IP Version 6 (IPv6)

Table Of Contents

IPv6: Connecting to the 6bone Using
Manually Configured Tunnels

Business Objectives

Initial Network Topology

Possible Solutions

Proposed Solution: No. 1, Manually Configured Tunnels

Overview

Strategy

Network Topology

How This Solution Works

Benefits

Ramifications

Implementation

Prerequisites and Design Considerations

Implementation Process Steps

Device Characteristics

Annotated Configuration Files

Related Documents

IPv6: Connecting to the 6bone Using
Manually Configured Tunnels

---

Version History

Version Number	Date	Notes
1	27 Feb 2002	This document was created.
2	19 May 2003	Updated related documents section.

This document describes how an enterprise campus customer (such as an educational institution, a small software firm, or a small manufacturing company) can connect to the 6bone by using manually configured tunnels. The 6bone is an IP version 6 (IPv6) test network that was set up to assist in the evolution and deployment of IPv6 in the Internet.

This document is one of a set of documents that support and complement the IPv6 Deployment Strategies publication, which is available at the following URL:

http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/ipv6_sol/ipv6dswp.pdf

You should read this document in conjunction with IPv6 Deployment Strategies to better understand IPv6 predeployment activities.

This document has the following sections:

•Business Objectives

•Possible Solutions

•Proposed Solution: No. 1, Manually Configured Tunnels

•Implementation

•Related Documents

Business Objectives

A small software company (considered to be a typical enterprise campus environment) with an IPv4 network is discussing a merger with another company that runs IPv6 on its network. To assess the connectivity impact that the merger would have on the merged companies, the customer wants to expand its knowledge of IPv6 by connecting to the 6bone. The business objectives of the enterprise campus customer discussed in this document are as follows:

•For a minimal investment, gain IPv6 experience on an established IPv6 backbone using its existing IPv4 topology.

•Test transitional and operational procedures in a real-world IPv6 environment before deploying IPv6 within its campus.

Transitional procedures are those procedures that are necessary to migrate from IPv4 to IPv6. These procedures include setting up dual-stack routers and end systems, tunneling mechanisms, Domain Name System (DNS) servers, and, in the future, the testing of Network Address Translation-Protocol Translation (NAT-PT).

Operational procedures are related to network management, element management of dual-stack hosts and end systems, and other similar functions.

•Test IPv6 applications and implementations on local workstations.

•Maintain an appropriate level of security when communicating using IPv6.

---

Note Although the 6bone comprises many types of organizations (such as academic and government organizations, hardware and software vendors, and service providers), in this document we will use the term 6bone ISP when referring to the organization that is at the 6bone end of the tunnel.

---

Initial Network Topology

Figure 1 shows the initial IPv4 network topology for the enterprise campus customer. This network uses several routers to provide IP connectivity among local users. A permanent IPv4 connection to an Internet service provider (ISP) provides external connectivity.

Figure 1 Initial Enterprise IPv4 Network Topology

Possible Solutions

Two possible ways for this enterprise campus customer to connect to the 6bone using its existing IPv4 topology and tunnels are manually configured tunnels and 6to4 tunnels. Tunneling is the technique of encapsulating IPv6 packets within IPv4 packets so that they can be carried across IPv4 routing infrastructures. Both solutions require that the host or router at each end of the tunnel be running dual-stack, meaning that they concurrently support both the IPv4 and IPv6 protocol stacks. Both of these possible solutions are supported by Cisco IOS software.

Possible Solution No. 1: Manually Configured Tunnels

Manually configured IPv6 tunneling is a technique where an IPv6 address is manually configured on a tunnel interface and IPv4 addresses are manually configured at the tunnel source and the tunnel destination. Manually configured tunnels can be configured between border routers or between a border router and a host. Because manually configured tunnels require configuration at both ends of the tunnel, they have a larger management overhead when multiple tunnels are implemented compared to use of 6to4 tunnels. Because they are configured one-to-one between well-known endpoints, manually configured tunnels make traffic information available for each endpoint, and provide extra security against injected traffic.

