Tunneling is an encapsulation technology: one network protocol encapsulates packets of another network protocol and transfers them over a virtual point-to-point connection. The virtual connection is called a tunnel. Packets are encapsulated and de-encapsulated at both ends of a tunnel. Tunneling refers to the whole process from data encapsulation to data transfer to data de-encapsulation.

Tunneling provides the following features:

· Transition techniques, such as IPv6 over IPv4 tunneling, to interconnect IPv4 and IPv6 networks.

· Virtual Private Networks (VPNs) for guaranteeing communication security, such as Generic Routing Encapsulation (GRE).

· Traffic engineering, such as Multiprotocol Label Switching traffic engineering (MPLS TE), to prevent network congestion.

The preceding tunneling technologies require that you create virtual Layer 3 interfaces (tunnel interfaces) at both ends of a tunnel, so that switches at both ends can send, identify, and process packets transferred through the tunnel.

NOTE:

· The term tunnel used throughout this document refers to an IPv4/IPv6 tunnel.

· For more information about GRE and MPLS TE, see the chapter “GRE configuration” and MPLS Configuration Guide.

IPv6 over IPv4 tunnel

Implementation

IPv6 over IPv4 tunneling adds an IPv4 header to IPv6 data packets so that IPv6 packets can pass an IPv4 network through a tunnel to realize interworking between isolated IPv6 networks, as shown in Figure 1. The IPv6 over IPv4 tunnel can be established between two hosts, a host and a device, or two devices. The tunnel destination node can forward IPv6 packets if it is not the destination of the IPv6 packets.

NOTE:

The devices at both ends of an IPv6 over IPv4 tunnel must support the IPv4/IPv6 dual stack.

Figure 1 IPv6 over IPv4 tunnel

The IPv6 over IPv4 tunnel processes packets in the following way:

1. A host in the IPv6 network sends an IPv6 packet to Device A at the tunnel source.

2. After determining from the routing table that the packet must be forwarded through the tunnel, Device A encapsulates the IPv6 packet with an IPv4 header and forwards it through the physical interface of the tunnel.

3. The encapsulated packet goes through the tunnel to reach Device B at the tunnel destination. Device B checks that it is the destination address of the encapsulated packet and de-encapsulates the packet.

4. Device B forwards the packet according to the destination address in the de-encapsulated IPv6 packet. If the destination address is the device itself, Device B forwards the IPv6 packet to the upper-layer protocol for processing.

Tunnel types

IPv6 over IPv4 tunnels are divided into manually configured tunnels and automatic tunnels, depending on how the IPv4 address of the tunnel destination is acquired.

· Manually configured tunnel—The destination address of the tunnel cannot be automatically acquired through the destination IPv6 address of an IPv6 packet at the tunnel source, and must be manually configured.

· Automatic tunnel—The destination address of the tunnel is an IPv6 address with an IPv4 address embedded, and the IPv4 address can be automatically acquired through the destination IPv6 address of an IPv6 packet at the tunnel source.

According to the way an IPv6 packet is encapsulated, IPv6 over IPv4 tunnels are divided into the following modes.

Table 1 IPv6 over IPv4 tunnel modes and key parameters

Tunnel type	Tunnel mode	Tunnel source/destination address	Tunnel interface address type
Manually configured tunnel	IPv6 manual tunneling	The source/destination IP address is a manually configured IPv4 address.	IPv6 address
Automatic tunnel	Automatic IPv4-compatible IPv6 tunneling	The source IP address is a manually configured IPv4 address. The destination IP address need not be configured.	IPv4-compatible IPv6 address, in the format of ::IPv4-source-address/96
	6to4 tunneling	The source IP address is a manually configured IPv4 address. The destination IP address need not be configured.	6to4 address, in the format of 2002:IPv4-source-address::/48
	Intra-site automatic tunnel addressing protocol (ISATAP) tunneling	The source IP address is a manually configured IPv4 address. The destination IP address need not be configured.	ISATAP address, in the format of Prefix:0:5EFE:IPv4-source-address/64

1. IPv6 manually configured tunnel

A manually configured tunnel is a point-to-point link. Each link is a separate tunnel. IPv6 manual tunnels are mainly used to provide stable connections for regular secure communication between border routers or between border routers and hosts for access to remote IPv6 networks.

2. GRE tunnel

IPv6 packets can be carried over GRE tunnels to pass through an IPv4 network. Like the IPv6 manually configured tunnel, a GRE tunnel is a point-to-point link. Each link is a separate tunnel. GRE tunnels are mainly used to provide stable connections for secure communication between border routers or between host and border router. For more information, see the chapter “GRE configuration.”

3. Automatic IPv4-compatible IPv6 tunnel

An automatic IPv4-compatible IPv6 tunnel is a point-to-multipoint link. IPv4-compatible IPv6 addresses are adopted at both ends of such a tunnel. The address format is 0:0:0:0:0:0:a.b.c.d/96, where a.b.c.d represents an embedded IPv4 address. The tunnel destination is automatically determined by the embedded IPv4 address, which makes it easy to create a tunnel for IPv6 over IPv4. However, an automatic IPv4-compatible IPv6 tunnel must use IPv4-compatible IPv6 addresses and it is still dependent on IPv4 addresses. Automatic IPv4-compatible IPv6 tunnels have limitations.

