices and the end systems must be dual-stack implementations.
  • GRE support over IPv6 transport—GRE has a protocol field that identifies the passenger protocol. GRE tunnels allow Intermediate System-to-Intermediate System (IS-IS) or IPv6 to be specified as a passenger protocol, which allows both IS-IS and IPv6 traffic to run over the same tunnel.
  • VRF-aware IPv4/IPv6 over IPv6 tunnels - Virtual Routing and Forwarding (VRF)-aware tunnels are used to connect customer networks separated by untrusted core networks or core networks with different infrastructures (IPv4 or IPv6).

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Information About IP over IPv6 Tunnels

Overlay Tunnels for IPv6

Overlay tunneling encapsulates IPv6 packets in IPv4 packets for delivery across an IPv4 infrastructure (a core network or the figure below). By using overlay tunnels, you can communicate with isolated IPv6 networks without upgrading the IPv4 infrastructure between them. Overlay tunnels can be configured between border devices or between a border device and a host; however, both tunnel endpoints must support both the IPv4 and IPv6 protocol stacks. IPv6 supports the following types of overlay tunneling mechanisms:

  • Manual
  • Generic routing encapsulation (GRE)
  • IPv4-compatible
  • 6to4
  • Intrasite Automatic Tunnel Addressing Protocol (ISATAP)
Figure 1. Overlay Tunnels


Note


Overlay tunnels reduce the maximum transmission unit (MTU) of an interface by 20 octets (assuming that the basic IPv4 packet header does not contain optional fields). A network that uses overlay tunnels is difficult to troubleshoot. Therefore, overlay tunnels that connect isolated IPv6 networks should not be considered a final IPv6 network architecture. The use of overlay tunnels should be considered as a transition technique toward a network that supports both the IPv4 and IPv6 protocol stacks or just the IPv6 protocol stack.


Use the table below to help you determine which type of tunnel that you want to configure to carry IPv6 packets over an IPv4 network.

Table 1 Suggested Usage of Tunnel Types to Carry IPv6 Packets over an IPv4 Network

Tunneling Type

Suggested Usage

Usage Notes

Manual

Simple point-to-point tunnels that can be used within a site or between sites.

Can carry IPv6 packets only.

GRE- and IPv4- compatible

Simple point-to-point tunnels that can be used within a site or between sites.

Can carry IPv6, Connectionless Network Service (CLNS), and many other types of packets.

IPv4- compatible

Point-to-multipoint tunnels.

Uses the ::/96 prefix. We do not recommend using this tunnel type.

6to4

Point-to-multipoint tunnels that can be used to connect isolated IPv6 sites.

Sites use addresses from the 2002::/16 prefix.

6RD

IPv6 service is provided to customers over an IPv4 network by using encapsulation of IPv6 in IPv4.

Prefixes can be from the SP’s own address block.

ISATAP

Point-to-multipoint tunnels that can be used to connect systems within a site.

Sites can use any IPv6 unicast addresses.

Individual tunnel types are discussed in detail in this document. We recommend that you review and understand the information about the specific tunnel type that you want to implement. When you are familiar with the type of tunnel you need, see the table below for a summary of the tunnel configuration parameters that you may find useful.

Table 2 Tunnel Configuration Parameters by Tunneling Type

Tunneling Type

Tunnel Configuration Parameter

Tunnel Mode

Tunnel Source

Tunnel Destination

Interface Prefix or Address

Manual

ipv6ip

An IPv4 address, or a reference to an interface on which IPv4 is configured.

An IPv4 address.

An IPv6 address.

GRE/IPv4

gre ip

An IPv4 address.

An IPv6 address.

IPv4- compatible

ipv6ip auto-tunnel

Not required. These are all point-to-multipoint tunneling types. The IPv4 destination address is calculated, on a per-packet basis, from the IPv6 destination.

Not required. The interface address is generated as ::tunnel-source/96.

6to4

ipv6ip 6to4

An IPv6 address. The prefix must embed the tunnel source IPv4 address.

6RD

ipv6ip 6rd

An IPv6 address.

ISATAP

ipv6ip isatap

An IPv6 prefix in modified eui-64 format. The IPv6 address is generated from the prefix and the tunnel source IPv4 address.

IPv6 Manually Configured Tunnels

A manually configured tunnel is equivalent to a permanent link between two IPv6 domains over an IPv4 backbone. The primary use is for stable connections that require regular secure communication between two edge devices or between an end system and an edge device, or for connection to remote IPv6 networks.

An IPv6 address is manually configured on a tunnel interface, and manually configured IPv4 addresses are assigned to the tunnel source and the tunnel destination. The host or device at each end of a configured tunnel must support both the IPv4 and IPv6 protocol stacks. Manually configured tunnels can be configured between border devices or between a border device and a host. Cisco Express Forwarding switching can be used for IPv6 manually configured tunnels, or Cisco Express Forwarding switching can be disabled if process switching is needed.