Possible Solution No. 2: 6to4 Tunnels

6to4 tunneling is a technique where the tunnel endpoint is determined by the globally unique IPv4 address embedded in a 6to4 address. A 6to4 IPv6 address is a combination of the unique routing prefix 2002::/16 and a globally unique 32-bit IPv4 address. (IPv4-compatible IPv6 addresses are a different format from 6to4 IPv6 addresses. IPv4-compatible IPv6 addresses are not used in 6to4 tunneling.) 6to4 tunnels are configured between border routers, or between a border router and a host. 6to4 tunnels require that a 6bone 6to4 relay site be identified to provide the 6to4 relay service to the enterprise. The 6to4 relay site will configure a dual-stack border router that will become the endpoint for the enterprise 6to4 tunnel. After the 6to4 relay site sets up for 6to4 tunneling, its management burden is minimal. At the enterprise end, a simple router configuration enables access to the 6bone through the 6to4 tunnel.

Although it is possible to use 6to4 tunnels to interconnect IPv6 sites within your enterprise, that usage is beyond the scope of this document.

Proposed Solution: No. 1, Manually Configured Tunnels

The proposed solution is to connect to the 6bone using manually configured tunnels because they provide stable, secure communication between the routers, with unique traffic statistics for the connection.

Overview

Manually configured tunnels provide a mechanism for IPv6 end sites to access the 6bone by tunneling over the IPv4 Internet. To prevent interference with the corporate production network, the solution should be initially deployed in an isolated network, such as a laboratory.

Strategy

Start with an IPv4 network that has an external IPv4 connection to an ISP. IPv4 is required because the tunnel to the 6bone that will be set up will use IPv4 to transport the IPv6 traffic.

Select Initial IPv6 Test Environment

Decide which of the two following environments you want to use to implement the initial 6bone connection:

•A completely separate test network, such as a lab

•A test network that is connected to the rest of the network, but is isolated by a firewall that does not pass IPv6 traffic

This document uses the second, firewall-isolated environment, but the configuration also applies to the first environment.

Provision the IPv6 Test Network

Install the devices that you will use in your IPv6 test network. Figure 2 shows a fully meshed IPv6 test network that is isolated from the corporate IPv4 network by a firewall that is configured to block IPv6 traffic. All of the routers in the test network are configured to run dual-stack.

Figure 2 Initial Network Topology with the IPv6 Test Network Added

Identify the Router to Connect to the 6bone

In the IPv6 test network, identify a border router that you will use to connect to the 6bone ISP. This border router must be a dual-stack router, which will be configured with the tunnel to pass the IPv6 traffic over the IPv4 internet.

Get IPv6 Address Information from Your 6bone ISP

Ask your 6bone ISP to configure its end of the tunnel, and then provide you with the following addresses:

•An IPv6 address (typically a /64) for your border router.

•The IPv4 address of the 6bone ISP router that you will use for 6bone access.

•A prefix delegation for the IPv6 nodes in your network. Because you are configuring a manual tunnel to the 6bone, this prefix delegation will use the 6bone prefix of 3FFE::/16 and will typically be a /48 address block.

---

Note The ISP that you use for 6bone connectivity might not be the ISP that you use for IPv4 connectivity. Your 6bone ISP will typically be the nearest partner from which you can get a /48 address delegation, so you are not restricted to your local ISP for 6bone connectivity.

---

Configure Your 6bone Border Router

Using the addresses from your 6bone ISP, configure the designated border router to run dual-stack, with a manually configured tunnel to connect to the 6bone. You can run the multiprotocol BGP4+ routing protocol or configure a static route. Your choice will depend on your arrangement with your ISP.

You now have 6bone connectivity to your test network, as shown in Figure 3.

Figure 3 Connectivity Established from the Test Network to the 6bone ISP

Connect the Corporate Network to the 6bone

When you are ready to deploy IPv6 to your enterprise network, the connection to the 6bone ISP will be made through your IPv4 ISP. You will configure the border router that is linked to your IPv4 ISP to run dual-stack and with a manually configured tunnel to the 6bone ISP. The IPv4 address of the border router that is linked to your IPv4 ISP will change according to what address your IPv4 ISP provides. Identify other routers and hosts in your network that you want to have IPv6 connectivity. You will need to configure each of these devices to run dual-stack.