4. 6to4 tunnel

¡ Ordinary 6to4 tunnel

An automatic 6to4 tunnel is a point-to-multipoint tunnel and is used to connect multiple isolated IPv6 networks over an IPv4 network to remote IPv6 networks. The embedded IPv4 address in an IPv6 address is used to automatically acquire the destination IPv4 address of the tunnel.

The automatic 6to4 tunnel adopts 6to4 addresses. The address format is 2002:abcd:efgh:subnet number::interface ID/64, where 2002 represents the fixed IPv6 address prefix, and abcd:efgh represents the 32-bit globally unique source IPv4 address of the 6to4 tunnel, in hexadecimal notation. For example, 1.1.1.1 can be represented by 0101:0101. The part that follows 2002:abcd:efgh uniquely identifies a host in a 6to4 network. The tunnel destination is automatically determined by the embedded IPv4 address, which makes it easy to create a 6to4 tunnel.

Because the 16-bit subnet number of the 64-bit address prefix in 6to4 addresses can be customized and the first 48 bits in the address prefix are fixed to a permanent value and the IPv4 address of the tunnel source or destination, it is possible for the tunnel to forward IPv6 packets. A 6to4 tunnel interconnects IPv6 networks over an IPv4 network, and overcomes the limitations of an automatic IPv4-compatible IPv6 tunnel.

¡ 6to4 relay

A 6to4 tunnel is only used to connect 6to4 networks, whose IP prefix must be 2002::/16. However, IPv6 network addresses with the prefix such as 2001::/16 may also be used in IPv6 networks. To connect a 6to4 network to an IPv6 network, a 6to4 router must be used as a gateway to forward packets to the IPv6 network. Such a router is called 6to4 relay router.

As shown in Figure 2, a static route must be configured on the border router in the 6to4 network and the next-hop address must be the 6to4 address of the 6to4 relay router. All packets destined for the IPv6 network are forwarded to the 6to4 relay router, and then to the IPv6 network. This provides interworking between the 6to4 network (with the address prefix starting with 2002) and the IPv6 network.

Figure 2 Principle of 6to4 tunnel and 6to4 relay

5. ISATAP tunnel

An ISATAP tunnel is a point-to-point automatic tunnel. The destination of a tunnel can automatically be acquired from the embedded IPv4 address in the destination address of an IPv6 packet.

When an ISATAP tunnel is used, the destination address of an IPv6 packet and the IPv6 address of a tunnel interface both adopt special ISATAP addresses. The ISATAP address format is prefix(64bit):0:5EFE:ip-address. The 64-bit prefix is the prefix of a valid IPv6 unicast address, while ip-address is a 32-bit source IPv4 address in the form of abcd:efgh (for example, 1.1.1.1 is represented as 0101:0101 in hexadecimal), which need not be globally unique. Through the embedded IPv4 address, an ISATAP tunnel can automatically be created to transfer IPv6 packets.

The ISATAP tunnel is mainly used for connection between IPv6 routers or between an IPv6 host and an IPv6 router over an IPv4 network.

Figure 3 ISATAP tunnel

Protocols and standards

· RFC 1853, IP in IP Tunneling

· RFC 2473, Generic Packet Tunneling in IPv6 Specification

· RFC 2893, Transition Mechanisms for IPv6 Hosts and Routers

· RFC 3056, Connection of IPv6 Domains via IPv4 Clouds

· RFC 4214, Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)

Tunneling configuration task list

Tunnel interfaces are virtual Layer 3 interfaces created at the ends of tunnels.

Complete the following tasks to configure the tunneling feature:

Task		Remarks
Configuring a tunnel interface.		Required
Configuring IPv6 over IPv4 tunnel.	Configuring an IPv6 manual tunnel	Optional
	Configuring an automatic IPv4-compatible IPv6 tunnel	Optional
	Configuring a 6to4 tunnel	Optional
	Configuring an ISATAP tunnel	Optional

Configuring a tunnel interface

To configure a tunnel interface:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Create a tunnel interface and enter its view.	interface tunnel number	By default, no tunnel interface is created.
3. Configure the description for the interface.	description text	Optional. By default, the description of a tunnel interface is Tunnelnumber Interface.
4. Set the MTU.	· Set the MTU for IPv4 packets sent over the tunnel interface: mtu size · Set the MTU for IPv6 packets sent over the tunnel interface: ipv6 mtu size	Optional. 1500 bytes for IPv4 and 1480 bytes for IPv6 by default.
5. Set the bandwidth of the tunnel interface.	tunnel bandwidth bandwidth-value	Optional. 64 kbps by default.
6. Restore the default settings of the current interface.	default	Optional.
7. Shut down the tunnel interface.	shutdown	Optional. By default, the interface is up.

NOTE:

· When active/standby switchover occurs or the standby card is removed from the switch, tunnels configured on the active or standby card still exist. To delete tunnels, use the undo interface tunnel command.

· For more information about the ipv6 mtu command, see Layer 3—IP Services Command Reference.

· The bandwidth of a tunnel interface set through the tunnel bandwidth command is used for path cost calculation by dynamic routing protocols and has no impact on the transfer rate of the interface. It is a good practice to set the value based on the actual bandwidth of the outgoing interface.

Configuring an IPv6 manual tunnel

Configuration prerequisites

Configure IP addresses for interfaces (such as the VLAN interface, Ethernet interface, and loopback interface) on the switch to ensure normal communication. One of the interfaces will be used as the source interface of the tunnel.

