Monday, 18 May 2015

6to4 tunnel more



6to4 is an Internet transition mechanism for migrating from IPv4 to IPv6, a system that allows IPv6 packets to be transmitted over an IPv4 network (generally the IPv4 Internet) without the need to configure explicit tunnels. Special relay servers are also in place that allow 6to4 networks to communicate with native IPv6 networks.
6to4 is especially relevant during the initial phases of deployment to full, native IPv6 connectivity, since IPv6 is not required on nodes between the host and the destination. However, it is intended only as a transition mechanism and is not meant to be used permanently.
6to4 may be used by an individual host, or by a local IPv6 network. When used by a host, it must have a global IPv4 address connected, and the host is responsible for encapsulation of outgoing IPv6 packets and decapsulation of incoming 6to4 packets. If the host is configured to forward packets for other clients, often a local network, it is then a router.
Most IPv6 networks use autoconfiguration, which requires the last 64 bits for the host. The first 64 bits are the IPv6 prefix. The first 16 bits of the prefix are always 2002:, the next 32 bits are the IPv4 address, and the last 16 bits of the prefix are available for addressing multiple IPv6 subnets behind the same 6to4 router. Since the IPv6 hosts using autoconfiguration already have determined the unique 64 bit host portion of their address, they must simply wait for a Router Advertisement indicating the first 64 bits of prefix to have a complete IPv6 address. A 6to4 router will know to send an encapsulated packet directly over IPv4 if the first 16 bits are 2002, using the next 32 as the destination, or otherwise send the packet to a well-known relay server, which has access to native IPv6.
6to4 does not facilitate interoperation between IPv4-only hosts and IPv6-only hosts. 6to4 is simply a transparent mechanism used as a transport layer between IPv6 nodes.
Due to the high levels of misconfigured hosts and poor performance observed, an advisory about how 6to4 should be deployed was published in August 2011.[1]

Contents

How 6to4 works

6to4
6to4 performs three functions:
  • Assigns a block of IPv6 address space to any host or network that has a global IPv4 address.
  • Encapsulates IPv6 packets inside IPv4 packets for transmission over an IPv4 network using 6in4.
  • Routes traffic between 6to4 and "native" IPv6 networks.

Address block allocation

6to4 address
For any 32-bit global IPv4 address that is assigned to a host, a 48-bit 6to4 IPv6 prefix can be constructed for use by that host (and if applicable the network behind it) by appending the IPv4 address to 2002::/16.
For example the global IPv4 address 192.0.2.4 has the corresponding 6to4 prefix 2002:c000:0204::/48. This gives a prefix length of 48 bits, which leaves room for a 16-bit subnet field and 64 bit host addresses within the subnets.
Any IPv6 address that begins with the 2002::/16 prefix (in other words, any address with the first two octets of 2002 hexadecimal) is known as a 6to4 address, as opposed to a native IPv6 address which does not use transition technologies.
Note that using a reserved IPv4 address, such as those provided by RFC 1918, is undefined, since these networks are disallowed from being routed on the public Internet. For example, using 192.168.1.1 as the router's WAN address would be invalid since a return packet would not be able to determine the destination IPv4 address of the actual sender.

Encapsulation and transmission

6to4 embeds an IPv6 packet in the payload portion of an IPv4 packet with protocol type 41. To send an IPv6 packet over an IPv4 network to a 6to4 destination address, an IPv4 header with protocol type 41 is prepended to the IPv6 packet. The IPv4 destination address for the prepended packet header is derived from the IPv6 destination address of the inner packet (which is in the format of a 6to4 address), by extracting the 32 bits immediately following the IPv6 destination address's 2002::/16 prefix. The IPv4 source address in the prepended packet header is the IPv4 address of the host or router which is sending the packet over IPv4. The resulting IPv4 packet is then routed to its IPv4 destination address just like any other IPv4 packet.