You can remove the firewall between the corporate network and the lab to allow IPv6 traffic to flow throughout the network, and you can retain a portion of your network as IPv4-only until you are ready to deploy IPv6 in that network. Figure 4 shows the enterprise network with IPv6 connectivity to the 6bone through a manually configured tunnel via your IPv4 ISP.

Figure 4 Enterprise Network with IPv6 Connectivity to the 6bone

Network Topology

Figure 5 shows the topology of a typical manually configured tunnel to the 6bone.

Figure 5 Manually Configured Tunnel to the 6bone

How This Solution Works

A manually configured tunnel is configured on an enterprise dual-stack border router. All the enterprise IPv6 traffic destined for the 6bone is routed over IPv4 through the tunnel to the 6bone ISP. Traffic from the 6bone to an enterprise host is routed over IPv4 through the tunnel to the enterprise dual-stack border router, and then to the IPv6 destination host.

Benefits

The benefits to the enterprise of using manually configured tunnels are as follows:

•Manually configured tunnels are supported by Cisco IOS software.

•It provides a secure, private connection between the enterprise and the ISP.

•Unique statistics are available for all tunnel traffic.

•You can configure multiple manual tunnels to different ISPs for multihoming.

•A manually configured tunnel typically provides a /48 address block, but additional address allocation could be negotiated with your ISP.

Ramifications

The ramifications to the enterprise of using manually configured tunnels are as follows:

•The tunnel is between two points only. Additional connections require additional tunnels.

•There is a large management overhead for multiple tunnels at both the enterprise and the 6bone ISP.

•Independently managed NAT is not allowed along the path of the tunnel.

•To implement failover capability would require duplicate configuration at both the enterprise and the ISP.

Implementation

This section describes how an enterprise customer can implement a manually configured tunnel to connect to the 6bone. It contains the following sections:

•Prerequisites and Design Considerations

•Implementation Process Steps

•Device Characteristics

•Annotated Configuration Files

Prerequisites and Design Considerations

Before you implement a manually configured tunnel to the 6bone, you must perform the following tasks:

•Identify the border router at your site that you will configure to run dual-stack. This border router must have a static, globally routable IPv4 address.

•From the 6bone ISP, obtain the following information:

–An IPv6 address (typically a /64) for your dual-stack border router

–The IPv4 address of the 6bone ISP router that you will use for 6bone access

–A prefix delegation for the IPv6 nodes in your network, typically a /48 prefix

---

Note When you configure tunnels for your enterprise border routers, you must use globally routable IPv4 addresses. The IPv4 addresses used in the example configurations in this document are not globally routable and are provided for illustrative purposes only.

---

•Ensure that your DNS is running (or has the equivalent capabilities of) Berkeley Internet Name Domain (BIND) version 9, which provides an implementation of the major components of the DNS for IPv6. DNS configuration is beyond the scope of this document.

•Recognize that the current dual-stack implementation in Cisco IOS software permits an interim network management solution, allowing applications such as TFTP, ping, Telnet, and traceroute to be run over either an IPv4 or an IPv6 transport.

•Select a routing protocol appropriate to your network configuration. For exterior routing when using manually configured tunnels, IPv6 for Cisco IOS software supports multiprotocol extensions for BGP-4+ and static routes. For simplicity, the solution presented in this document uses a static route.

•Configure all your dual-stack routers to use Routing Information Protocol (RIP).

For more information on configuring your network for IPv6, refer to the following document, listed in the "Related Documents" section: IPv6 for Cisco IOS Software, File 2 of 3: Configuring.

Implementation Process Steps

Your 6bone ISP has provided you with the following address information:

•The IPv6 address for your dual-stack border router is 3FFE:FFFF:8000:F::2/64.

•The IPv4 address of the ISP 6bone border router is 192.168.33.1. (The IPv4 address of your border router is 192.168.99.1,)

•The prefix delegation for the IPv6 nodes in your network is 3FFE:FFFF:8023::/48.

