Products & Services

Training & Events

Partner Central

Hierarchical Navigation

HOME
- SUPPORT
  - TECHNOLOGY SUPPORT
    - IP
      - IP VERSION 6 (IPV6)
        DESIGN
        DESIGN GUIDES
        IPv6: Connecting to the 6bone Using 6to4 Tunnels

IP Version 6 (IPv6)

IPv6: Connecting to the 6bone Using 6to4 Tunnels

Downloads

IPv6: Connecting to the 6bone Using 6to4 Tunnels

Table Of Contents

IPv6: Connecting to the 6bone Using 6to4 Tunnels

Business Objectives

Initial Network Topology

Possible Solutions

Proposed Solution: No. 2, 6to4 Tunnels

Overview

Strategy

Network Topology

How This Solution Works

Benefits

Ramifications

Implementation

Prerequisites and Design Considerations

Implementation Process Steps

Device Characteristics

Annotated Configuration Files

Related Documents

IPv6: Connecting to the 6bone Using 6to4 Tunnels

Version History

Version Number

Date

Notes

1

28 Feb 2002

This document was created.

2

19 May 2003

Updated the related documents section.

This document describes how an enterprise campus customer (such as an educational institution, a small software firm, or a small manufacturing company) can connect to the 6bone by using 6to4 tunnels. The 6bone is an IP version 6 (IPv6) test network that was set up to assist in the evolution and deployment of IPv6 in the Internet.

This document is one of a set of documents that support and complement the IPv6 Deployment Strategies publication, which is available at the following URL:

http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/ipv6_sol/ipv6dswp.pdf

You should read this document in conjunction with IPv6 Deployment Strategies to better understand IPv6 predeployment activities.

This document has the following sections:

•Business Objectives

•Possible Solutions

•Proposed Solution: No. 2, 6to4 Tunnels

•Implementation

•Related Documents

Business Objectives

A small software company (considered to be a typical enterprise campus environment) with an IPv4 network is discussing a merger with another company that runs IPv6 on its network. To assess the connectivity impact that the merger would have on the merged companies, the customer wants to expand its knowledge of IPv6 by connecting to the 6bone. The business objectives of the enterprise campus customer discussed in this document are as follows:

•For a minimal investment, gain IPv6 experience on an established IPv6 backbone using its existing IPv4 topology.

•Test transitional and operational procedures in a real-world IPv6 environment before deploying IPv6 within its campus.

Transitional procedures are those procedures that are necessary to migrate from IPv4 to IPv6. These procedures include setting up dual-stack routers and end systems, tunneling mechanisms, Domain Name System (DNS) servers, and, in the future, the testing of Network Address Translation-Protocol Translation (NAT-PT).

Operational procedures are related to network management, element management of dual-stack hosts and end systems, and other similar functions.

•Test IPv6 applications and implementations on local workstations.

•Minimize the management overhead associated with a 6bone connection.

Note Although the 6bone comprises many types of organizations (such as academic and government organizations, hardware and software vendors, and service providers), in this document we will use the term 6bone ISP when referring to the organization that is at the 6bone end of the tunnel.

Initial Network Topology

Figure 1 shows the initial IPv4 network topology for the enterprise campus customer. This network uses several routers to provide IP connectivity among local users. A permanent IPv4 connection to an Internet service provider (ISP) provides external connectivity.

Figure 1 Initial Enterprise IPv4 Network Topology

Possible Solutions

Two possible ways for this enterprise campus customer to connect to the 6bone using its existing IPv4 topology and tunnels are manually configured tunnels and 6to4 tunnels. Tunneling is the technique of encapsulating IPv6 packets within IPv4 packets so that they can be carried across IPv4 routing infrastructures. Both solutions require that the host or router at each end of the tunnel be running dual-stack, meaning that they concurrently support both the IPv4 and IPv6 protocol stacks. Both of these possible solutions are supported by Cisco IOS software.

Possible Solution No. 1: Manually Configured Tunnels

Manually configured IPv6 tunneling is a technique where an IPv6 address is manually configured on a tunnel interface and IPv4 addresses are manually configured at the tunnel source and the tunnel destination. Manually configured tunnels can be configured between border routers or between a border router and a host. Because manually configured tunnels require configuration at both ends of the tunnel, they have a larger management overhead when multiple tunnels are implemented compared to use of 6to4 tunnels. Because they are configured one-to-one between well-known endpoints, manually configured tunnels make traffic information available for each endpoint, and provide extra security against injected traffic.