Configuration guidelines

When you configure an IPv6 manual tunnel, configure these guidelines:

· After a tunnel interface is deleted, all features configured on the tunnel interface will be deleted.

· To encapsulate and forward IPv6 packets whose destination address does not belong to the subnet where the current tunnel interface resides, you must configure a static route or dynamic routing for forwarding those packets through this tunnel interface. If you configure a static route to that destination IPv6 address, specify this tunnel interface as the outbound interface, or the peer tunnel interface address as the next hop. Similar configuration is required at the other tunnel end. If you configure dynamic routing at both ends, enable the dynamic routing protocol on both tunnel interfaces. For the detailed configuration, see Layer 3—IP Routing Configuration Guide.

Configuration procedure

To configure an IPv6 manual tunnel:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enable IPv6.	ipv6	By default, the IPv6 packet forwarding function is disabled.
3. Create a tunnel interface and enter tunnel interface view.	interface tunnel number	By default, there is no tunnel interface on the switch.
4. Configure an IPv6 address for the tunnel interface.	· Configure a global unicast IPv6 address or a site-local address: ¡ ipv6 address { ipv6-address prefix-length \| ipv6-address \| prefix-length } ¡ ipv6 address ipv6-address \| prefix-length eui-64 · Configure a link-local IPv6 address: a. ipv6 address auto link-local b. ipv6 address ipv6-address link-local	Use ipv6 address { ipv6-address prefix-length \| ipv6-address \| prefix-length } or ipv6 address ipv6-address \| prefix-length eui-64 command to configure a global unicast IPv6 address or a site-local address. By default, · No IPv6 global unicast address or site-local address is configured for the tunnel interface. · A link-local address will automatically be created when an IPv6 global unicast address or site-local address is configured. The link-local IPv6 address configuration is optional.
5. Specify the IPv6 manual tunnel mode.	tunnel-protocol ipv6-ipv4	By default, the tunnel is a GRE over IPv4 tunnel. The same tunnel mode should be configured at both ends of the tunnel. Otherwise, packet delivery will fail.
6. Configure a source address or interface for the tunnel.	source { ip-address \| interface-type interface-number }	By default, no source address or interface is configured for the tunnel.
7. Configure a destination address for the tunnel.	destination ip-address	By default, no destination address is configured for the tunnel.
8. Return to system view.	quit	N/A

Configuration example

NOTE:

By default, Ethernet, VLAN, and aggregate interfaces are down. Before configuring them, bring them up with the undo shutdown command.

Network requirements

As shown in Figure 4, two IPv6 networks are connected to an IPv4 network through Switch A and Switch B respectively. Configure an IPv6 manual tunnel between Switch A and Switch B to make the two IPv6 networks reachable to each other. If the IPv4 addresses cannot be extracted from the IPv6 packets, you must manually configure an IPv6 tunnel.

Figure 4 Network diagram

Configuration procedure

NOTE:

Before performing the following configurations, make sure that Switch A and Switch B have corresponding VLAN interfaces created and are reachable to each other.

· Configure Switch A:

# Enable IPv6.

<SwitchA> system-view

[SwitchA] ipv6

# Configure an IPv4 address for VLAN-interface 100.

[SwitchA] interface vlan-interface 100

[SwitchA-Vlan-interface100] ip address 192.168.100.1 255.255.255.0

[SwitchA-Vlan-interface100] quit

# Configure an IPv6 address for VLAN-interface 101.

[SwitchA] interface vlan-interface 101

[SwitchA-Vlan-interface101] ipv6 address 3002::1 64

[SwitchA-Vlan-interface101] quit

# Configure a manual IPv6 tunnel.

[SwitchA] interface tunnel 0

[SwitchA-Tunnel0] ipv6 address 3001::1/64

[SwitchA-Tunnel0] source vlan-interface 100

[SwitchA-Tunnel0] destination 192.168.50.1

[SwitchA-Tunnel0] tunnel-protocol ipv6-ipv4

[SwitchA-Tunnel0] quit

# Configure a static route to IPv6 Group 2 through tunnel 0 on Switch A.

[SwitchA] ipv6 route-static 3003:: 64 tunnel 0

· Configure Switch B:

# Enable IPv6.

<SwitchB> system-view

[SwitchB] ipv6

# Configure an IPv4 address for VLAN-interface 100.

[SwitchB] interface vlan-interface 100

[SwitchB-Vlan-interface100] ip address 192.168.50.1 255.255.255.0

[SwitchB-Vlan-interface100] quit

# Configure an IPv6 address for VLAN-interface 101.

[SwitchB] interface vlan-interface 101

[SwitchB-Vlan-interface101] ipv6 address 3003::1 64

[SwitchB-Vlan-interface101] quit

# Configure an IPv6 manual tunnel.

[SwitchB] interface tunnel 0

[SwitchB-Tunnel0] ipv6 address 3001::2/64

[SwitchB-Tunnel0] source vlan-interface 100

[SwitchB-Tunnel0] destination 192.168.100.1

[SwitchB-Tunnel0] tunnel-protocol ipv6-ipv4

[SwitchB-Tunnel0] quit

# Configure a static route to IPv6 Group 1 through tunnel 0 on Switch B.

[SwitchB] ipv6 route-static 3002:: 64 tunnel 0

Verifying the configuration

After the preceding configurations, display the status of the tunnel interfaces on Switch A and Switch B, respectively.