Using the preceding address information, manually configure a tunnel on your identified dual-stack border router by entering the following commands:

Enterprise router

ipv6 unicast-routing

interface Ethernet0

 description connection to 6bone ISP

 ip address 192.168.99.1 255.255.255.0

interface Tunnel2

 description configured tunnel to 6bone ISP

 no ip address

 ipv6 address 3FFE:FFFF:8000:F::2/64

 tunnel source Ethernet0

 tunnel destination 192.168.33.1

 tunnel mode ipv6ip

ipv6 route ::/0 tunnel2

6bone ISP router

At the other end of the tunnel, the border router at your 6bone ISP would have a configuration like the following:

ipv6 unicast-routing

interface Ethernet0/0

 description connection to enterprise

 ip address 192.168.33.1 255.255.255.0

interface Tunnel1

 description configured tunnel to enterprise

 no ip address

 ipv6 address 3FFE:FFFF:8000:F::1/64

 tunnel source Ethernet0/0

 tunnel destination 192.168.99.1

 tunnel mode ipv6ip

ipv6 route 3FFE:FFFF:8023::/48 tunnel1

Device Characteristics

Table 1 describes the devices used in this solution.

Table 1 Hardware and Software Used  

	Enterprise Border Router	6bone ISP Router
Host name	6bone-gw	ipv6-router
Chassis type	Cisco 3660 router	Cisco 7206 router
Physical interfaces	2 Ethernet 2 Fast Ethernet 4 serial	4 Ethernet 2 Fast Ethernet 4 serial
Software loaded	Cisco IOS Release 12.2(4)T	Cisco IOS Release 12.2(4)T
Memory	64 MB RAM; 16 MB Flash	128 MB RAM; 20 MB Flash
IP addresses	Ethernet0: IPv4  192.168.99.1 Tunnel2: IPv6  3FFE:FFFF:8000:F::2/64	Ethernet0/0: IPv4  192.168.33.1 Tunnel1: IPv6  3FFE:FFFF:8000:F::1/64

Annotated Configuration Files

This section contains the annotated show running-configuration command output files for the enterprise and 6bone ISP border routers shown in Figure 5.

Enterprise Router

! Identify the version of Cisco IOS software running on the router

!

version 12.2

!

! Include timestamps on log and debug entries that are useful for

! troubleshooting and optimizing the network.

!

service timestamps debug datetime localtime show-timezone

service timestamps log datetime localtime show-timezone

!

! Specify that passwords will be encrypted in configuration output.

!

service password-encryption

!

! Configure the router name

!

hostname 6bone-gw

!

! Configure boot options

!

boot system flash slot0:

boot system flash bootflash:

!

! Configure logging

!logging buffered 10000 debugging

!

! Configure secret password

!

enable secret 5 [removed]

!

! Configure clock timezone and summertime rule

!

clock timezone PST -8

clock summer-time PDT recurring

!

!

ip subnet-zero

no ip source-route

no ip rcmd domain-lookup

!

! Configure router domain name

!

ip domain-name EnterpriseDomain.com

!

! Configure DNS name servers

!

ip name-server 192.168.1.10

ip name-server 192.168.2.21

ip name-server 3FFE:FFFF:8023:1::21

!

! Enable IPv6 routing

!

ipv6 unicast-routing

!

! Configure Tunnel interface

!

interface Tunnel2

 description configured tunnel to 6bone ISP

 no ip address

 ipv6 address 3FFE:FFFF:8000:F::2/64

 tunnel source ethernet0

 tunnel destination 192.168.33.1

 tunnel mode ipv6ip

!

! Configure physical interface

!

interface Ethernet0

 description connection to 6bone ISP

 ip address 192.168.99.1 255.255.255.0

!

interface Ethernet1

 description connection to Lab interface router

 ip address 192.168.99.40 255.255.255.0

 ipv6 address 3FFE:FFFF:8023:100::1/64

 ipv6 rip v6rip enable

!

interface FastEthernet2/0

 description connection to core router

 ip address 192.168.99.41 255.255.255.0

 ipv6 address 3FFE:FFFF:8023:200::1/64

 ipv6 rip v6rip enable

!

interface FastEthernet3/0

 description connection to IPv4-only core router

 ip address 192.168.99.42 255.255.255.0

!

! Other interfaces are all unused

!

interface Serial4/0

 no ip address

 shutdown

!

interface Serial4/1

 no ip address

 shutdown

!

interface Serial4/2

 no ip address

 shutdown

!

interface Serial4/3

 no ip address

 shutdown

!