Possible Solution No. 2: 6to4 Tunnels

6to4 tunneling is a technique where the tunnel endpoint is determined by the globally unique IPv4 address embedded in a 6to4 address. A 6to4 IPv6 address is a combination of the unique routing prefix 2002::/16 and a globally unique 32-bit IPv4 address. (IPv4-compatible IPv6 addresses are a different format from 6to4 IPv6 addresses. IPv4-compatible IPv6 addresses are not used in 6to4 tunneling.) 6to4 tunnels are configured between border routers, or between a border router and a host. 6to4 tunnels require that a 6bone 6to4 relay site be identified to provide the 6to4 relay service to the enterprise. The 6to4 relay site will configure a dual-stack border router that will become the endpoint for the enterprise 6to4 tunnel. After the 6to4 relay site sets up for 6to4 tunneling, its management burden is minimal. At the enterprise end, a simple router configuration enables access to the 6bone through the 6to4 tunnel.

Although it is possible to use 6to4 tunnels to interconnect IPv6 sites within your enterprise, that usage is beyond the scope of this document.

Proposed Solution: No. 2, 6to4 Tunnels

The proposed solution is to connect to the 6bone using 6to4 tunnels because it is the simplest solution that meets the business objectives.

Overview

6to4 tunnels provide a mechanism for IPv6 end sites to access the 6bone by tunneling over the IPv4 Internet. To prevent interference with the corporate production network, the solution should be initially deployed in an isolated network, such as a laboratory.

Strategy

Start with an IPv4 network that has an external IPv4 connection to an ISP. IPv4 is required because the tunnel to the 6bone that will be set up will use IPv4 to transport the IPv6 traffic.

Select Initial IPv6 Test Environment

Decide which of the two following environments you want to use to implement the initial 6bone connection:

•A completely separate test network, such as a lab

•A test network that is connected to the rest of the network, but is isolated by a firewall that does not pass IPv6 traffic

This document uses the second, firewall-isolated environment, but the configuration also applies to the first environment.

Provision the IPv6 Test Network

Install the devices that you will use in your IPv6 test network. Figure 2 shows a fully meshed IPv6 test network that is isolated from the corporate IPv4 network by a firewall that is configured to block IPv6 traffic. All of the routers in the test network are configured to run dual-stack.

Figure 2 Initial Network Topology with the IPv6 Test Network Added

Identify the Router to Connect to the 6bone

In the IPv6 test network, identify a border router that you will use to connect to the 6bone ISP. This border router must be a dual-stack router, which will be configured with the tunnel to pass the IPv6 traffic over the IPv4 internet.

Get Address Information from Your 6bone ISP

Ask your 6bone ISP to configure its end of the tunnel, and then provide you with the IPv4 address of its router that you will use for 6bone access.

Because you will be configuring a 6to4 tunnel to the 6bone, the IPv6 address of your border router will be your (globally routable) IPv4 address concatenated to the 6to4 prefix 2002::/16.

Note The ISP that you use for 6bone connectivity might not be the ISP that you use for IPv4 connectivity. Your 6bone ISP will typically be the nearest partner that will provide you with a 6to4 relay service, so you are not restricted to your local ISP for 6bone connectivity.

Configure Your 6bone Border Router

Using the IPv4 address from your 6bone ISP, configure the designated border router to run dual-stack, with a 6to4 tunnel to connect to the 6bone. We recommend that each site have only one 6to4 address assigned to the external interface of the router. All sites need to run an IPv6 interior routing protocol such as Routing Information Protocol next generation (RIPng) for the IPv6 routing within the site, but exterior routing is handled by the relevant IPv4 exterior routing protocol.

You now have 6bone connectivity to your test network, as shown in Figure 3.

Figure 3 Connectivity Established from the Test Network to the 6bone ISP

Connect the Corporate Network to the 6bone

When you are ready to deploy IPv6 to your enterprise network, the connection to the 6bone ISP will be made through your IPv4 ISP. You will configure the border router that is linked to your IPv4 ISP to run dual-stack and with a 6to4 tunnel to the 6bone ISP. The IPv4 address of the border router that is linked to your IPv4 ISP will change according to what address your IPv4 ISP provides. Identify other routers and hosts in your network that you want to have IPv6 connectivity. You will need to configure each of these devices to run dual-stack.

