Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 08-IPv6 over IPv6 tunneling configuration | 124.91 KB |
About IPv6 over IPv6 tunneling
Restrictions and guidelines: IPv6 over IPv6 tunnel configuration
IPv6 over IPv6 tunnel configuration tasks at a glance
Configuring an IPv6 over IPv6 tunnel
Enabling dropping IPv6 packets that use IPv4-compatible IPv6 addresses
Configuring an address pair for IPv6-in-IPv6 packet decapsulation to test the reachability of a path
Configuring a source-destination address pair for IPv6-in-IPv6 packet decapsulation
Constructing multi-layer encapsulated IPv6-in-IPv6 packets on a host
Testing the reachability of a path
Verifying and maintaining IPv6 over IPv6 tunneling
Displaying IPv6 over IPv6 tunnel interface information
Clearing IPv6 over IPv6 tunnel interface statistics
IPv6 over IPv6 tunnel configuration examples
Example: Configuring an IPv6 over IPv6 tunnel
IPv6 over IPv6 tunneling
About IPv6 over IPv6 tunneling
IPv6 over IPv6 tunneling (RFC 2473) enables isolated IPv6 networks to communicate with each other over another IPv6 network. For example, two isolated IPv6 networks that do not want to show their addresses to the Internet can use an IPv6 over IPv6 tunnel to communicate with each other.
Figure 1 Principle of IPv6 over IPv6 tunneling
Figure 1 shows the encapsulation and de-encapsulation processes.
· Encapsulation:
a. After receiving an IPv6 packet, Device A submits it to the IPv6 protocol stack.
b. The IPv6 protocol stack uses the destination IPv6 address of the packet to find the egress interface. If the egress interface is the tunnel interface, the stack delivers it to the tunnel interface.
c. After receiving the packet, the tunnel interface adds an IPv6 header to it and submits it to the IPv6 protocol stack.
d. The IPv6 protocol stack forwards the packet according to its destination IPv6 address.
· De-encapsulation:
a. Upon receiving the IPv6 packet, Device B delivers it to the IPv6 protocol stack.
b. The IPv6 protocol stack checks the protocol type of the data portion encapsulated in the IPv6 packet. If the encapsulation protocol is IPv6, the stack delivers the packet to the tunnel module.
c. The tunnel module de-encapsulates the packet and sends it back to the IPv6 protocol stack.
d. The IPv6 protocol stack forwards the IPv6 packet.
Restrictions and guidelines: IPv6 over IPv6 tunnel configuration
Follow these guidelines when you configure an IPv6 over IPv6 tunnel:
· The tunnel destination address specified on the local device must be identical with the tunnel source address specified on the tunnel peer device.
· Do not specify the same source and destination addresses for local tunnel interfaces in the same tunnel mode.
· The IPv6 address of the tunnel interface cannot be on the same subnet as the destination address configured for the tunnel interface.
· To ensure correct packet forwarding, identify whether the destination IPv6 network and the IPv6 address of the local tunnel interface are on the same subnet. If they are not, configure a route reaching the destination IPv6 network through the tunnel interface. You can configure the route by using one of the following methods:
¡ Configure a static route, and specify the local tunnel interface as the egress interface or specify the IPv6 address of the peer tunnel interface as the next hop.
¡ Enable a dynamic routing protocol on both the local and remote tunnel interfaces.
For more information about route configuration, see Layer 3—IP Routing Configuration Guide.
· The destination address of the route passing the tunnel interface cannot be on the same subnet as the destination address configured for the tunnel interface.
· IPv6 over IPv6 tunnel configuration commands include the following common tunnel interface commands:
¡ interface tunnel.
¡ source.
¡ destination.
¡ tunnel discard ipv4-compatible-packet.
¡ encapsulation-limit.
For more information about these and more tunnel interface commands, see Interface Command Reference.
IPv6 over IPv6 tunnel configuration tasks at a glance
To configure an IPv6 over IPv6 tunnel, perform the following tasks:
1. Configuring an IPv6 over IPv6 tunnel
2. (Optional.) Enabling dropping IPv6 packets that use IPv4-compatible IPv6 addresses
3. (Optional.) Configuring an address pair for IPv6-in-IPv6 packet decapsulation to test the reachability of a path
Configuring an IPv6 over IPv6 tunnel
1. Enter system view.
system-view
2. Enter IPv6 tunnel interface view or IPv6 over IPv6 tunnel interface view.
interface tunnel number [ mode { ipv6 | ipv6-ipv6 } ]
3. Configure an IPv6 address for the tunnel interface.
See IPv6 basics in Layer 3—IP Services Configuration Guide.
4. Configure the source address or source interface for the tunnel interface.
source { ipv6-address | interface-type interface-number }
By default, no source address or interface is configured for the tunnel.
