Login
- Table of Contents
-
- 05-Layer 3 - IP Services Configuration Guide
- 00-Preface
- 01-ARP configuration
- 02-IP addressing configuration
- 03-DHCP configuration
- 04-DNS configuration
- 05-IP forwarding basics configuration
- 06-Adjacency table configuration
- 07-IP performance optimization configuration
- 08-UDP helper configuration
- 09-IPv6 basics configuration
- 10-DHCPv6 configuration
- 11-IPv6 fast forwarding configuration
- 12-Fast forwarding configuration
- 13-Tunnel configuration
- 14-GRE configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 13-Tunnel configuration | 308.73 KB |
Contents
Tunneling configuration task list
Configuring a tunnel interface
Configuring an IPv6 over IPv4 manual tunnel
Configuring an automatic IPv4-compatible IPv6 tunnel
6to4 tunnel configuration example
6to4 relay configuration example
Displaying and maintaining tunneling configuration
Troubleshooting tunneling configuration
Overview
Tunneling is an encapsulation technology. One network protocol encapsulates packets of another network protocol and transfers them over a virtual point-to-point connection. The virtual connection is called a tunnel. Packets are encapsulated at the tunnel source end and de-encapsulated at the tunnel destination end. Tunneling refers to the whole process from data encapsulation to data transfer to data de-encapsulation.
Tunneling supports the following technologies:
· Transition techniques, such as IPv6 over IPv4 tunneling, to interconnect IPv4 and IPv6 networks.
· VPN, such as IPv4 over IPv4 tunneling, IPv4/IPv6 over IPv6 tunneling, GRE, DVPN, and IPsec tunneling.
· Traffic engineering, such as MPLS TE to prevent network congestion.
Unless otherwise specified, the term tunnel in this document refers to IPv6 over IPv4 tunnels.
IPv6 over IPv4 tunneling
Implementation
IPv6 over IPv4 tunneling adds an IPv4 header to IPv6 packets so that IPv6 packets can pass an IPv4 network through a tunnel to realize interworking between isolated IPv6 networks, as shown in Figure 1.
|
|
NOTE: The devices at the ends of an IPv6 over IPv4 tunnel must support the IPv4/IPv6 dual stack. |
Figure 1 IPv6 over IPv4 tunnel
The IPv6 over IPv4 tunnel processes packets in the following steps:
1. A host in the IPv6 network sends an IPv6 packet to Device A at the tunnel source.
2. After determining according to the routing table that the packet needs to be forwarded through the tunnel, Device A encapsulates the IPv6 packet with an IPv4 header and forwards it through the physical interface of the tunnel. In the IPv4 header, the source IPv4 address is the IPv4 address of the tunnel source, and the destination IPv4 address is the IPv4 address of the tunnel destination.
3. Upon receiving the packet, Device B de-encapsulates the packet.
4. If the destination address of the IPv6 packet is itself, Device B forwards it to the upper-layer protocol. If not, Device B forwards it according to the routing table.
Tunnel types
IPv6 over IPv4 tunnels fall into manually configured tunnels and automatic tunnels, depending on how the IPv4 address of the tunnel destination is acquired.
· Manually configured tunnel—The destination IPv4 address of the tunnel cannot be automatically acquired from the destination IPv6 address of an IPv6 packet at the tunnel source, and must be manually configured.
· Automatic tunnel—The destination IPv4 address of the tunnel can be automatically acquired from the destination IPv6 address (with an IPv4 address embedded) of an IPv6 packet at the tunnel source.
According to the way an IPv6 packet is encapsulated, IPv6 over IPv4 tunnels are divided into the following modes.
Table 1 IPv6 over IPv4 tunnel modes and key parameters
|
Tunnel type |
Tunnel mode |
Tunnel source/destination address |
Tunnel interface address |
|
Manually configured tunnel |
IPv6 over IPv4 manual tunneling |
The source and destination IPv4 addresses are manually configured. |
IPv6 address |
|
Automatic tunnel |
Automatic IPv4-compatible IPv6 tunneling |
The source IPv4 address is manually configured. The destination IPv4 address is automatically obtained. |
IPv4-compatible IPv6 address, in the format of ::IPv4-source-address/96, where the IPv4-source-address is the IPv4 address of the tunnel source. |
|
6to4 tunneling |
The source IPv4 address is manually configured. The destination IPv4 address is automatically obtained. |
6to4 address, in the format of 2002:IPv4-source-address::/48, where the IPv4-source-address is the IPv4 address of the tunnel source. |
|
|
ISATAP tunneling |
The source IPv4 address is manually configured. The destination IPv4 address is automatically obtained. |
ISATAP address, in the format of Prefix:0:5EFE:IPv4-source-address/64 where the IPv4-source-address is the IPv4 address of the tunnel source. |
· IPv6 over IPv4 manual tunneling—A point-to-point link and its source and destination IPv4 addresses are manually configured. You can establish an IPv6 over IPv4 manual tunnel to connect isolated IPv6 networks over an IPv4 network, or connect an IPv6 network to an IPv4/IPv6 dual-stack host over an IPv4 network.