You can remove the firewall between the corporate network and the lab to allow IPv6 traffic to flow throughout the network, and you can retain a portion of your network as IPv4-only until you are ready to deploy IPv6 in that network. Figure 4 shows the enterprise network with IPv6 connectivity to the 6bone through a 6to4 tunnel via your IPv4 ISP.

Figure 4 Enterprise Network with IPv6 Connectivity to the 6bone

Network Topology

Figure 5 shows the topology of a typical 6to4 tunnel to the 6bone.

Figure 5 6to4 Tunnel to the 6bone

How This Solution Works

A 6to4 tunnel is configured on an enterprise dual-stack border router. All the enterprise IPv6 traffic destined for the 6bone is routed over IPv4 through the tunnel to the 6bone ISP 6to4 relay router. Traffic from the 6bone to an enterprise host is routed over IPv4 through the tunnel to the enterprise dual-stack border router, and then to the IPv6 destination host.

Benefits

The benefits to the enterprise of using 6to4 tunnels are as follows:

•6to4 tunnels are supported by Cisco IOS software.

•The end-user host configuration is simple, requiring little management overhead.

•The tunnel is automatic; no enterprise-specific configuration is required at the 6to4 relay site.

•6to4 tunnels scale well.

•This solution accommodates dynamic IP addresses at the enterprise.

•The tunnel exists only for the duration of the session.

•A 6to4 tunnel requires only a one-time configuration at the ISP, making the 6to4 relay service available simultaneously to many enterprises.

•Failover to a secondary router could be provided without involving the ISP.

Ramifications

The ramifications to the enterprise of using 6to4 tunnels are as follows:

•Independently managed NAT is not allowed along the path of the tunnel.

•Cannot easily implement multihoming.

•The 6to4 tunnel mechanism provides a /48 address block; no more addresses are available.

•Because they are configured many-to-one and tunnel traffic can originate from multiple endpoints, 6to4 tunnels can provide only overall traffic information to the ISP.

•Because the enterprise 6to4 IPv6 address prefix is determined by and depends on the underlying IPv4 address, migration to native IPv6 requires renumbering the network.

•This solution is limited to static or BGP4+ routing.

Implementation

This section describes how an enterprise customer can implement a 6to4 tunnel to connect to the 6bone. It contains the following sections:

•Prerequisites and Design Considerations

•Implementation Process Steps

•Device Characteristics

•Annotated Configuration Files

Prerequisites and Design Considerations

Before you implement a 6to4 tunnel to the 6bone, you must perform the following tasks:

•Identify the border router at your site that you will configure to run dual-stack. This border router must have a static, globally routable IPv4 address.

•From the 6bone ISP, obtain the IPv4 address of the 6to4 relay router that you will use for 6bone access.

Note When you configure tunnels for your enterprise border routers, you must use globally routable IPv4 addresses. The IPv4 addresses used in the example configurations in this document are not globally routable and are provided for illustrative purposes only.

•Ensure that your DNS is running (or has the equivalent capabilities of) Berkeley Internet Name Domain (BIND) version 9, which provides an implementation of the major components of the DNS for IPv6. DNS configuration is beyond the scope of this document.

•Recognize that the current dual-stack implementation in Cisco IOS software permits an interim network management solution, allowing applications such as TFTP, ping, Telnet, and traceroute to be run over either an IPv4 or an IPv6 transport.

•Select an IPv6 interior routing protocol, such as RIPng, that is appropriate to your network configuration. For simplicity, the solution presented in this document uses a static route. Exterior routing is handled by the relevant IPv4 exterior routing protocol.

•Configure all your dual-stack routers to use RIP.

For more information on configuring your network for IPv6, refer to the following document, listed in the "Related Documents" section: IPv6 for Cisco IOS Software, File 2 of 3: Configuring.

Implementation Process Steps

The IPv4 address of your border router is 192.168.99.1. Derive your 6to4 prefix from your IPv4 address by converting the decimal components of the IPv4 address to hexadecimal and then prefixing "2002" to the resulting hexadecimal numbers. So the 6to4 prefix for the IPv6 nodes in your network is 2002:C0A8:6301::/48.

The C0A8:6301 part of the preceding IPv6 address is formed from the IPv4 address by converting each octet of the dotted decimal notation to its hexadecimal equivalent, as shown in Table 1.