! Configure basic IP routing

!

ip default-gateway 192.168.33.1

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.33.1

!

! Configure IPv6 static route

!

ipv6 route ::/0 tunnel2

ipv6 router rip v6rip

!

end

6bone ISP Router

! Identify the version of Cisco IOS software running on the router

!

version 12.2

!

! Include timestamps on log and debug entries that are useful for

! troubleshooting and optimizing the network.

!

service timestamps debug datetime localtime show-timezone

service timestamps log datetime localtime show-timezone

!

! Specify that passwords will be encrypted in configuration output.

!

service password-encryption

!

! Configure the router name

!

hostname ipv6-router

!

! Configure boot options

!

boot system flash slot0:

boot system flash bootflash:

!

! Configure logging

!

logging buffered 10000 debugging

!

! Configure secret password

!

enable secret 5 [removed]

!

! Configure clock timezone and summertime rule

!

clock timezone PST -8

clock summer-time PDT recurring

!

!

ip subnet-zero

no ip source-route

no ip rcmd domain-lookup

!

! Configure router's domain name

!

ip domain-name 6boneISP.com

!

! Configure DNS name servers

!

ip name-server 192.168.33.4

ip name-server 192.168.33.5

ip name-server 3FFE:FFFF:8001::4

!

! Enable IPv6 routing

!

ipv6 unicast-routing

!

! Configure Tunnel interface

!

interface Tunnel1

 description configured tunnel to enterprise

 no ip address

 ipv6 address 3FFE:FFFF:8000:F::1/64

 tunnel source ethernet0/0

 tunnel destination 192.168.99.1

 tunnel mode ipv6ip

!

! Configure physical interface

!

interface Ethernet0/0

 description connection to enterprise

 ip address 192.168.33.1 255.255.255.0

!

! Other interfaces are all unused

!

interface Ethernet0/1

 no ip address

 shutdown

!

interface Ethernet0/2

 no ip address

 shutdown

!

interface Ethernet0/3

 no ip address

 shutdown

!

interface FastEthernet1/0

 description connection to ISP-core-A

 ip address 192.168.34.10 255.255.255.0

 ipv6 address 3FFE:FFFF:8001:10::1/64

 duplex auto

 speed auto

!

interface FastEthernet2/0

 description connection to ISP-core-B

 ip address 192.168.35.22 255.255.255.0

 ipv6 address 3FFE:FFFF:8001:20::1/64

 duplex auto

 speed auto

!

! Other interfaces are all unused

!

interface Serial4/0

 no ip address

 shutdown

!

interface Serial4/1

 no ip address

 shutdown

!

interface Serial4/2

 no ip address

 shutdown

!

interface Serial4/3

 no ip address

 shutdown

!

! Configure basic IP routing

!

ip default-gateway 192.168.30.1

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.30.1

!

! Configure IPv6 static route

!

ipv6 route 3FFE:FFFF:8023::/48 tunnel1

!

end

Related Documents

Refer to the following documents for additional information about IPv6 for Cisco IOS software, the 6bone, and IPv6 in general:

•IPv6 Deployment Strategies

•IPv6: Connecting to the 6bone Using 6to4 Tunnels

•IPv6: Providing IPv6 Services over an IPv4 Backbone Using Tunnels

•Interconnecting IPv6 Domains Using Tunnels

•Start Here: Cisco IOS Software Release Specifics for IPv6 Features

•Implementing IPv6 for Cisco IOS Software

•IPv6 for Cisco IOS Software Command Reference

•RFC 2185, Routing Aspects of IPv6 Transition (informational)

•RFC 2373, IP Version 6 Addressing Architecture

•RFC 2374, An IPv6 Aggregatable Global Unicast Address Format

•RFC 2460, Internet Protocol, Version 6 (IPv6) Specification

•RFC 2464, Transmission of IPv6 Packets over Ethernet Networks

•RFC 2471, IPv6 Testing Address Allocation

•RFC 2893, Transition Mechanisms for IPv6 Hosts and Routers

•RFC 3056, Connection of IPv6 Domains via IPv4 Clouds