If you specify a source address, it is used as the source IPv6 address of tunneled packets.
If you specify a source interface, the lowest IPv6 address of this interface is used as the source IPv6 address of tunneled packets.
5. Configure the destination address for the tunnel interface.
destination ipv6-address
By default, no destination address is configured for the tunnel.
The tunnel destination address must be the IPv6 address of the receiving interface on the tunnel peer. It is used as the destination IPv6 address of tunneled packets.
6. (Optional.) Set the maximum number of nested encapsulations of a packet.
encapsulation-limit number
By default, no limit is set to the nested encapsulations of a packet.
Enabling dropping IPv6 packets that use IPv4-compatible IPv6 addresses
1. Enter system view.
system-view
2. Enable dropping IPv6 packets that use IPv4-compatible IPv6 addresses.
tunnel discard ipv4-compatible-packet
By default, IPv6 packets that use IPv4-compatible IPv6 addresses are not dropped.
Configuring an address pair for IPv6-in-IPv6 packet decapsulation to test the reachability of a path
In some scenarios, a host needs to construct multi-layer encapsulated IPv6-in-IPv6 packets to detect whether a transmission path is reachable. Use this feature on each node along the transmission path to configure a source-destination address pair used to decapsulate the IPv6-in-IPv6 packets.
Configuring a source-destination address pair for IPv6-in-IPv6 packet decapsulation
About this task
A source-destination address pair contains a destination address and multiple source IPv6 addresses. The destination address is optional. If you do not specify a destination address, the default setting is ::. You can use one of the following methods to specify multiple source IPv6 addresses:
· Use the source ipv6-address option to specify a local IPv6 address that is reachable as the source IPv6 address.
· Use the source interface-type interface-number option to specify a source interface. The primary IPv6 address of the interface is used as the source IPv6 address.
· Use the source direct keyword to specify a group of source IPv6 addresses. With this keyword, the system traverses all local Layer 3 interfaces, VLAN interfaces, and loopback interfaces in up state. The source IPv6 addresses used for packet decapsulation are the primary IPv6 addresses of the first 1000 interfaces (except subinterfaces, interfaces in VPN instances, and inloopback interfaces).
Restrictions and guidelines
Configure a source-destination address pair on each node along the path to be detected. On the end node, you can specify a source IPv6 address, a source interface, or a group of source IPv6 addresses. On the other nodes, you must use the source direct keyword to specify a group of source IPv6 addresses.
Procedure
1. Enter system view.
system-view
2. Configure a source-destination address pair for IPv6-in-IPv6 packet decapsulation.
tunnel ipv6-in-ipv6 decapsulate-any [ destination ipv6-address ] source { ipv6-address | interface-type interface-number | direct }
By default, no source-destination address pair is configured for IPv6-in-IPv6 packet decapsulation.
Constructing multi-layer encapsulated IPv6-in-IPv6 packets on a host
Set the destination address of a packet as the IPv6 address of the host, and then encapsulate IPv6 headers layer by layer to the packet.
The encapsulation order of IPv6 headers in the IPv6-in-IPv6 packet must be opposite to the order of nodes along the path that the packet traverses. The number of encapsulated IPv6 headers is the number of link node devices × 2 - 1.
In the IPv6-in-IPv6 packet, the source and destination addresses in an IPv6 header must be consistent with the source-destination address pair on the node that decapsulates that IPv6 header.
· The source address in the IPv6 header must be the same as the destination address in the source-destination address pair.
· The destination address in the IPv6 header must be one of the source IP addresses in the source-destination address pair.
Testing the reachability of a path
When a multi-layer encapsulated IPv6-in-IPv6 packet passes through a node, the node matches the outmost source and destination addresses of the packet with the local source-destination address pair.
· If the addresses match, the node decapsulates the outmost IPv6 header from the packet.
· If the addresses do not match, the node does not decapsulate the outmost IPv6 header from the packet.
After the node decapsulates the IPv6 header, it forwards the packet to the next node according to the forwarding table. The subsequent nodes along the path successively perform the same matching and decapsulation operations as this node until the end node completes the decapsulation. Because the destination address of the original packet is the host's IPv6 address, the end node forwards the packet back to the host.
· If the packet can return to the host, the path is reachable.
· If the packet cannot return to the host, the path is not reachable.
Verifying and maintaining IPv6 over IPv6 tunneling
Displaying IPv6 over IPv6 tunnel interface information
Perform display tasks in any view.
· Display IPv6 over IPv6 tunnel interface information.
display tunnel-interface [ number ]
For more information about this command, see tunnel interface commands in Interface Command Reference.
· Display information about IPv6 over IPv6 tunnel interfaces.
display interface [ tunnel [ number ] ] [ brief [ description | down ] ]
For more information about this command, see tunnel interface commands in Interface Command Reference.