· Automatic IPv4-compatible IPv6 tunneling—A point-to-multipoint link. Both ends of the tunnel use IPv4-compatible IPv6 addresses. The address format is 0:0:0:0:0:0:a.b.c.d/96, where a.b.c.d is the IPv4 address of the tunnel destination. This mechanism simplifies tunnel establishment.
Automatic IPv4-compatible IPv6 tunnels have limitations because IPv4-compatible IPv6 addresses must use globally unique IPv4 addresses.
· 6to4 tunneling
¡ Ordinary 6to4 tunneling—A point-to-multipoint automatic tunnel. It is used to connect multiple isolated IPv6 networks over an IPv4 network. The destination IPv4 address of a 6to4 tunnel is embedded in the destination 6to4 address of packets. This mechanism enables the device to automatically get the tunnel destination address, simplifying tunnel establishment.
The 6to4 address format is 2002:abcd:efgh:subnet number::interface ID/64, where 2002 is the fixed IPv6 address prefix, and abcd:efgh represents a 32-bit globally unique IPv4 address in hexadecimal notation. For example, 1.1.1.1 can be represented by 0101:0101. The IPv4 address identifies a 6to4 network (an IPv6 network where all hosts use 6to4 addresses). The border router of a 6to4 network must have the IPv4 address abcd:efgh configured on the interface connected to the IPv4 network. The subnet number identifies a subnet in the 6to4 network. The subnet number::interface ID uniquely identifies a host in the 6to4 network.
6to4 tunneling uses an IPv4 address to identify a 6to4 network. This method overcomes the limitations of automatic IPv4-compatible IPv6 tunneling.
¡ 6to4 relay—Connects a 6to4 network to an IPv6 network that uses an IP prefix other than 2002::/16. A 6to4 relay router is a gateway that forwards packets from a 6to4 network to an IPv6 network.
As shown in Figure 2, 6to4 network Site 1 communicates with IPv6 network Site 3 over a 6to4 tunnel. Configure a static route on the border router (Device A) in the 6to4 network. The next-hop address must be the 6to4 address of the 6to4 relay router (Device C). Device A forwards all packets destined for the IPv6 network over the 6to4 tunnel, and Device C then forwards them to the IPv6 network.
Figure 2 Principle of 6to4 tunneling and 6to4 relay
· ISATAP tunneling—An ISATAP tunnel is a point-to-multipoint automatic tunnel. It provides a solution to connect an IPv6 host to an IPv6 network over an IPv4 network.
The destination addresses of IPv6 packets and the IPv6 addresses of tunnel interfaces are all ISATP addresses. The ISATAP address format is prefix:0:5EFE:abcd:efgh. The 64-bit prefix is a valid IPv6 unicast address prefix. The abcd:efgh segments represent a 32-bit IPv4 address, which identifies the tunnel destination but does not require global uniqueness.
ISATAP tunnels are mainly used for communication between IPv6 routers or between an IPv6 host and an IPv6 router over an IPv4 network.
Figure 3 Principle of ISATAP tunneling
Protocols and standards
· RFC 1853, IP in IP Tunneling
· RFC 2473, Generic Packet Tunneling in IPv6 Specification
· RFC 2893, Transition Mechanisms for IPv6 Hosts and Routers
· RFC 3056, Connection of IPv6 Domains via IPv4 Clouds
· RFC 4214, Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
Tunneling configuration task list
|
Tasks at a glance |
|
(Required.) Configuring a tunnel interface |
|
Perform one of the following tasks. Configuring an IPv6 over IPv4 tunnel: · Configuring an IPv6 over IPv4 manual tunnel |
Configuring a tunnel interface
Configure a Layer 3 virtual tunnel interface on each device on a tunnel so that devices at both ends can send, identify, and process packets from the tunnel.
When an active/standby switchover occurs or the standby card is removed, the tunnel interfaces configured on the active or standby card still exist. To delete a tunnel interface, use the undo interface tunnel command.