[SwitchA] display ipv6 interface tunnel 0

Tunnel0 current state :UP

Line protocol current state :UP

IPv6 is enabled, link-local address is FE80::C0A8:6401

Global unicast address(es):

3001::1, subnet is 3001::/64

Joined group address(es):

FF02::1:FF00:0

FF02::1:FF00:1

FF02::1:FFA8:6401

FF02::2

FF02::1

MTU is 1480 bytes

ND reachable time is 30000 milliseconds

ND retransmit interval is 1000 milliseconds

Hosts use stateless autoconfig for addresses

IPv6 Packet statistics:

InReceives: 55

...

[SwitchB] display ipv6 interface tunnel 0

Tunnel0 current state :UP

Line protocol current state :UP

IPv6 is enabled, link-local address is FE80::C0A8:3201

Global unicast address(es):

3001::2, subnet is 3001::/64

Joined group address(es):

FF02::1:FF00:0

FF02::1:FF00:1

FF02::1:FFA8:3201

FF02::2

FF02::1

MTU is 1480 bytes

ND reachable time is 30000 milliseconds

ND retransmit interval is 1000 milliseconds

Hosts use stateless autoconfig for addresses

IPv6 Packet statistics:

InReceives: 55

...

# Ping the IPv6 address of VLAN-interface 101 at the peer end from Switch A.

[SwitchA] ping ipv6 3003::1

PING 3003::1 : 56 data bytes, press CTRL_C to break

Reply from 3003::1

bytes=56 Sequence=1 hop limit=64 time = 1 ms

Reply from 3003::1

bytes=56 Sequence=2 hop limit=64 time = 1 ms

Reply from 3003::1

bytes=56 Sequence=3 hop limit=64 time = 1 ms

Reply from 3003::1

bytes=56 Sequence=4 hop limit=64 time = 1 ms

Reply from 3003::1

bytes=56 Sequence=5 hop limit=64 time = 1 ms

--- 3003::1 ping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 1/1/1 ms

Configuring an automatic IPv4-compatible IPv6 tunnel

Configuration prerequisites

Configuration guidelines

When you configure an automatic IPv4-compatible IPv6 tunnel, follow these guidelines:

· No destination address needs to be configured for an automatic IPv4-compatible IPv6 tunnel. The destination address of the tunnel can be automatically obtained through the IPv4 address embedded in the IPv4-compatible IPv6 address.

· Automatic tunnel interfaces using the same encapsulation protocol cannot share the same source IP address.

Configuration procedure

To configure an automatic IPv4-compatible IPv6 tunnel:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enable the IPv6 packet forwarding function.	ipv6	By default, the IPv6 packet forwarding function is disabled.
3. Create a tunnel interface and enter tunnel interface view.	interface tunnel number	By default, there is no tunnel interface on the switch.
4. Configure an IPv6 address for the tunnel interface.	· Configure an IPv6 global unicast address or a site-local address: ¡ ipv6 address { ipv6-address prefix-length \| ipv6-address \| prefix-length } ¡ ipv6 address ipv6-address \| prefix-length eui-64 · Configure an IPv6 link-local address: a. ipv6 address auto link-local b. ipv6 address ipv6-address link-local	Use either ipv6 address { ipv6-address prefix-length \| ipv6-address \| prefix-length } or ipv6 address ipv6-address \| prefix-length eui-64command to configure an IPv6 global unicast address or a site-local address. By default, · No IPv6 global unicast address or site-local address is configured for the tunnel interface. · A link-local address will automatically be generated when an IPv6 global unicast or site-local address is configured for the interface. IPv6 link-local address configuration is optional.
5. Specify the automatic IPv4-compatible IPv6 tunnel mode.	tunnel-protocol ipv6-ipv4 auto-tunnel	By default, the tunnel is a GRE over IPv4 tunnel. The same tunnel mode should be configured at both ends of the tunnel. Otherwise, packet delivery will fail.
6. Configure a source address or interface for the tunnel.	source { ip-address \| interface-type interface-number }	By default, no source address or interface is configured for the tunnel.
7. Configure the IPv6 MTU on the tunnel interface.	ipv6 mtu mtu-size	Optional By default, the IPv6 MTU is 1480 bytes.

Configuration example

NOTE:

By default, Ethernet, VLAN, and aggregate interfaces are down. Before configuring them, bring them up with the undo shutdown command.

Network requirements

As shown in Figure 5, two IPv6 networks are connected to an IPv4 network through dual-stack provisioned Switch A and Switch B. Configure an automatic IPv4-compatible IPv6 tunnel between Switch A and Switch B to make the two IPv6 networks reachable to each other.

Figure 5 Network diagram

Configuration procedure

NOTE:

Before performing the following configurations, make sure that Switch A and Switch B have the corresponding VLAN interfaces created and are reachable to each other.