Routing between 6to4 and native IPv6

To allow hosts and networks using 6to4 addresses to exchange traffic with hosts using "native" IPv6 addresses, "relay routers" have been established. A relay router connects to an IPv4 network and an IPv6 network. 6to4 packets arriving on an IPv4 interface will have their IPv6 payloads routed to the IPv6 network, while packets arriving on the IPv6 interface with a destination address prefix of 2002::/16 will be encapsulated and forwarded over the IPv4 network.
There is a difference between a "relay router" and a "border router" (also known as a "6to4 border router"). A 6to4 border router is an IPv6 router supporting a 6to4 pseudo-interface. It is normally the border router between an IPv6 site and a wide-area IPv4 network, where the IPv6 site uses 2002::/16 co-related to the IPv4 address used later on. On the other hand, a "relay router" is a 6to4 router configured to support transit routing between 6to4 addresses and pure native IPv6 addresses.
To allow a 6to4 host to communicate with the native IPv6 Internet, it must have its IPv6 default gateway set to a 6to4 address which contains the IPv4 address of a 6to4 relay router. To avoid the need for users to set this up manually, the anycast address of 192.88.99.1 has been allocated for the purpose of sending packets to a 6to4 relay router. Note that when wrapped in 6to4 with the subnet and hosts fields set to zero this IPv4 address (192.88.99.1) becomes the IPv6 address 2002:c058:6301::. To ensure BGP routing propagation, a short prefix of 192.88.99.0/24 has been allocated for routes pointed at 6to4 relay routers that use this anycast IP address. Providers willing to provide 6to4 service to their clients or peers should advertise the anycast prefix like any other IP prefix, and route the prefix to their 6to4 relay.
Packets from the IPv6 Internet to 6to4 systems must be sent to a 6to4 relay router by normal IPv6 routing methods. The specification states that such relay routers must only advertise 2002::/16 and not subdivisions of it to prevent IPv4 routes polluting the routing tables of IPv6 routers. From here they can then be sent over the IPv4 Internet to the destination.
For a 6to4 host to have fast and reliable connectivity with a host natively using the IPv6 Internet, both the 6to4 host and the native IPv6 host must have a route to a fast, reliable and correctly configured relay server. The 6to4 host's ISP can ensure that outgoing packets go to such a relay, but they have no control over the relay used for the responses from the native IPv6 host. A variant called IPv6 rapid deployment ("6rd") uses the same basic principles as 6to4 but uses a relay operated by the 6rd user's ISP for traffic in both directions. To achieve this an address block allocated by the user's ISP is used instead of 2002::/16.

Reverse DNS delegation

When a site using 6to4 has a fixed global IPv4 address, its 6to4 IPv6 prefix is also fixed. It is then possible to request reverse DNS delegation for an individual 6to4 48-bits prefix inside the 2.0.0.2.ip6.arpa DNS zone from the Number Resource Organization at [1] . The process is entirely automatic.

Security considerations

According to RFC 3964, 6to4 routers and relays should ensure that:
  • either or both the source and destination addresses of any encapsulated packet is within the 6to4 IPv6 prefix 2002::/16,
  • if the source IPv6 address is a 6to4 IPv6 address, its corresponding 6to4 router IPv4 address matches the IPv4 source address in the IPv4 encapsulation header,
  • similarly, if the destination IPv6 address is a 6to4 IPv6 address, its corresponding 6to4 router IPv4 address matches the IPv4 destination address in the IPv4 encapsulation header,
  • any embedded 6to4 router IPv4 address is global unicast.

6to4 relays

Pv6 6to4 Relay Routing Service
Overview of UW-Madison 6to4 protocol IPv6 service for both the campus and wan environments. Update: Nov. 2012, 6to4 relay routing has been effectively deprecated. Do not use it. Essentially, 6to4 was elegantly sunsetted by the availability of native IPv6 connectivity, the 6rd tunneling mechanism which fixes issues with blindly picking relays, with the help of implementations of rfc6724 and "happy eyeballs" enabled by default on all new clients. For more information, see draft-ietf-v6ops-6to4-to-historic. At this time, UW's as well as most all other public open relays have been disabled.