GRE IPv4 Tunnel Support for IPv6 Traffic

IPv6 traffic can be carried over IPv4 GRE tunnels using the standard GRE tunneling technique that is designed to provide the services to implement any standard point-to-point encapsulation scheme. As in IPv6 manually configured tunnels, GRE tunnels are links between two points, with a separate tunnel for each link. The tunnels are not tied to a specific passenger or transport protocol but, in this case, carry IPv6 as the passenger protocol with the GRE as the carrier protocol and IPv4 or IPv6 as the transport protocol.

The primary use of GRE tunnels is for stable connections that require regular secure communication between two edge devices or between an edge device and an end system. The edge devices and the end systems must be dual-stack implementations.

GRE Support over IPv6 Transport

GRE has a protocol field that identifies the passenger protocol. GRE tunnels allow Intermediate System-to-Intermediate System (IS-IS) or IPv6 to be specified as a passenger protocol, which allows both IS-IS and IPv6 traffic to run over the same tunnel. If GRE did not have a protocol field, it would be impossible to distinguish whether the tunnel was carrying IS-IS or IPv6 packets. The GRE protocol field makes it desirable to tunnel IS-IS and IPv6 inside GRE.

How to Configure IP over IPv6 Tunnels

Configuring Manual IPv6 Tunnels

Perform this task to configure manual IPv6 tunnels.

Before You Begin

With manually configured IPv6 tunnels, an IPv6 address is configured on a tunnel interface, and manually configured IPv4 addresses are assigned to the tunnel source and the tunnel destination. The host or router at each end of a configured tunnel must support both the IPv4 and IPv6 protocol stacks.

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    interface tunnel tunnel-number

    4.    ipv6 address ipv6-prefix / prefix-length [eui-64]

    5.    tunnel source {ip-address| interface-t ype interface-number}

    6.    tunnel destination ip-address

    7.    tunnel mode ipv6ip


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example:
    Router> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.
     
    Step 2 configure terminal


    Example:
    Router# configure terminal
     

    Enters global configuration mode.

     
    Step 3 interface tunnel tunnel-number


    Example:
    Router(config)# interface tunnel 0
     

    Specifies a tunnel interface and number, and enters interface configuration mode.

     
    Step 4 ipv6 address ipv6-prefix / prefix-length [eui-64]


    Example:
    Router(config-if)# ipv6 address 3ffe:b00:c18:1::3/127
     

    Specifies the IPv6 network assigned to the interface and enables IPv6 processing on the interface.

     
    Step 5 tunnel source {ip-address| interface-t ype interface-number}


    Example:
    Router(config-if)# tunnel source ethernet 0
     

    Specifies the source IPv4 address or the source interface type and number for the tunnel interface.

    • If an interface is specified, the interface must be configured with an IPv4 address.
     
    Step 6 tunnel destination ip-address


    Example:
    Router(config-if)# tunnel destination 192.168.30.1
     

    Specifies the destination IPv4 address or hostname for the tunnel interface.

     
    Step 7 tunnel mode ipv6ip


    Example:
    Router(config-if)# tunnel mode ipv6ip
     

    Specifies a manual IPv6 tunnel.

    Note   

    The tunnel mode ipv6ip command specifies IPv6 as the passenger protocol and IPv4 as both the encapsulation and transport protocol for the manual IPv6 tunnel.

     

    Configuring GRE IPv6 Tunnels

    Perform this task to configure a GRE tunnel on an IPv6 network. GRE tunnels can be configured to run over an IPv6 network layer and to transport IPv6 packets in IPv6 tunnels and IPv4 packets in IPv6 tunnels.

    Before You Begin

    When GRE IPv6 tunnels are configured, IPv6 addresses are assigned to the tunnel source and the tunnel destination. The tunnel interface can have either IPv4 or IPv6 addresses assigned (this is not shown in the task). The host or router at each end of a configured tunnel must support both the IPv4 and IPv6 protocol stacks.

    SUMMARY STEPS

      1.    enable

      2.    configure terminal

      3.    interface tunnel tunnel-number

      4.    ipv6 address ipv6-prefix / prefix-length [eui-64]

      5.    tunnel source {ip-address | ipv6-address | interface-type interface-number}

      6.    tunnel destination {host-name | ip-address | ipv6-address}

      7.    tunnel mode {aurp | cayman | dvmrp | eon | gre| gre multipoint | gre ipv6 | ipip [decapsulate-any] | iptalk | ipv6 | mpls | nos


    DETAILED STEPS
       Command or ActionPurpose
      Step 1 enable


      Example:
      Router> enable
       

      Enables privileged EXEC mode.