· Configure Switch A:

# Enable IPv6.

<SwitchA> system-view

[SwitchA] ipv6

# Configure an IPv4 address for VLAN-interface 100.

[SwitchA] interface vlan-interface 100

[SwitchA-Vlan-interface100] ip address 192.168.100.1 255.255.255.0

[SwitchA-Vlan-interface100] quit

# Configure an automatic IPv4-compatible IPv6 tunnel.

[SwitchA] interface tunnel 0

[SwitchA-Tunnel0] ipv6 address ::192.168.100.1/96

[SwitchA-Tunnel0] source vlan-interface 100

[SwitchA-Tunnel0] tunnel-protocol ipv6-ipv4 auto-tunnel

· Configure Switch B:

# Enable IPv6.

<SwitchB> system-view

[SwitchB] ipv6

# Configure an IPv4 address for VLAN-interface 100.

[SwitchB] interface vlan-interface 100

[SwitchB-Vlan-interface100] ip address 192.168.50.1 255.255.255.0

[SwitchB-Vlan-interface100] quit

# Configure an automatic IPv4-compatible IPv6 tunnel.

[SwitchB] interface tunnel 0

[SwitchB-Tunnel0] ipv6 address ::192.168.50.1/96

[SwitchB-Tunnel0] source vlan-interface 100

[SwitchB-Tunnel0] tunnel-protocol ipv6-ipv4 auto-tunnel

Verifying the configuration

After the preceding configurations, display the status of the tunnel interfaces on Switch A and Switch B, respectively.

[SwitchA] display ipv6 interface tunnel 0

Tunnel0 current state :UP

Line protocol current state :UP

IPv6 is enabled, link-local address is FE80::C0A8:6401

Global unicast address(es):

::192.168.100.1, subnet is ::/96

Joined group address(es):

FF02::1:FFA8:6401

FF02::1:FF00:0

FF02::2

FF02::1

MTU is 1480 bytes

ND reachable time is 30000 milliseconds

ND retransmit interval is 1000 milliseconds

Hosts use stateless autoconfig for addresses

IPv6 Packet statistics:

InReceives: 65

...

[SwitchB] display ipv6 interface tunnel 0

Tunnel0 current state :UP

Line protocol current state :UP

IPv6 is enabled, link-local address is FE80::C0A8:3201

Global unicast address(es):

::192.168.50.1, subnet is ::/96

Joined group address(es):

FF02::1:FFA8:3201

FF02::1:FF00:0

FF02::2

FF02::1

MTU is 1480 bytes

ND reachable time is 30000 milliseconds

ND retransmit interval is 1000 milliseconds

Hosts use stateless autoconfig for addresses

IPv6 Packet statistics:

InReceives: 65

...

# Ping the IPv4-compatible IPv6 address at the peer end from Switch A.

[RouterA] ping ipv6 ::192.168.50.1

PING ::192.168.50.1 : 56 data bytes, press CTRL_C to break

Reply from ::192.168.50.1

bytes=56 Sequence=1 hop limit=64 time = 1 ms

Reply from ::192.168.50.1

bytes=56 Sequence=2 hop limit=64 time = 1 ms

Reply from ::192.168.50.1

bytes=56 Sequence=3 hop limit=64 time = 1 ms

Reply from ::192.168.50.1

bytes=56 Sequence=4 hop limit=64 time = 1 ms

Reply from ::192.168.50.1

bytes=56 Sequence=5 hop limit=64 time = 1 ms

--- ::192.168.50.1 ping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 1/1/1 ms

Configuring a 6to4 tunnel

Configuration prerequisites

Configuration guidelines

When you configure a 6to4 tunnel, follow these guidelines:

· No destination address needs to be configured for a 6to4 tunnel because the destination address can be automatically obtained from the IPv4 address embedded in the 6to4 IPv6 address.

· The automatic tunnel interfaces using the same encapsulation protocol cannot share the same source IP address.

Configuration procedure

To configure a 6to4 tunnel:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enable IPv6.	ipv6	By default, the IPv6 packet forwarding function is disabled.
3. Enter tunnel interface view.	interface tunnel number	By default, there is no tunnel interface on the switch.
4. Configure an IPv6 address for the tunnel interface.	· Configure an IPv6 global unicast address or a site-local address: ¡ ipv6 address { ipv6-address prefix-length \| ipv6-address \| prefix-length } ¡ ipv6 address ipv6-address \| prefix-length eui-64 · Configure an IPv6 link-local address: a. ipv6 address auto link-local b. ipv6 address ipv6-address link-local	Use either ipv6 address { ipv6-address prefix-length \| ipv6-address \| prefix-length } or ipv6 address ipv6-address \| prefix-length eui-64 command to configure an IPv6 global unicast address or a site-local address. By default, · No IPv6 global unicast address or site-local address is configured for the tunnel interface. · A link-local address will automatically be generated when an IPv6 global unicast address or a site-local address is configured. IPv6 link-local address configuration is optional.
5. Specify the 6to4 tunnel mode.	tunnel-protocol ipv6-ipv4 6to4	By default, the tunnel is a GRE over IPv4 tunnel. The same tunnel mode should be configured at both ends of the tunnel. Otherwise, packet delivery will fail.
6. Configure a source address or interface for the tunnel.	source { ip-address \| interface-type interface-number }	By default, no source address or interface is configured for the tunnel.
7. Specify the service card for forwarding the traffic on the interface (in standalone mode).	service slot slot-number	Optional Not specified by default.
8. Return to system view.	quit	N/A

6to4 tunnel configuration example

NOTE:

By default, Ethernet, VLAN, and aggregate interfaces are down. Before configuring them, bring them up with the undo shutdown command.

Network requirements

As shown in Figure 6, two 6to4 networks are connected to an IPv4 network through two 6to4 switches (Switch A and Switch B) respectively. Configure a 6to4 tunnel to make Host A and Host B reachable to each other.