IPV6 6to4 Tunnel

IPv6 Automatic 6to4 Tunnels

This feature provides support for IPv6 automatic 6to4 tunnels. An automatic 6to4 tunnel allows isolated IPv6 domains to be connected over an IPv4 network to remote IPv6 networks.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Information About IPv6 Automatic 6to4 Tunnels


Automatic 6to4 Tunnels

An automatic 6to4 tunnel allows isolated IPv6 domains to be connected over an IPv4 network to remote IPv6 networks. The key difference between automatic 6to4 tunnels and manually configured tunnels is that the tunnel is not point-to-point; it is point-to-multipoint. In automatic 6to4 tunnels, routers are not configured in pairs because they treat the IPv4 infrastructure as a virtual nonbroadcast multiaccess (NBMA) link. The IPv4 address embedded in the IPv6 address is used to find the other end of the automatic tunnel.
An automatic 6to4 tunnel may be configured on a border router in an isolated IPv6 network, which creates a tunnel on a per-packet basis to a border router in another IPv6 network over an IPv4 infrastructure. The tunnel destination is determined by the IPv4 address of the border router extracted from the IPv6 address that starts with the prefix 2002::/16, where the format is 2002:border-router-IPv4-address ::/48. Following the embedded IPv4 address are 16 bits that can be used to number networks within the site. The border router at each end of a 6to4 tunnel must support both the IPv4 and IPv6 protocol stacks. 6to4 tunnels are configured between border routers or between a border router and a host.
The simplest deployment scenario for 6to4 tunnels is to interconnect multiple IPv6 sites, each of which has at least one connection to a shared IPv4 network. This IPv4 network could be the global Internet or a corporate backbone. The key requirement is that each site have a globally unique IPv4 address; the Cisco software uses this address to construct a globally unique 6to4/48 IPv6 prefix. As with other tunnel mechanisms, appropriate entries in a Domain Name System (DNS) that map between hostnames and IP addresses for both IPv4 and IPv6 allow the applications to choose the required address.

How to Configure IPv6 Automatic 6to4 Tunnels


Configuring Automatic 6to4 Tunnels

Before You Begin With 6to4 tunnels, the tunnel destination is determined by the border router IPv4 address, which is concatenated to the prefix 2002::/16 in the format 2002:border-router-IPv4-address ::/48. The border router at each end of a 6to4 tunnel must support both the IPv4 and IPv6 protocol stacks.

Note


The configuration of only one IPv4-compatible tunnel and one 6to4 IPv6 tunnel is supported on a router. If you choose to configure both of those tunnel types on the same router, we strongly recommend that they do not share the same tunnel source.
The reason that a 6to4 tunnel and an IPv4-compatible tunnel cannot share an interface is that both of them are NBMA "point-to-multipoint" access links and only the tunnel source can be used to reorder the packets from a multiplexed packet stream into a single packet stream for an incoming interface. So when a packet with an IPv4 protocol type of 41 arrives on an interface, that packet is mapped to an IPv6 tunnel interface based on the IPv4 address. However, if both the 6to4 tunnel and the IPv4-compatible tunnel share the same source interface, the router is not able to determine the IPv6 tunnel interface to which it should assign the incoming packet.
IPv6 manually configured tunnels can share the same source interface because a manual tunnel is a "point-to-point" link, and both the IPv4 source and IPv4 destination of the tunnel are defined.
>
SUMMARY STEPS
    1.    enable
    2.    configure terminal
    3.    interface tunnel tunnel-number
    4.    ipv6 address {ipv6-address / prefix-length | prefix-name sub-bits/prefix-length
    5.    tunnel source {ip-address| interface-t ype interface-number}
    6.    tunnel mode ipv6ip [6rd | 6to4 | auto-tunnel | isatap
    7.    exit
    8.    ipv6 route [vrf vrf-name] ipv6-prefix / prefix-length{ipv6-address | interface-type interface-number [ipv6-address]} [nexthop-vrf [vrf-name1 | default]] [administrative-distance] [administrative-multicast-distance | unicast | multicast] [next-hop-address] [tag tag]

DETAILED STEPS
 Command or ActionPurpose
Step 1 enable


Example:
Router> enable
 
Enables privileged EXEC mode.
  • Enter your password if prompted.
 
Step 2 configure terminal


Example:
Router# configure terminal
 
Enters global configuration mode.
 
Step 3 interface tunnel tunnel-number


Example:
Router(config)# interface tunnel 1
 
Specifies a tunnel interface and number, and enters interface configuration mode.
 
Step 4 ipv6 address {ipv6-address / prefix-length | prefix-name sub-bits/prefix-length


Example:
Router(config-if)# ipv6 address 3ffe:b00:c18:1::3/127
 
Specifies the IPv6 network assigned to the interface and enables IPv6 processing on the interface.
 