· Display IPv6 information about IPv6 over IPv6 tunnel interfaces.
display ipv6 interface [ tunnel [ number ] ] [ brief ]
For more information about this command, see IPv6 basics in Layer 3—IP Services Command Reference.
Clearing IPv6 over IPv6 tunnel interface statistics
Perform clear tasks in user view.
· Clear IPv6 over IPv6 tunnel interface statistics.
reset counters interface [ tunnel [ number ] ]
For more information about this command, see common interface commands in Interface Command Reference.
· Clear IPv6 statistics on IPv6 over IPv6 tunnel interfaces.
reset ipv6 statistics [ slot slot-number ]
For more information about this command, see IPv6 basics in Layer 3—IP Services Command Reference.
IPv6 over IPv6 tunnel configuration examples
Example: Configuring an IPv6 over IPv6 tunnel
Network configuration
As shown in Figure 2, configure an IPv6 over IPv6 tunnel between Router A and Router B so the two networks can reach each other without disclosing their IPv6 addresses.
Prerequisites
Make sure Router A and Router B can reach each other through IPv6.
Procedure
1. Configure Router A:
# Specify an IPv6 address for GigabitEthernet 1/0/1.
<RouterA> system-view
[RouterA] interface gigabitethernet 1/0/1
[RouterA-GigabitEthernet1/0/1] ipv6 address 2002:1::1 64
[RouterA-GigabitEthernet1/0/1] quit
# Specify an IPv6 address for Serial 2/1/0, which is the physical interface of the tunnel.
[RouterA] interface serial 2/1/0
[RouterA-Serial2/1/0] ipv6 address 2001::11:1 64
[RouterA-Serial2/1/0] quit
# Create IPv6 tunnel interface Tunnel 1.
[RouterA] interface tunnel 1 mode ipv6
# Specify an IPv6 address for the tunnel interface.
[RouterA-Tunnel1] ipv6 address 3001::1:1 64
# Specify the IP address of Serial 2/1/0 as the source address for the tunnel interface.
[RouterA-Tunnel1] source 2001::11:1
# Specify the IP address of Serial 2/1/1 on Router B as the destination address for the tunnel interface.
[RouterA-Tunnel1] destination 2002::22:1
[RouterA-Tunnel1] quit
# Configure a static route destined for the IPv6 network group 2 through the tunnel interface.
[RouterA] ipv6 route-static 2002:3:: 64 tunnel 1
2. Configure Router B:
# Specify an IPv6 address for GigabitEthernet 1/0/1.
<RouterB> system-view
[RouterB] interface gigabitethernet 1/0/1
[RouterB-GigabitEthernet1/0/1] ipv6 address 2002:3::1 64
[RouterB-GigabitEthernet1/0/1] quit
# Specify an IPv6 address for Serial 2/1/1, which is the physical interface of the tunnel.
[RouterB] interface serial 2/1/1
[RouterB-Serial2/1/1] ipv6 address 2002::22:1 64
[RouterB-Serial2/1/1] quit
# Create IPv6 tunnel interface Tunnel 2.
[RouterB] interface tunnel 2 mode ipv6
# Specify an IPv6 address for the tunnel interface.
[RouterB-Tunnel2] ipv6 address 3001::1:2 64
# Specify the IP address of Serial 2/1/1 as the source address for the tunnel interface.
[RouterB-Tunnel2] source 2002::22:1
# Specify the IP address of Serial 2/1/0 on Router A as the destination address for the tunnel interface.
[RouterB-Tunnel2] destination 2001::11:1
[RouterB-Tunnel2] quit
# Configure a static route destined for the IPv6 network group 1 through the tunnel interface.
[RouterB] ipv6 route-static 2002:1:: 64 tunnel 2
Verifying the configuration
# Use the display ipv6 interface command to display the status of the tunnel interfaces on Router A and Router B. Verify that the tunnel interfaces are up. (Details not shown.)
# Verify that Router A and Router B can ping the IPv6 address of the peer interface GigabitEthernet 1/0/1. This example uses Router A.
[RouterA] ping ipv6 -a 2002:1::1 2002:3::1
Ping6(56 data bytes) 2002:1::1 --> 2002:3::1, press CTRL_C to break
56 bytes from 2002:3::1, icmp_seq=0 hlim=64 time=9.000 ms
56 bytes from 2002:3::1, icmp_seq=1 hlim=64 time=1.000 ms
56 bytes from 2002:3::1, icmp_seq=2 hlim=64 time=0.000 ms
56 bytes from 2002:3::1, icmp_seq=3 hlim=64 time=0.000 ms
56 bytes from 2002:3::1, icmp_seq=4 hlim=64 time=0.000 ms
--- Ping6 statistics for 2002:3::1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.000/2.000/9.000/3.521 ms