Figure 6 Network diagram

Configuration consideration

To enable communication between 6to4 networks, you must configure 6to4 addresses for 6to4 switches and hosts in the 6to4 networks.

· The IPv4 address of VLAN-interface 100 on Switch A is 2.1.1.1/24, and the corresponding 6to4 prefix is 2002:0201:0101::/48 after it is translated to an IPv6 address. Assign interface tunnel0 to subnet 2002:0201:0101::/64 and VLAN-interface 101 to subnet 2002:0201:0101:1::/64.

· The IPv4 address of VLAN-interface 100 on Switch B is 5.1.1.1/24, and the corresponding 6to4 prefix is 2002:0501:0101::/48 after it is translated to an IPv6 address. Assign interface tunnel0 to subnet 2002:0501:0101::/64 and VLAN-interface 101 to subnet 2002:0501:0101:1::/64.

Configuration procedure

NOTE:

Make sure that Switch A and Switch B have the corresponding VLAN interfaces created and are reachable to each other.

· Configure Switch A:

# Enable IPv6.

<SwitchA> system-view

[SwitchA] ipv6

# Configure an IPv4 address for VLAN-interface 100.

[SwitchA] interface vlan-interface 100

[SwitchA-Vlan-interface100] ip address 2.1.1.1 24

[SwitchA-Vlan-interface100] quit

# Configure an IPv6 address for VLAN-interface 101.

[SwitchA] interface vlan-interface 101

[SwitchA-Vlan-interface101] ipv6 address 2002:0201:0101:1::1/64

[SwitchA-Vlan-interface101] quit

# Configure a 6to4 tunnel.

[SwitchA] interface tunnel 0

[SwitchA-Tunnel0] ipv6 address 2002:201:101::1/64

[SwitchA-Tunnel0] source vlan-interface 100

[SwitchA-Tunnel0] tunnel-protocol ipv6-ipv4 6to4

[SwitchA-Tunnel0] quit

# Configure a static route whose destination address is 2002::/16 and next-hop is the tunnel interface.

[SwitchA] ipv6 route-static 2002:: 16 tunnel 0

· Configure Switch B:

# Enable IPv6.

<SwitchB> system-view

[SwitchB] ipv6

# Configure an IPv4 address for VLAN-interface 100.

[SwitchB] interface vlan-interface 100

[SwitchB-Vlan-interface100] ip address 5.1.1.1 24

[SwitchB-Vlan-interface100] quit

# Configure an IPv6 address for VLAN-interface 101.

[SwitchB] interface vlan-interface 101

[SwitchB-Vlan-interface101] ipv6 address 2002:0501:0101:1::1/64

[SwitchB-Vlan-interface101] quit

# Configure the 6to4 tunnel.

[SwitchB] interface tunnel 0

[SwitchB-Tunnel0] ipv6 address 2002:0501:0101::1/64

[SwitchB-Tunnel0] source vlan-interface 100

[SwitchB-Tunnel0] tunnel-protocol ipv6-ipv4 6to4

[SwitchB-Tunnel0] quit

# Configure a static route whose destination address is 2002::/16 and the next hop is the tunnel interface.

[SwitchB] ipv6 route-static 2002:: 16 tunnel 0

Verifying the configuration

After the preceding configuration, ping both hosts from each other, and the ping operation succeeds.

D:\>ping6 -s 2002:201:101:1::2 2002:501:101:1::2

Pinging 2002:501:101:1::2

from 2002:201:101:1::2 with 32 bytes of data:

Reply from 2002:501:101:1::2: bytes=32 time=13ms

Reply from 2002:501:101:1::2: bytes=32 time=1ms

Reply from 2002:501:101:1::2: bytes=32 time<1ms

Ping statistics for 2002:501:101:1::2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 13ms, Average = 3ms

6to4 relay tunnel configuration example

NOTE:

By default, Ethernet, VLAN, and aggregate interfaces are down. Before configuring them, bring them up with the undo shutdown command.

Network requirements

As shown in Figure 7, Switch A is a 6to4 switch, and 6to4 addresses are used on its IPv6 network. Switch B serves as a 6to4 relay switch and is connected to the IPv6 network (2001::/16). Configure a 6to4 tunnel between Switch A and Switch B to make Host A and Host B reachable to each other.

Figure 7 Network diagram

Configuration procedure

NOTE:

· Make sure that Switch A and Switch B have the corresponding VLAN interfaces created and are reachable to each other.

· Configuration on a 6to4 relay switch is similar to that on a 6to4 switch. However, to enable communication between the 6to4 network and the IPv6 network, you must configure a route to the IPv6 network on the 6to4 switch.