To configure a tunnel interface:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Create a tunnel interface, specify the tunnel mode, and enter tunnel interface view. |
interface tunnel number mode { evi [ ipv6 ] | gre | ipv6-ipv4 [ 6to4 | auto-tunnel | isatap ] } |
By default, no tunnel interface is created. When you create a new tunnel interface, you must specify the tunnel mode. When you enter the view of an existing tunnel interface, you do not need to specify the tunnel mode. The two ends of a tunnel must use the same tunnel mode. Otherwise, packet tunneling will fail. |
|
3. (Optional.) Configure a description for the interface. |
description text |
By default, the description of a tunnel interface is Tunnel number Interface. |
|
4. Set the MTU of the tunnel interface. |
mtu mtu-size |
The default setting is 1476 bytes. |
|
5. (Optional.) Restore the default settings of the tunnel interface. |
default |
N/A |
|
6. (Optional.) Shut down the tunnel interface. |
shutdown |
By default, a tunnel interface is up. |
Configuring an IPv6 over IPv4 manual tunnel
Follow these guidelines when you configure an IPv6 over IPv4 manual tunnel:
· The tunnel destination address specified on the local device must be identical with the tunnel source address specified on the tunnel peer device.
· The tunnels in the same mode on a device must not use the same tunnel source and destination addresses.
· If the destination IPv6 network is not in the same subnet as the IPv6 address of the tunnel interface, you must configure a static route destined for the destination IPv6 network. You can specify the local tunnel interface as the egress interface or specify the IPv6 address of the peer tunnel interface as the next hop. Alternatively, you can enable a dynamic routing protocol on both tunnel interfaces to achieve the same purpose. For detailed configuration, see Layer 3—IP Routing Configuration Guide.
To configure an IPv6 over IPv4 manual tunnel:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter IPv6 over IPv4 manual tunnel interface view. |
interface tunnel number [ mode ipv6-ipv4 ] |
N/A |
|
3. Specify an IPv6 address for the tunnel interface. |
For configuration details, see "Configuring IPv6 basics." |
No IPv6 address is configured for the tunnel interface by default. |
|
4. Configure a source address or source interface for the tunnel interface. |
source { ip-address | interface-type interface-number } |
By default, no source address or source interface is configured for the tunnel interface. The specified source address or the primary IP address of the specified source interface is used as the source IP address of tunneled packets. |
|
5. Configure a destination address for the tunnel interface. |
destination ip-address |
By default, no destination address is configured for the tunnel interface. The tunnel destination address must be the IP address of the receiving interface on the tunnel peer. It is used as the destination IP address of tunneled packets. |
|
6. Return to system view. |
quit |
N/A |
Configuration example
By default, Ethernet, VLAN, and aggregate interfaces are down. To configure such an interface, bring the interface up by executing the undo shutdown command.
Network requirements
As shown in Figure 4, configure an IPv6 over IPv4 tunnel between Switch A and Switch B so the two IPv6 networks can reach each other over the IPv4 network. Because the tunnel destination IPv4 address cannot be automatically obtained from the destination IPv6 addresses of packets, configure an IPv6 over IPv4 manual tunnel.
Configuration procedure
Make sure Switch A and Switch B have the corresponding VLAN interfaces created and can reach each other through IPv4.
· Configure Switch A:
# Configure an IPv4 address for VLAN-interface 100.
<SwitchA> system-view
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] ip address 192.168.100.1 255.255.255.0
[SwitchA-Vlan-interface100] quit
# Configure an IPv6 address for VLAN-interface 101.
[SwitchA] interface vlan-interface 101
[SwitchA-Vlan-interface101] ipv6 address 3002::1 64
[SwitchA-Vlan-interface101] quit
# Configure an IPv6 over IPv4 manual tunnel interface tunnel 0.
[SwitchA] interface tunnel 0 mode ipv6-ipv4
# Specify the source interface for the tunnel interface as VLAN-interface 100.
[SwitchA-Tunnel0] source vlan-interface 100
# Specify the destination address for the tunnel interface as the IP address of the VLAN-interface 100 on Switch B.
[SwitchA-Tunnel0] destination 192.168.50.1
[SwitchA-Tunnel0] quit
# Configure a static route destined for IPv6 network 2 through tunnel 0 on Switch A.
[SwitchA] ipv6 route-static 3003:: 64 tunnel 0
· Configure Switch B:
# Configure an IPv4 address for VLAN-interface 100.
<SwitchB> system-view
[SwitchB] interface vlan-interface 100
[SwitchB-Vlan-interface100] ip address 192.168.50.1 255.255.255.0
[SwitchB-Vlan-interface100] quit
# Configure an IPv6 address for VLAN-interface 101.
[SwitchB] interface vlan-interface 101
[SwitchB-Vlan-interface101] ipv6 address 3003::1 64
[SwitchB-Vlan-interface101] quit
# Configure an IPv6 over IPv4 manual tunnel interface tunnel 0.
[SwitchB] interface tunnel 0 mode ipv6-ipv4
# Specify the source interface for the tunnel interface as VLAN-interface 100.
[SwitchB-Tunnel0] source vlan-interface 100
# Specify the destination address for the tunnel interface as the IP address of VLAN-interface 100 of Switch A.
[SwitchB-Tunnel0] destination 192.168.100.1
[SwitchB-Tunnel0] quit
# Configure a static route destined for IPv6 network 1 through tunnel 0 on Switch B.
[SwitchB] ipv6 route-static 3002:: 64 tunnel 0
Verifying the configuration
# Use the display ipv6 interface command to display tunnel interface status on Switch A and Switch B. The output shows that the interface tunnel 0 is up. (Details not shown.)
# Switch B and Switch A can ping the IPv6 address of VLAN-interface 101 of each other. For example, ping the IPv6 address of VLAN-interface 101 of Switch B from Switch A.
[SwitchA] ping ipv6 3003::1
PING6(104=40+8+56 bytes) 3001::1 --> 3003::1
56 bytes from 3003::1, icmp_seq=0 hlim=64 time=45.000 ms
56 bytes from 3003::1, icmp_seq=1 hlim=64 time=10.000 ms
56 bytes from 3003::1, icmp_seq=2 hlim=64 time=4.000 ms
56 bytes from 3003::1, icmp_seq=3 hlim=64 time=10.000 ms
56 bytes from 3003::1, icmp_seq=4 hlim=64 time=11.000 ms
--- 3003::1 ping6 statistics ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 4.000/16.000/45.000/14.711 ms
Configuring an automatic IPv4-compatible IPv6 tunnel
Follow these guidelines when you configure an automatic IPv4-compatible IPv6 tunnel:
· You do not need to configure a destination address for an automatic IPv4-compatible IPv6 tunnel, because the destination address of the tunnel is embedded in the destination IPv4-compatible IPv6 address of packets.
· The automatic tunnel interfaces using the same encapsulation protocol cannot use the same source IP address.
To configure an automatic IPv4-compatible IPv6 tunnel:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter automatic IPv4-compatible IPv6 tunnel interface view. |
interface tunnel number [ mode ipv6-ipv4 auto-tunnel ] |
N/A |
|
3. Specify an IPv6 address for the tunnel interface. |
For configuration details, see "Configuring IPv6 Basics." |
No IPv6 address is configured for the tunnel interface by default. |
|
4. Configure a source address or source interface for the tunnel interface. |
source { ip-address | interface-type interface-number } |
By default, no source address or source interface is configured for the tunnel interface. The specified source address or the primary IP address of the specified source interface is used as the source IP address of tunneled packets. |
Configuration example
By default, Ethernet, VLAN, and aggregate interfaces are down. To configure such an interface, bring the interface up by executing the undo shutdown command.
Network requirements
As shown in Figure 5, dual-stack switches, Switch A and Switch B are connected over an IPv4 network. Configure an automatic IPv4-compatible IPv6 tunnel between the two switches to enable IPv6 communications over the IPv4 network.
Configuration procedure
Before configuring an automatic IPv4-compatible IPv6 tunnel, make sure Switch A and Switch B have the corresponding VLAN interfaces created and can reach each other through IPv4.
· Configure Switch A:
# Configure an IPv4 address for VLAN-interface 100.
<SwitchA> system-view
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] ip address 192.168.100.1 255.255.255.0
[SwitchA-Vlan-interface100] quit
# Configure an automatic IPv4-compatible IPv6 tunnel interface tunnel 0.
[SwitchA] interface tunnel 0 mode ipv6-ipv4 auto-tunnel
# Configure an IPv4-compatible IPv6 address for the tunnel interface.
[SwitchA-Tunnel0] ipv6 address ::192.168.100.1/96
# Specify VLAN-interface 100 as the source interface of the tunnel interface.
[SwitchA-Tunnel0] source vlan-interface 100
[SwitchA-Tunnel0] quit
· Configure Switch B:
# Configure an IPv4 address for VLAN-interface 100.
<SwitchB> system-view
[SwitchB] interface vlan-interface 100
[SwitchB-Vlan-interface100] ip address 192.168.50.1 255.255.255.0
[SwitchB-Vlan-interface100] quit
# Configure an automatic IPv4-compatible IPv6 tunnel interface tunnel 0.
[SwitchB] interface tunnel 0 mode ipv6-ipv4 auto-tunnel
# Configure an IPv4-compatible IPv6 address for the tunnel interface.
[SwitchB-Tunnel0] ipv6 address ::192.168.50.1/96
# Specify VLAN-interface 100 as the source interface of the tunnel interface.
[SwitchB-Tunnel0] source vlan-interface 100
[SwitchB-Tunnel0] quit
Verifying the configuration
# Use the display ipv6 interface command to view tunnel interface status on Switch A and Switch B. The output shows that the interface tunnel 0 is up. (Details not shown.)
# Switch B and Switch A can ping the IPv4-compatible IPv6 address of each other. For example, ping the IPv4-compatible IPv6 address of Switch B from Switch A.
[SwitchA-Tunnel10] ping ipv6 ::192.168.50.1
PING6(104=40+8+56 bytes) ::192.168.100.1 --> ::192.168.50.1
56 bytes from ::192.168.50.1, icmp_seq=0 hlim=64 time=17.000 ms
56 bytes from ::192.168.50.1, icmp_seq=1 hlim=64 time=9.000 ms
56 bytes from ::192.168.50.1, icmp_seq=2 hlim=64 time=11.000 ms
56 bytes from ::192.168.50.1, icmp_seq=3 hlim=64 time=9.000 ms
56 bytes from ::192.168.50.1, icmp_seq=4 hlim=64 time=11.000 ms
--- ::192.168.50.1 ping6 statistics ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 9.000/11.400/17.000/2.939 ms
Configuring a 6to4 tunnel
Follow these guidelines when you configure a 6to4 tunnel:
· You do not need to configure a destination address for a 6to4 tunnel, because the destination IPv4 address is embedded in the 6to4 IPv6 address.
· Because automatic tunnels do not support dynamic routing, you must configure a static route destined for the destination IPv6 network if the destination IPv6 network is not in the same subnet as the IPv6 address of the tunnel interface. You can specify the local tunnel interface as the egress interface of the route or specify the IPv6 address of the peer tunnel interface as the next hop of the route. For the detailed configuration, see Layer 3—IP Routing Configuration Guide.
· The automatic tunnel interfaces using the same encapsulation protocol cannot use the same source IP address.
To configure a 6to4 tunnel:
|
Step |
Command |
Remarks |
|
|
1. Enter system view. |
system-view |
N/A |
|
|
2. Enter 6to4 tunnel interface view. |
interface tunnel number [ mode ipv6-ipv4 6to4 ] |
N/A |
|
|
3. Specify an IPv6 address for the tunnel interface. |
For configuration details, see "Configuring IPv6 basics." |
No IPv6 address is configured for the tunnel interface by default. |
|
|
4. Configure a source address or source interface for the tunnel interface. |
source { ip-address | interface-type interface-number } |
By default, no source address or source interface is configured for the tunnel interface. The specified source address or the primary IP address of the specified source interface is used as the source IP address of tunneled packets. |
|
|
5. Return to system view. |
quit |
N/A |
|
6to4 tunnel configuration example
By default, Ethernet, VLAN, and aggregate interfaces are down. To configure such an interface, bring the interface up by executing the undo shutdown command.
Network requirements
As shown in Figure 6, configure a 6to4 tunnel between 6to4 switches Switch A and Switch B so Host A and Host B can reach each other over the IPv4 network.
Configuration considerations
To enable communication between 6to4 networks, configure 6to4 addresses for 6to4 switches and hosts in the 6to4 networks.
· The IPv4 address of VLAN-interface 100 on Switch A is 2.1.1.1/24, and the corresponding 6to4 prefix is 2002:0201:0101::/48 after it is translated to an IPv6 address. Assign interface Tunnel 0 to subnet 2002:0201:0101::/64 and VLAN-interface 101 to subnet 2002:0201:0101:1::/64.
· The IPv4 address of VLAN-interface 100 on Switch B is 5.1.1.1/24, and the corresponding 6to4 prefix is 2002:0501:0101::/48 after it is translated to an IPv6 address. Assign interface Tunnel 0 to subnet 2002:0501:0101::/64 and VLAN-interface 101 to subnet 2002:0501:0101:1::/64.