Table 1 Dotted Decimal to Hexadecimal Conversion

Decimal

Hexadecimal

192

C0

168

A8

99

63

1

01

Your 6bone ISP has provided you with the IPv4 address its 6bone border router: 192.168.33.1.

Using the preceding address information, configure a 6to4 tunnel on your identified dual-stack border router by entering the following commands:

Enterprise Router
ipv6 unicast-routing
interface Ethernet0
 description connection to 6bone ISP
 ip address 192.168.99.1 255.255.255.0
interface Tunnel2002
 description 6to4 tunnel to 6bone ISP
 no ip address
 no ip redirects
 ipv6 address 2002:C0A8:6301::1/128
 tunnel source ethernet0
 tunnel mode ipv6ip 6to4
ipv6 route 2002::/16 Tunnel2002
ipv6 route ::/0 2002:C0A8:2101::1
The 2002:C0A8:2101::1 in the second ipv6 route command is the IPv6 address of the ISP 6to4 relay router that provides access to the 6bone. The C0A8:2101 part of the address is derived from the IPv4 address (192.168.33.1) of the 6to4 relay router in a manner similar to Table 1.

At the other end of the tunnel, the border router at your 6bone ISP would have a configuration like the following:

ISP 6to4 Relay Router
ipv6 unicast-routing
interface ethernet0/0
 description connection to enterprise
 ip address 192.168.33.1 255.255.255.0
interface Tunnel2002
 description 6to4 relay service
 no ip address
 no ip redirects
 ipv6 address 2002:C0A8:2101::1/128
 tunnel source ethernet0/0
 tunnel mode ipv6ip 6to4
ipv6 route 2002::/16 tunnel2002
Device Characteristics

Table 2 describes the devices used in this solution.

Table 2 Hardware and Software Used

Enterprise Border Router

6bone ISP Router

Host name

6bone-gw

ipv6-router

Chassis type

Cisco 3660 router

Cisco 7206 router

Physical interfaces

2 Ethernet
2 Fast Ethernet
4 serial

4 Ethernet
2 Fast Ethernet
4 serial

Software loaded

Cisco IOS Release 12.2(4)T

Cisco IOS Release 12.2(4)T

Memory

64 MB RAM; 16 MB Flash

128 MB RAM; 20 MB Flash

IP addresses

Ethernet0:
IPv4  192.168.99.1

Tunnel2002:
IPv6  2002:C0A8:6301::1/128

Ethernet0/0:
IPv4  192.168.33.1

Tunnel2002:
IPv6  2002:C0A8:2101::1/128

Annotated Configuration Files

This section contains the annotated show running-configuration command output files for the enterprise and 6bone ISP border routers shown in Figure 5.