· Configure Switch A:

# Enable IPv6.

<SwitchA> system-view

[SwitchA] ipv6

# Configure an IPv4 address for VLAN-interface 100.

[SwitchA] interface vlan-interface 100

[SwitchA-Vlan-interface100] ip address 2.1.1.1 255.255.255.0

[SwitchA-Vlan-interface100] quit

# Configure an IPv6 address for VLAN-interface 101.

[SwitchA] interface vlan-interface 101

[SwitchA-Vlan-interface101] ipv6 address 2002:0201:0101:1::1/64

[SwitchA-Vlan-interface101] quit

# Configure the 6to4 tunnel.

[SwitchA] interface tunnel 0

[SwitchA-Tunnel0] ipv6 address 2002:0201:0101::1/64

[SwitchA-Tunnel0] source vlan-interface 100

[SwitchA-Tunnel0] tunnel-protocol ipv6-ipv4 6to4

[SwitchA-Tunnel0] quit

# Configure a static route to the 6to4 relay.

[SwitchA] ipv6 route-static 2002:0601:0101:: 64 tunnel 0

# Configure a default route to the IPv6-only network.

[SwitchA] ipv6 route-static :: 0 2002:0601:0101::1

· Configure Switch B:

# Enable IPv6.

<SwitchB> system-view

[SwitchB] ipv6

# Configure an IPv4 address for VLAN-interface 100.

[SwitchB] interface vlan-interface 100

[SwitchB-Vlan-interface100] ip address 6.1.1.1 255.255.255.0

[SwitchB-Vlan-interface100] quit

# Configure an IPv6 address for VLAN-interface 101.

[SwitchB] interface vlan-interface 101

[SwitchB-Vlan-interface101] ipv6 address 2001::1/16

[SwitchB-Vlan-interface101] quit

# Configure a 6to4 tunnel.

[SwitchB] interface tunnel 0

[SwitchB-Tunnel0] ipv6 address 2001:0601:0101::1/64

[SwitchB-Tunnel0] source vlan-interface 100

[SwitchB-Tunnel0] tunnel-protocol ipv6-ipv4 6to4

[SwitchB-Tunnel0] quit

# Configure a static route whose destination address is 2002::/16 and next-hop is the tunnel interface.

[SwitchB] ipv6 route-static 2002:: 16 tunnel 0

Verifying the configuration

After the preceding configuration, ping Host B from Host A.

D:\>ping6 -s 2002:201:101:1::2 2001::2

Pinging 2001::2

from 2002:201:101:1::2 with 32 bytes of data:

Reply from 2001::2: bytes=32 time=13ms

Reply from 2001::2: bytes=32 time=1ms

Reply from 2001::2: bytes=32 time<1ms

Ping statistics for 2001::2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 13ms, Average = 3ms

Configuring an ISATAP tunnel

Configuration prerequisites

Configuration guidelines

When you configure an ISATAP tunnel, follow these guidelines:

· No destination address needs to be configured for an ISATAP tunnel. The destination address of the tunnel can be automatically obtained through the IPv4 address embedded in the ISATAP address.

· The automatic tunnel interfaces using the same encapsulation protocol cannot share the same source IP address.

Configuration procedure

To configure an ISATAP tunnel:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enable IPv6.	ipv6	By default, the IPv6 forwarding function is disabled.
3. Create a tunnel interface and enter tunnel interface view.	interface tunnel number	By default, there is no tunnel interface on the switch.
4. Configure an IPv6 address for the tunnel interface.	· Configure an IPv6 global unicast address or site-local address: ¡ ipv6 address { ipv6-address prefix-length \| ipv6-address \| prefix-length } ¡ ipv6 address ipv6-address \| prefix-length eui-64 · Configure an IPv6 link-local address: a. ipv6 address auto link-local b. ipv6 address ipv6-address link-local	Use either ipv6 address { ipv6-address prefix-length \| ipv6-address \| prefix-length } or ipv6 address ipv6-address \| prefix-length eui-64 command to configure an IPv6 global unicast address or site-local address. By default, · No IPv6 global unicast address is configured for the tunnel interface. · A link-local address will automatically be generated when an IPv6 global unicast address or link-local address is configured.
4. Configure an IPv6 address for the tunnel interface.		The IPv6 link-local address configuration is optional.
5. Specify the ISATAP tunnel mode.	tunnel-protocol ipv6-ipv4 isatap	By default, the tunnel is a GRE over IPv4 tunnel. The same tunnel mode should be configured at both ends of the tunnel. Otherwise, packet delivery will fail.
6. Configure a source address or interface for the tunnel.	source { ip-address \| interface-type interface-number }	By default, no source address or interface is configured for the tunnel.
7. Specify the service card for forwarding the traffic on the interface (in standalone mode).	service slot slot-number	Optional. Not specified by default
8. Return to system view.	quit	N/A

Configuration example

NOTE:

By default, the Ethernet, VLAN, and aggregate interfaces are down. Before configuring them, bring them up with the undo shutdown command.

Network requirements

As shown in Figure 8, an IPv6 network is connected to an IPv4 network through an ISATAP switch. The destination address of the tunnel is an ISATAP address. Configure IPv6 hosts in the IPv4 network to access the IPv6 network through the ISATAP tunnel.

Figure 8 Network diagram

Configuration procedure

NOTE:

· Make sure that the corresponding VLAN interfaces have been created on the switch.

· Make sure that VLAN-interface 101 on the ISATAP switch and the ISATAP host are reachable to each other.

· Configure the switch:

# Enable IPv6.

<Switch> system-view

[Switch] ipv6

# Configure addresses for interfaces.

[Switch] interface vlan-interface 100

[Switch-Vlan-interface100] ipv6 address 3001::1/64

[Switch-Vlan-interface100] quit

[Switch] interface vlan-interface 101

[Switch-Vlan-interface101] ip address 1.1.1.1 255.0.0.0

[Switch-Vlan-interface101] quit

# Configure an ISATAP tunnel.

[Switch] interface tunnel 0

[Switch-Tunnel0] ipv6 address 2001::5efe:0101:0101 64

[Switch-Tunnel0] source vlan-interface 101

[Switch-Tunnel0] tunnel-protocol ipv6-ipv4 isatap

# Disable the RA suppression so that hosts can acquire information such as the address prefix from the RA message released by the ISATAP switch.

