- Preface
- Product Overview
- Configuring the Router for the First Time
- Configuring a Supervisor Engine 720
- Configuring a Route Switch Processor 720
- Configuring NSF with SSO Supervisor Engine Redundancy
- ISSU and eFSU on Cisco 7600 Series Routers
- Configuring RPR and RPR+ Supervisor Engine Redundancy
- Configuring Interfaces
- Configuring a Supervisor Engine 32
- Configuring LAN Ports for Layer 2 Switching
- Configuring Flex Links
- Configuring EtherChannels
- Configuring VTP
- Configuring VLANs
- Configuring Private VLANs
- Configuring Cisco IP Phone Support
- Configuring IEEE 802.1Q Tunneling
- Configuring Layer 2 Protocol Tunneling
- Configuring L2TPv3
- Configuring STP and MST
- Configuring Optional STP Features
- Configuring Layer 3 Interfaces
- Configuring GTP-SLB IPV6 Support
- IP Subscriber Awareness over Ethernet
- Configuring UDE and UDLR
- Configuring Multiprotocol Label Switching on the PFC
- Configuring IPv4 Multicast VPN Support
- Configuring Multicast VPN Extranet Support
- Configuring IP Unicast Layer 3 Switching
- Configuring IPv6 Multicast PFC3 and DFC3 Layer 3 Switching
- Configuring IPv4 Multicast Layer 3 Switching
- Configuring MLDv2 Snooping for IPv6 Multicast Traffic
- Configuring IGMP Snooping for IPv4 Multicast Traffic
- Configuring PIM Snooping
- Configuring Network Security
- Understanding Cisco IOS ACL Support
- Configuring VRF aware 6RD Tunnels
- Configuring VLAN ACLs
- Private Hosts (Using PACLs)
- Configuring IPv6 PACL
- IPv6 First-Hop Security Features
- Configuring Online Diagnostics
- Configuring Denial of Service Protection
- Configuring DHCP Snooping
- Configuring Dynamic ARP Inspection
- Configuring Traffic Storm Control
- Unknown Unicast Flood Blocking
- Configuring PFC QoS
- Configuring PFC QoS Statistics Data Export
- Configuring MPLS QoS on the PFC
- Configuring LSM MLDP based MVPN Support
- Configuring IEEE 802.1X Port-Based Authentication
- Configuring IEEE 802.1ad
- Configuring Port Security
- Configuring UDLD
- Configuring NetFlow and NDE
- Configuring Local SPAN, RSPAN, and ERSPAN
- Configuring SNMP IfIndex Persistence
- Power Management and Environmental Monitoring
- Configuring Web Cache Services Using WCCP
- Using the Top N Utility
- Using the Layer 2 Traceroute Utility
- Configuring Bidirectional Forwarding and Detection over Switched Virtual Interface
- Configuring Call Home
- Configuring IPv6 Policy Based Routing
- Using the Mini Protocol Analyzer
- Configuring Resilient Ethernet Protocol
- Configuring Synchronous Ethernet
- Configuring Link State Tracking
- Configuring BGP PIC Edge and Core for IP and MPLS
- Configuring VRF aware IPv6 tunnels over IPv4 transport
- ISIS IPv4 Loop Free Alternate Fast Reroute (LFA FRR)
- Multicast Service Reflection
- Y.1731 Performance Monitoring
- Online Diagnostic Tests
- Acronyms
- Cisco IOS Release 15S Software Images
- Index
Configuring VRF aware IPv6 Tunnels over IPv4 Transport
This chapter describes how to configure the VRF aware IPv6 Tunnels over IPv4 Transport.
Understanding VRF aware IPv6 Tunnels
The current IPv6 tunneling feature on c7600 does not support Virtual Routing and Forwarding (VRF) awareness. The forwarding table lookups for IPv6 overlay addresses and IPv4 transport addresses are performed in the global routing tables. This feature extends the tunneling support for IPv6 overlay addresses in VRF.
These scenarios explain the VRF aware IPv6 tunnel function:
- IPv6 overlay address in VRF and IPv4 transport address in Global routing table (RT).
- IPv6 overlay address in VRF and IPv4 transport address in VRF.