Step 5 tunnel source {ip-address| interface-t ype interface-number}


Example:
Router(config-if)# tunnel source loopback 1
 
Specifies the source interface type and number for the tunnel interface.
 
Step 6 tunnel mode ipv6ip [6rd | 6to4 | auto-tunnel | isatap


Example:
Router(config-if)# tunnel mode ipv6ip 6rd
 
Configures a static IPv6 tunnel interface.
  • The auto-tunnel keyword is not supported on Cisco ASR 1000 series routers.
 
Step 7 exit


Example:
Router(config-if) exit
 
Exits interface configuration mode, and enters global configuration mode.
 
Step 8 ipv6 route [vrf vrf-name] ipv6-prefix / prefix-length{ipv6-address | interface-type interface-number [ipv6-address]} [nexthop-vrf [vrf-name1 | default]] [administrative-distance] [administrative-multicast-distance | unicast | multicast] [next-hop-address] [tag tag]


Example:
Router(config)# ipv6 route 2002::/16 tunnel 0
 
Configures a static route for the IPv6 6to4 prefix 2002::/16 to the specified tunnel interface.
Note    When configuring a 6to4 overlay tunnel, you must configure a static route for the IPv6 6to4 prefix 2002::/16 to the 6to4 tunnel interface.
  • The tunnel number specified in the ipv6 route command must be the same tunnel number specified in the interface tunnel command.
 

Configuration Examples for IPv6 Automatic 6to4 Tunnels


Example: Configuring 6to4 Tunnels

The following example configures a 6to4 tunnel on a border router in an isolated IPv6 network. The IPv4 address is 192.168.99.1, which translates to the IPv6 prefix of 2002:c0a8:6301::/48. The IPv6 prefix is subnetted into 2002:c0a8:6301::/64 for the tunnel interface: 2002:c0a8:6301:1::/64 for the first IPv6 network, and 2002:c0a8:6301:2::/64 for the second IPv6 network. The static route ensures that any other traffic for the IPv6 prefix 2002::/16 is directed to tunnel interface 0 for automatic tunneling.
interface GigabitEthernet0/0/0
 description IPv4 uplink
 ip address 192.168.99.1 255.255.255.0
!
interface GigabitEthernet1/0/0
 description IPv6 local network 1
 ipv6 address 2002:c0a8:6301:1::1/64 
!
interface GigabitEthernet2/0/0
 description IPv6 local network 2
 ipv6 address 2002:c0a8:6301:2::1/64 
!
interface Tunnel0
 description IPv6 uplink
 no ip address
 ipv6 address 2002:c0a8:6301::1/64 
 tunnel source GigabitEthernet0/0/0
 tunnel mode ipv6ip 6to4
!
ipv6 route 2002::/16 tunnel 0

Additional References

Related Documents

Related Topic
Document Title
IPv6 addressing and connectivity
IPv6 Configuration Guide
Cisco IOS commands
Cisco IOS Master Commands List, All Releases
IPv6 commands
Cisco IOS IPv6 Command Reference
Cisco IOS IPv6 features
Cisco IOS IPv6 Feature Mapping

Standards and RFCs

Standard/RFC
Title
RFCs for IPv6
IPv6 RFCs

MIBs

MIB
MIBs Link

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
http:/​/​www.cisco.com/​go/​mibs

Technical Assistance

Description
Link
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.
http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

Feature Information for IPv6 Automatic 6to4 Tunnels

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.
Table 1 Feature Information for IPv6 Automatic 6to4 Tunnels
Feature Name
Releases
Feature Information
IPv6 Tunneling: Automatic 6to4 Tunnels
Cisco IOS XE Release 2.1
An automatic 6to4 tunnel allows isolated IPv6 domains to be connected over an IPv4 network to remote IPv6 networks.
The following commands were introduced or modified: tunnel mode ipv6ip, tunnel source.