[Switch-Tunnel0] undo ipv6 nd ra halt

[Switch-Tunnel0] quit

# Configure a static route to the ISATAP host.

[Switch] ipv6 route-static 2001:: 16 tunnel 0

· Configure the ISATAP host:

The specific configuration on the ISATAP host depends on its operating system. The following example shows the configuration of a host running Windows XP.

# Install IPv6.

C:\>ipv6 install

# On a Windows XP-based host, the ISATAP interface is usually interface 2. Configure the IPv4 address of the ISATAP router on the interface to complete the configuration on the host. Before doing that, display the ISATAP interface information:

C:\>ipv6 if 2

Interface 2: Automatic Tunneling Pseudo-Interface

Guid {48FCE3FC-EC30-E50E-F1A7-71172AEEE3AE}

does not use Neighbor Discovery

does not use Router Discovery

routing preference 1

EUI-64 embedded IPv4 address: 0.0.0.0

router link-layer address: 0.0.0.0

preferred link-local fe80::5efe:2.1.1.2, life infinite

link MTU 1280 (true link MTU 65515)

current hop limit 128

reachable time 42500ms (base 30000ms)

retransmission interval 1000ms

DAD transmits 0

default site prefix length 48

# A link-local address (fe80::5efe:2.1.1.2) in the ISATAP format was automatically generated for the ISATAP interface. Configure the IPv4 address of the ISATAP switch on the ISATAP interface.

C:\>ipv6 rlu 2 1.1.1.1

# Look at the information on the ISATAP interface.

C:\>ipv6 if 2

Interface 2: Automatic Tunneling Pseudo-Interface

Guid {48FCE3FC-EC30-E50E-F1A7-71172AEEE3AE}

does not use Neighbor Discovery

uses Router Discovery

routing preference 1

EUI-64 embedded IPv4 address: 2.1.1.2

router link-layer address: 1.1.1.1

preferred global 2001::5efe:2.1.1.2, life 29d23h59m46s/6d23h59m46s (public)

preferred link-local fe80::5efe:2.1.1.2, life infinite

link MTU 1500 (true link MTU 65515)

current hop limit 255

reachable time 42500ms (base 30000ms)

retransmission interval 1000ms

DAD transmits 0

default site prefix length 48

# Comparison shows that the host acquires the address prefix 2001::/64 and automatically generates the address 2001::5efe:2.1.1.2. Meanwhile, “uses Router Discovery” is displayed, indicating that the router discovery function is enabled on the host. Ping the IPv6 address of the tunnel interface of the switch. If the address is successfully pinged, an ISATAP tunnel is established.

C:\>ping 2001::5efe:1.1.1.1

Pinging 2001::5efe:1.1.1.1 with 32 bytes of data:

Reply from 2001::5efe:1.1.1.1: time=1ms

Reply from 2001::5efe:2.1.1.1: time=1ms

Ping statistics for 2001::5efe:1.1.1.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1ms, Maximum = 1ms, Average = 1ms

Verifying the configuration

The output shows that the ISATAP host can access the host on the IPv6 network.

Displaying and maintaining tunneling configuration

Task	Command	Remarks
Display information about tunnel interfaces.	display interface [ tunnel ] [ brief [ down ] ] [ \| { begin \| exclude \| include } regular-expression ] display interface tunnel number [ brief ] [ \| { begin \| exclude \| include } regular-expression ]	Available in any view
Display IPv6 information on tunnel interfaces.	display ipv6 interface tunnel [ number ] [ brief ] [ \| { begin \| exclude \| include } regular-expression ]	Available in any view
Clear statistics on tunnel interfaces.	reset counters interface [ tunnel [ number ] ]	Available in user view

Troubleshooting tunneling configuration

Symptom

After the configuration of related parameters such as tunnel source address, tunnel destination address, and tunnel mode, the tunnel interface is still not up.

Solution

Follow these steps:

1. The common cause is that the physical interface of the tunnel source is not up. Use the display interface tunnel or display ipv6 interface tunnel commands to view whether the physical interface of the tunnel source is up. If the physical interface is down, check the network connections.

2. Another possible cause is that the tunnel destination is unreachable. Use the display ipv6 routing-table or display ip routing-table command to view whether the tunnel destination is reachable. If no routing entry is available for tunnel communication in the routing table, configure related routes.

06-Layer 3 - IP Services Configuration Guide

Introduction to tunneling

Implementation

Tunnel types

Protocols and standards

Configuring an IPv6 manual tunnel

Configuration example

Network requirements

Configuration procedure

Verifying the configuration

Configuring an automatic IPv4-compatible IPv6 tunnel

Configuration example

Network requirements

Configuration procedure

Verifying the configuration

Configuring a 6to4 tunnel

6to4 tunnel configuration example

Network requirements

Configuration consideration

Configuration procedure

Verifying the configuration

6to4 relay tunnel configuration example

Network requirements

Configuration procedure

Verifying the configuration

Configuring an ISATAP tunnel

Configuration example

Network requirements

Configuration procedure

Verifying the configuration

Displaying and maintaining tunneling configuration

Troubleshooting tunneling configuration

Symptom

Solution

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us