Figure 71-1 illustrates the topology for the IPv6 overlay address in VRF, and the IPv4 transport address in VRF.
Figure 71-1 Topology for VRF aware IPv6 Tunnel
The VRF Aware IPv6 over IPv4 Tunnel can have any line card towards the core facing side.
Restrictions for VRF aware IPv6 tunnels
Following restrictions apply to the VRF aware IPv6 tunnels feature:
- This feature supports the IPv6IP and 6to4 tunnels mode.
- Due to EARL limitation, the same source tunnels across VRFs are not supported.
- The tunnel source and the tunnel destination should be in the same VRF instance.
- The tunnel IPv4 transport addresses and the physical interface where the tunnel traffic exits, should be in the same VRF instance.
- The incoming IPv6 interface and the tunnel should be in the same VRF instance.
- This feature does not support IPv6IP auto-tunnels and ISATAP.
Tunnel SSO
An IP tunnel is an IP network communications channel between two networks. It is used to transport another network protocol by packet encapsulation.
The IP Tunnel-SSO feature provides the following benefits:
- Cisco Nonstop Forwarding (NSF) works with the Stateful Switchover (SSO): In a distributed system with an active RP and a standby RP, check the necessary state on the standby RP to see if the loss of the packets sent or received on a tunnel interface is eliminated during a switchover.
Note Hardware limitations may result in packet loss.
- In-Service Software Upgrade (ISSU): Allows the upgrade or downgrade from a version to another for IOS that supports tunnel HA with minimal packet loss.
- Uplink forwarding: Enables the ports on the standby RP of an HA system to switch traffic between tunnel endpoints.
- Solve the problems caused by the race conditions in distributed systems: In the current IP tunnel feature, many packets for tunnel forwarding are sent from the RP to line cards using the XDR DRAM. These packets should arrive on the line cards in a particular order, which is not guaranteed every time due to line card inconsistencies. The IP Tunnel-SSO feature helps prevent these race conditions.
Note To minimize packet loss during switchover, all the relative components in the network need to be HA capable.
Supported Tunnel Types
Restrictions
Configuring VRF aware IPv6 tunnel
For information on VRF aware IPv6 tunnel configurations, see:
http://www.cisco.com/en/US/docs/routers/7600/install_config/ES40_config_guide/es40_chap13.html#wp1524288
Understanding IPv6 over IPv4-GRE Tunnels
IPv6 traffic is carried over IPv4 generic routing encapsulation (GRE) tunnels using the standard GRE tunneling technique. As in the manually configured IPv6 tunnels, GRE tunnels are links between two points, with a separate tunnel for each link. The GRE tunnels provide stable connections that require regular secure communication between two edge routers or between an edge router and an end system. This feature supports VRF Aware IPv6 over IPv4-GRE Tunnel on the c7600, and is applicable only to the ES+ family of line cards.
Figure 71-2 Topology for VRF Aware IPv6 over IPv4-GRE
The VRF Aware IPv6 over IPv4 GRE tunnel must have ES+ line card towards the core facing side.
Restrictions for IPv6 over IPv4-GRE tunnel
Following restrictions apply to the IPv6 over IPv4-GRE tunnel:
- The IPv4 tunnel facing interface must be on the ES+ line card.
- The GRE tunnel key is not supported in the hardware.
- The IPv4 fragmentation after tunnel encapsulations is not supported in the hardware.
- The fragmented IPv4 packets for tunnel decapsulations is not supported in the hardware.
- The IPv4 GRE keepalives are supported, but the IPv6 GRE keepalives are not supported.
- The keepalives are not supported when the VRF instances configured using the vrf forwarding and tunnel vrf commands are different.
- Due to EARL limitation, same source tunnels across VRF’s are not supported.
- This feature is not SSO compliant.
- With scaled configurations, when changing the tunnel mode from IPv6 over GRE to IPv6IP and on enabling the mls mpls tunnel-recirc command, the system displays an error message with a trace back.
Configuring IPv6 over IPv4-GRE tunnel
For information on IPv6 over IPv4-GRE tunnel configurations, see:
http://www.cisco.com/en/US/docs/routers/7600/install_config/ES40_config_guide/es40_chap13.html#wp1525107