Enterprise Router
! Identify the version of Cisco IOS software running on the router
!
version 12.2
!
! Include timestamps on log and debug entries that are useful for
! troubleshooting and optimizing the network.
!
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
!
! Specify that passwords will be encrypted in configuration output.
!
service password-encryption
!
! Configure the router name
!
hostname 6bone-gw
!
! Configure boot options
!
boot system flash slot0:
boot system flash bootflash:
!
! Configure logging
!logging buffered 10000 debugging
!
! Configure secret password
!
enable secret 5 [removed]
!
! Configure clock timezone and summertime rule
!
clock timezone PST -8
clock summer-time PDT recurring
!
!
ip subnet-zero
no ip source-route
no ip rcmd domain-lookup
!
! Configure router domain name
!
ip domain-name EnterpriseDomain.com
!
! Configure DNS name servers
!
ip name-server 192.168.1.10
ip name-server 192.168.2.21
ip name-server 2002:C0A8:6301:1::21
!
! Enable IPv6 routing
!
ipv6 unicast-routing
!
! Configure Tunnel interface
!
interface Tunnel2002
 description 6to4 tunnel to 6bone ISP
 no ip address
 no ip redirects
 ipv6 address 2002:C0A8:6301::1/128
 tunnel source ethernet0
 tunnel mode ipv6ip 6to4
!
! Configure physical interface
!
interface Ethernet0
 description connection to 6bone ISP
 ip address 192.168.99.1 255.255.255.0
!
interface Ethernet1
 description connection to Lab interface router
 ip address 192.168.99.40 255.255.255.0
 ipv6 address 3FFE:FFFF:8023:100::1/64
 ipv6 rip v6rip enable
!
interface FastEthernet2/0
 description connection to core router
 ip address 192.168.99.41 255.255.255.0
 ipv6 address 3FFE:FFFF:8023:200::1/64
 ipv6 rip v6rip enable
!
interface FastEthernet3/0
 description connection to IPv4-only core router
 ip address 192.168.99.42 255.255.255.0
!
! Other interfaces are all unused
!
interface Serial4/0
 no ip address
 shutdown
!
interface Serial4/1
 no ip address
 shutdown
!
interface Serial4/2
 no ip address
 shutdown
!
interface Serial4/3
 no ip address
 shutdown
!
! Configure basic IP routing
!
ip default-gateway 192.168.33.1
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.33.1
!
! Configure IPv6 static route
!
ipv6 route 2002::/16 tunnel2002
ipv6 route ::/0 2002:C0A8:2101::1
ipv6 router rip v6rip
!
end
6bone ISP Router
! Identify the version of Cisco IOS software running on the router
!
version 12.2
!
! Include timestamps on log and debug entries that are useful for
! troubleshooting and optimizing the network.
!
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
!
! Specify that passwords will be encrypted in configuration output.
!
service password-encryption
!
! Configure the router name
!
hostname ipv6-router
!
! Configure boot options
!
boot system flash slot0:
boot system flash bootflash:
!
! Configure logging
!
logging buffered 10000 debugging
!
! Configure secret password
!
enable secret 5 [removed]
!
! Configure clock timezone and summertime rule
!
clock timezone PST -8
clock summer-time PDT recurring
!
!
ip subnet-zero
no ip source-route
no ip rcmd domain-lookup
!
! Configure router's domain name
!
ip domain-name 6boneISP.com
!
! Configure DNS name servers
!
ip name-server 192.168.33.4
ip name-server 192.168.33.5
ip name-server 3FFE:FFFF:8001::4
!
! Enable IPv6 routing
!
ipv6 unicast-routing
!
! Configure Tunnel interface
!
interface Tunnel2002
 description 6to4 relay service
 no ip address
 no ip redirects
 ipv6 address 2002:C0A8:2101::1/128
 tunnel source ethernet0/0
 tunnel mode ipv6ip 6to4
!
! Configure physical interface
!
interface Ethernet0/0
 description connection to enterprise
 ip address 192.168.33.1 255.255.255.0
!
interface Ethernet0/1
 no ip address
 shutdown
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
interface FastEthernet1/0
 description connection to ISP-core-A
 ip address 192.168.34.10 255.255.255.0
 ipv6 address 3FFE:FFFF:8023:2::6/64
 duplex auto
 speed auto
!
interface FastEthernet2/0
 description connection to ISP-core-B
 ip address 192.168.35.22 255.255.255.0
 ipv6 address 3FFE:FFFF:8023:2::8/64
 duplex auto
 speed auto
!
! Other interfaces are all unused
!
interface Serial4/0
 no ip address
 shutdown
!
interface Serial4/1
 no ip address
 shutdown
!
interface Serial4/2
 no ip address
 shutdown
!
interface Serial4/3
 no ip address
 shutdown
!
! Configure basic IP routing
!
ip default-gateway 192.168.30.1
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.30.1
!
! Configure IPv6 static route
!
ipv6 route 2002::/16 tunnel2002
!
end
Related Documents

Refer to the following documents for additional information about IPv6 for Cisco IOS software, the 6bone, and IPv6 in general:

•IPv6 Deployment Strategies

•IPv6: Connecting to the 6bone Using Manually Configured Tunnels

•IPv6: Providing IPv6 Services over an IPv4 Backbone Using Tunnels

•Interconnecting IPv6 Domains Using Tunnels

•Start Here: Cisco IOS Software Release Specifics for IPv6 Features

•Implementing IPv6 for Cisco IOS Software

•IPv6 for Cisco IOS Software Command Reference

•RFC 2185, Routing Aspects of IPv6 Transition (informational)

•RFC 2373, IP Version 6 Addressing Architecture

•RFC 2374, An IPv6 Aggregatable Global Unicast Address Format

•RFC 2460, Internet Protocol, Version 6 (IPv6) Specification

•RFC 2464, Transmission of IPv6 Packets over Ethernet Networks

•RFC 2471, IPv6 Testing Address Allocation

•RFC 2893, Transition Mechanisms for IPv6 Hosts and Routers

•RFC 3056, Connection of IPv6 Domains via IPv4 Clouds