Configuration procedure
Before configuring a 6to4 tunnel, make sure Switch A and Switch B have the corresponding VLAN interfaces created and can reach each other through IPv4.
· Configure Switch A:
# Configure an IPv4 address for VLAN-interface 100.
<SwitchA> system-view
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] ip address 2.1.1.1 24
[SwitchA-Vlan-interface100] quit
# Configure a 6to4 address for VLAN-interface 101.
[SwitchA] interface vlan-interface 101
[SwitchA-Vlan-interface101] ipv6 address 2002:0201:0101:1::1/64
[SwitchA-Vlan-interface101] quit
# Create a 6to4 tunnel interface tunnel 0.
[SwitchA] interface tunnel 0 mode ipv6-ipv4 6to4
# Configure a 6to4 address for the tunnel interface.
[SwitchA-Tunnel0] ipv6 address 2002:201:101::1/64
# Specify the source interface as VLAN-interface 100 for the tunnel interface.
[SwitchA-Tunnel0] source vlan-interface 100
[SwitchA-Tunnel0] quit
# Configure a static route destined for 2002::/16 through the tunnel interface.
[SwitchA] ipv6 route-static 2002:: 16 tunnel 0
· Configure Switch B:
# Configure an IPv4 address for VLAN-interface 100.
<SwitchB> system-view
[SwitchB] interface vlan-interface 100
[SwitchB-Vlan-interface100] ip address 5.1.1.1 24
[SwitchB-Vlan-interface100] quit
# Configure a 6to4 address for VLAN-interface 101.
[SwitchB] interface vlan-interface 101
[SwitchB-Vlan-interface101] ipv6 address 2002:0501:0101:1::1/64
[SwitchB-Vlan-interface101] quit
# Create a 6to4 tunnel interface tunnel 0.
[SwitchB] interface tunnel 0 mode ipv6-ipv4 6to4
# Configure a 6to4 address for the tunnel interface.
[SwitchA-Tunnel0] ipv6 address 2002:0501:0101::1/64
# Specify the source interface as VLAN-interface 100 for the tunnel interface.
[SwitchB-Tunnel0] source vlan-interface 100
[SwitchB-Tunnel0] quit
# Configure a static route destined for 2002::/16 through the tunnel interface.
[SwitchB] ipv6 route-static 2002:: 16 tunnel 0
Verifying the configuration
# Ping Host B from Host A or ping Host A from Host B. The ping operation succeeds.
D:\>ping6 -s 2002:201:101:1::2 2002:501:101:1::2
Pinging 2002:501:101:1::2
from 2002:201:101:1::2 with 32 bytes of data:
Reply from 2002:501:101:1::2: bytes=32 time=13ms
Reply from 2002:501:101:1::2: bytes=32 time=1ms
Reply from 2002:501:101:1::2: bytes=32 time=1ms
Reply from 2002:501:101:1::2: bytes=32 time<1ms
Ping statistics for 2002:501:101:1::2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 13ms, Average = 3ms
6to4 relay configuration example
By default, Ethernet, VLAN, and aggregate interfaces are down. To configure such an interface, bring the interface up by executing the undo shutdown command.
Network requirements
As shown in Figure 7, Switch A is a 6to4 switch, and 6to4 addresses are used on the connected IPv6 network. Switch B serves as a 6to4 relay switch and is connected to the IPv6 network (2001::/16). Configure a 6to4 tunnel between Switch A and Switch B to make Host A and Host B reachable to each other.
The configuration on a 6to4 relay switch is similar to that on a 6to4 switch. To enable communication between the 6to4 network and the IPv6 network, configure a route destined for the IPv6 network on the 6to4 switch.
Configuration procedure
Make sure Switch A and Switch B have the corresponding VLAN interfaces created and can reach each other through IPv4.
· Configure Switch A:
# Configure an IPv4 address for VLAN-interface 100.
<SwitchA> system-view
[SwitchA] interface vlan-interface 100
[SwitchA-Vlan-interface100] ip address 2.1.1.1 255.255.255.0
[SwitchA-Vlan-interface100] quit
# Configure a 6to4 address for VLAN-interface 101.
[SwitchA] interface vlan-interface 101
[SwitchA-Vlan-interface101] ipv6 address 2002:0201:0101:1::1/64
[SwitchA-Vlan-interface101] quit
# Create a 6to4 tunnel interface tunnel 0.
[SwitchA] interface tunnel 0 mode ipv6-ipv4 6to4
# Create a 6to4 address for the tunnel interface.
[SwitchA-Tunnel0] ipv6 address 2002:0201:0101::1/64
# Specify the source interface as VLAN-interface 100 for the tunnel interface.
[SwitchA-Tunnel0] source vlan-interface 100
[SwitchA-Tunnel0] quit
# Configure a static route destined for the 6to4 relay switch.
[SwitchA] ipv6 route-static 2002:0601:0101:: 64 tunnel 0
# Configure a default route to reach the IPv6 network, which specifies the address of the interface tunnel 0 of the 6to4 relay switch as the next hop.