      • Enter your password if prompted.
       
      Step 2 configure terminal


      Example:
      Router# configure terminal
       

      Enters global configuration mode.

       
      Step 3 interface tunnel tunnel-number


      Example:
      Router(config)# interface tunnel 0
       

      Specifies a tunnel interface and number, and enters interface configuration mode.

       
      Step 4 ipv6 address ipv6-prefix / prefix-length [eui-64]


      Example:
      Router(config-if)# ipv6 address 3ffe:b00:c18:1::3/127
       

      Specifies the IPv6 network assigned to the interface and enables IPv6 processing on the interface.

       
      Step 5 tunnel source {ip-address | ipv6-address | interface-type interface-number}


      Example:
      Router(config-if)# tunnel source ethernet 0
       

      Specifies the source IPv4 address or the source interface type and number for the tunnel interface.

      • If an interface is specified, the interface must be configured with an IPv4 address.
       
      Step 6 tunnel destination {host-name | ip-address | ipv6-address}


      Example:
      Router(config-if)# tunnel destination 2001:DB8:1111:2222::1/64
       

      Specifies the destination IPv6 address or hostname for the tunnel interface.

       
      Step 7 tunnel mode {aurp | cayman | dvmrp | eon | gre| gre multipoint | gre ipv6 | ipip [decapsulate-any] | iptalk | ipv6 | mpls | nos


      Example:
      Router(config-if)# tunnel mode gre ipv6
       

      Specifies a GRE IPv6 tunnel.

      Note   

      The tunnel mode gre ipv6command specifies GRE as the encapsulation protocol for the tunnel.

       

      Configuration Examples for IP over IPv6 Tunnels

      Example: Configuring IPv4-Compatible IPv6 Tunnels

      The following example configures an IPv4-compatible IPv6 tunnel that allows Border Gateway Protocol (BGP) to run between a number of routers without having to configure a mesh of manual tunnels. Each router has a single IPv4-compatible tunnel, and multiple BGP sessions can run over each tunnel, one to each neighbor. Ethernet interface 0 is used as the tunnel source. The tunnel destination is automatically determined by the IPv4 address in the low-order 32 bits of an IPv4-compatible IPv6 address. Specifically, the IPv6 prefix 0:0:0:0:0:0 is concatenated to an IPv4 address (in the format 0:0:0:0:0:0:A.B.C.D or ::A.B.C.D) to create the IPv4-compatible IPv6 address. Ethernet interface 0 is configured with a global IPv6 address and an IPv4 address (the interface supports both the IPv6 and IPv4 protocol stacks).

      Multiprotocol BGP is used in the example to exchange IPv6 reachability information with the peer 10.67.0.2. The IPv4 address of Ethernet interface 0 is used in the low-order 32 bits of an IPv4-compatible IPv6 address and is also used as the next-hop attribute. Using an IPv4-compatible IPv6 address for the BGP neighbor allows the IPv6 BGP session to be automatically transported over an IPv4-compatible tunnel.

      interface tunnel 0
       tunnel source Ethernet 0
       tunnel mode ipv6ip auto-tunnel
      interface ethernet 0
       ip address 10.27.0.1 255.255.255.0
       ipv6 address 3000:2222::1/64
      router bgp 65000
       no synchronization
       no bgp default ipv4-unicast
      neighbor ::10.67.0.2 remote-as 65002
      address-family ipv6
       neighbor ::10.67.0.2 activate
       neighbor ::10.67.0.2 next-hop-self
       network 2001:2222:d00d:b10b::/64

      Additional References

      Related Documents

      Related Topic

      Document Title

      IPv6 addressing and connectivity

      IPv6 Configuration Guide

      Cisco IOS commands

      Cisco IOS Master Commands List, All Releases

      IPv6 commands

      Cisco IOS IPv6 Command Reference

      Cisco IOS IPv6 features

      Cisco IOS IPv6 Feature Mapping

      Standards and RFCs

      Standard/RFC

      Title

      RFCs for IPv6

      IPv6 RFCs

      MIBs

      MIB

      MIBs Link

      To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

      http:/​/​www.cisco.com/​go/​mibs

      Technical Assistance

      Description

      Link

      The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

      http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

      Feature Information for IP over IPv6 Tunnels

      The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

      Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

      Table 3 Feature Information for IP over IPv6 Tunnels

      Feature Name

      Releases

      Feature Information

      IP over IPv6 Tunnels

      12.2(30)S

      12.2(33)SRA

      12.3(7)T

      12.4

      12.4(2)T

      15.0(1)S

      IPv6 supports this feature.

      The following commands were introduced or modified: tunnel destination, tunnel mode, tunnel mode ipv6ip, tunnel source.