[SwitchA] ipv6 route-static :: 0 2002:0601:0101::1
· Configure Switch B:
# Configure an IPv4 address for VLAN-interface 100.
<SwitchB> system-view
[SwitchB] interface vlan-interface 100
[SwitchB-Vlan-interface100] ip address 6.1.1.1 255.255.255.0
[SwitchB-Vlan-interface100] quit
# Configure an IPv6 address for VLAN-interface 101.
[SwitchB] interface vlan-interface 101
[SwitchB-Vlan-interface101] ipv6 address 2001::1/16
[SwitchB-Vlan-interface101] quit
# Configure a 6to4 tunnel interface tunnel 0.
[SwitchB] interface tunnel 0 mode ipv6-ipv4 6to4
# Configure a 6to4 address for the tunnel interface.
[SwitchB-Tunnel0] ipv6 address 2002:0601:0101::1/64
# Specify VLAN-interface 100 as the source interface for the tunnel interface.
[SwitchB-Tunnel0] source vlan-interface 100
[SwitchB-Tunnel0] quit
# Configure a static route destined for 2002::/16 through the tunnel interface.
[SwitchB] ipv6 route-static 2002:: 16 tunnel 0
Verifying the configuration
# Ping Host B from Host A or ping Host A from Host B. The ping operation succeeds.
D:\>ping6 -s 2002:201:101:1::2 2001::2
Pinging 2001::2
from 2002:201:101:1::2 with 32 bytes of data:
Reply from 2001::2: bytes=32 time=13ms
Reply from 2001::2: bytes=32 time=1ms
Reply from 2001::2: bytes=32 time=1ms
Reply from 2001::2: bytes=32 time<1ms
Ping statistics for 2001::2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 13ms, Average = 3ms
Configuring an ISATAP tunnel
Follow these guidelines when you configure an ISATAP tunnel:
· You do not need to configure a destination address for an ISATAP tunnel, because the destination IPv4 address is embedded in the ISATAP address.
· Because automatic tunnels do not support dynamic routing, configure a static route destined for the destination IPv6 network at each tunnel end. You can specify the local tunnel interface as the egress interface of the route or specify the IPv6 address of the peer tunnel interface as the next hop of the route. For the detailed configuration, see Layer 3—IP Routing Configuration Guide.
· The automatic tunnel interfaces using the same encapsulation protocol cannot use the same source IP address.
To configure an ISATAP tunnel:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter ISATAP tunnel interface view. |
interface tunnel number [ mode ipv6-ipv4 isatap ] |
N/A |
|
3. Specify an IPv6 address for the tunnel interface. |
For configuration details, see "Configuring IPv6 basics." |
No IPv6 address is configured for the tunnel interface by default. |
|
4. Configure a source address or source interface for the tunnel interface. |
source { ip-address | interface-type interface-number } |
By default, no source address or source interface is configured for the tunnel interface. The specified source address or the primary IP address of the specified source interface is used as the source IP address of tunneled packets. |
|
5. Return to system view. |
quit |
N/A |
Configuration example
By default, Ethernet, VLAN, and aggregate interfaces are down. To configure such an interface, bring the interface up by executing the undo shutdown command.
Network requirements
As shown in Figure 8, configure an ISATAP tunnel between the switch and the ISATAP host so the ISATAP host in the IPv4 network can access the IPv6 network.
Configuration procedure
Make sure the corresponding VLAN interfaces have been created on the switch.
Make sure VLAN-interface 101 on the ISATAP switch and the ISATAP host can reach each other through IPv4.
· Configure the switch:
# Configure an IPv6 address for VLAN-interface 100.
<Switch> system-view
[Switch] interface vlan-interface 100
[Switch-Vlan-interface100] ipv6 address 3001::1/64
[Switch-Vlan-interface100] quit
# Configure an IPv4 address for VLAN-interface 101.
[Switch] interface vlan-interface 101
[Switch-Vlan-interface101] ip address 1.1.1.1 255.0.0.0
[Switch-Vlan-interface101] quit
# Configure an ISATAP tunnel interface tunnel 0.
[Switch] interface tunnel 0 mode ipv6-ipv4 isatap
# Configure an ISATAP address for the tunnel interface tunnel 0.
[Switch-Tunnel0] ipv6 address 2001::5efe:0101:0101 64
# Configure VLAN-interface 101 as the source interface of the tunnel interface.
[Switch-Tunnel0] source vlan-interface 101
# Disable RA suppression so that the ISATAP host can acquire information such as the address prefix from the RA message advertised by the ISATAP switch.
[Switch-Tunnel0] undo ipv6 nd ra halt
[Switch-Tunnel0] quit
# Configure a static route to the ISATAP host.
[Switch] ipv6 route-static 2001:: 16 tunnel 0
· Configure the ISATAP host:
Configurations on the ISATAP host vary depending on the operating system. The following example is performed on Windows XP.
# Install IPv6.
C:\>ipv6 install
# On a host running Windows XP, the ISATAP interface is usually interface 2. Configure the IPv4 address of the ISATAP switch on the interface to complete the configuration on the host. Before doing that, view the ISATAP interface information:
C:\>ipv6 if 2
Interface 2: Automatic Tunneling Pseudo-Interface
Guid {48FCE3FC-EC30-E50E-F1A7-71172AEEE3AE}
does not use Neighbor Discovery
does not use Router Discovery
routing preference 1
EUI-64 embedded IPv4 address: 0.0.0.0
router link-layer address: 0.0.0.0
preferred link-local fe80::5efe:2.1.1.2, life infinite
link MTU 1280 (true link MTU 65515)
current hop limit 128
reachable time 42500ms (base 30000ms)
retransmission interval 1000ms
DAD transmits 0
default site prefix length 48
# A link-local address (fe80::5efe:2.1.1.2) in the ISATAP format has been automatically generated for the ISATAP interface. Configure the IPv4 address of the ISATAP switch on the ISATAP interface.
C:\>ipv6 rlu 2 1.1.1.1
# Display information about the ISATAP interface.
C:\>ipv6 if 2
Interface 2: Automatic Tunneling Pseudo-Interface
Guid {48FCE3FC-EC30-E50E-F1A7-71172AEEE3AE}
does not use Neighbor Discovery
uses Router Discovery
routing preference 1
EUI-64 embedded IPv4 address: 2.1.1.2
router link-layer address: 1.1.1.1
preferred global 2001::5efe:2.1.1.2, life 29d23h59m46s/6d23h59m46s (public)
preferred link-local fe80::5efe:2.1.1.2, life infinite
link MTU 1500 (true link MTU 65515)
current hop limit 255
reachable time 42500ms (base 30000ms)
retransmission interval 1000ms
DAD transmits 0
default site prefix length 48
The host has acquired the address prefix 2001::/64 and has automatically generated the address 2001::5efe:2.1.1.2. The message "uses Router Discovery" indicates that the router discovery function is enabled on the host.
Verifying the configuration
# Ping the IPv6 address of the tunnel interface of the switch. The ping operation succeeds, indicating an ISATAP tunnel has been established.
C:\>ping 2001::5efe:1.1.1.1
Pinging 2001::5efe:1.1.1.1 with 32 bytes of data:
Reply from 2001::5efe:1.1.1.1: time=1ms
Reply from 2001::5efe:1.1.1.1: time=1ms
Reply from 2001::5efe:1.1.1.1: time=1ms
Reply from 2001::5efe:1.1.1.1: time=1ms
Ping statistics for 2001::5efe:1.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
Displaying and maintaining tunneling configuration
Execute display commands in any view and reset commands in user view.
|
Task |
Command |
|
Display information about tunnel interfaces. |
display interface [ tunnel [ number ] ] [ brief ] |
|
Display IPv6 information on tunnel interfaces. |
display ipv6 interface [ tunnel [ number ] ] [ brief ] |
|
Clear statistics on tunnel interfaces. |
reset counters interface [ tunnel [ number ] ] |
Troubleshooting tunneling configuration
Symptom
A tunnel interface configured with related parameters such as tunnel source address, tunnel destination address, and tunnel mode cannot go up.
Analysis
The physical interface of the tunnel does not go up, or the tunnel destination is unreachable.
Solution
1. Use the display interface or display ipv6 interface commands to check whether the physical interface of the tunnel is up. If the physical interface is down, check the network connection.
2. Use the display ipv6 routing-table or display ip routing-table command to check whether the tunnel destination is reachable. If the route is not available, configure a route to reach the tunnel destination.