IPV6RD rapid deployment

IPv6 Rapid Deployment

The IPv6 rapid deployment feature allows a service provider to provide a unicast IPv6 service to customers over its IPv4 network by using encapsulation of IPv6 in IPv4.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Information About IPv6 Rapid Deployment


IPv6 Rapid Deployment Tunnels

The 6RD feature is an extension of the 6to4 feature. The 6RD feature allows a service provider (SP) to provide a unicast IPv6 service to customers over its IPv4 network by using encapsulation of IPv6 in IPv4.
The main differences between 6RD and 6to4 tunneling are as follows:
  • 6RD does not require addresses to have a 2002::/16 prefix; therefore, the prefix can be from the SP’s own address block. This function allows the 6RD operational domain to be within the SP network. From the perspective of customer sites and the general IPv6 internet connected to a 6RD-enabled SP network, the IPv6 service provided is equivalent to native IPv6.
  • All 32 bits of the IPv4 destination need not be carried in the IPv6 payload header. The IPv4 destination is obtained from a combination of bits in the payload header and information on the router. Furthermore, the IPv4 address is not at a fixed location in the IPv6 header as it is in 6to4.
The 6RD SP prefix was selected by the SP for the IPv6 deployment shown in the figure below. The 6RD delegated prefix is derived from the SP prefix and the IPv4 address bits, and is used by the CE for hosts within its site.
Figure 1. 6RD Deployment

The figure below shows how 6RD prefix delegation works.
Figure 2. 6RD Prefix Delegation Explanation

The figure below shows a 6RD prefix delegation topology.
Figure 3. 6RD Prefix Delegation and Explanation

How to Configure IPv6 Rapid Deployment


Configuring 6RD Tunnels

SUMMARY STEPS
    1.    enable
    2.    configure terminal
    3.    interface tunnel tunnel-number
    4.    tunnel source {ip-address| interface-t ype interface-number}
    5.    tunnel mode ipv6ip [6rd | 6to4 | auto-tunnel | isatap]
    6.    tunnel 6rd prefix ipv6-prefix / prefix-length
    7.    tunnel 6rd ipv4 {prefix-length length} {suffix-length length}

DETAILED STEPS
 Command or ActionPurpose
Step 1 enable


Example:
Router> enable
 
Enables privileged EXEC mode.
  • Enter your password if prompted.
 
Step 2 configure terminal


Example:
Router# configure terminal
 
Enters global configuration mode.
 
Step 3 interface tunnel tunnel-number


Example:
Router(config)# interface tunnel 1
 
Specifies a tunnel interface and number, and enters interface configuration mode.
 
Step 4 tunnel source {ip-address| interface-t ype interface-number}


Example:
Router(config-if)# tunnel source loopback 1
 
Specifies the source interface type and number for the tunnel interface.
 
Step 5 tunnel mode ipv6ip [6rd | 6to4 | auto-tunnel | isatap]


Example:
Router(config-if)# tunnel mode ipv6ip 6rd
 
Configures a static IPv6 tunnel interface.
  • The auto-tunnel keyword is not supported on Cisco ASR 1000 series routers.
 
Step 6 tunnel 6rd prefix ipv6-prefix / prefix-length


Example:
Router(config-if)# tunnel 6rd prefix 2001:B000::/32
 
Specifies the common IPv6 prefix on IPv6 rapid 6RD tunnels.
 
Step 7 tunnel 6rd ipv4 {prefix-length length} {suffix-length length}


Example:
Router(config-if)# tunnel 6rd ipv4 prefix-length 16 suffix 8
 
Specifies the prefix length and suffix length of the IPv4 transport address common to all the 6RD routers in a domain.
 

Configuration Examples for IPv6 Rapid Deployment


Example: Configuring 6RD Tunnels

The following example shows the running configuration of a 6RD tunnel and the corresponding output of the show tunnel 6rd command:
interface Tunnel1
 ipv6 address 2001:B000:100::1/32
 tunnel source loopback 1
 tunnel mode ipv6ip 6rd 
 tunnel 6rd prefix 2001:B000::/32 
 tunnel 6rd ipv4 prefix-len 16 suffix-len 8
end 
Router# show tunnel 6rd tunnel 1
Interface Tunnel1: 
  Tunnel Source: 10.1.1.1 
  6RD: Operational, V6 Prefix: 2001:B000::/32 
  V4 Common Prefix Length: 16, Value: 10.1.0.0
  V4 Common Suffix Length: 8, Value: 0.0.0.1 

Additional References

Related Documents

Related Topic
Document Title
IPv6 addressing and connectivity
IPv6 Configuration Guide
Cisco IOS commands
Cisco IOS Master Commands List, All Releases
IPv6 commands
Cisco IOS IPv6 Command Reference
Cisco IOS IPv6 features
Cisco IOS IPv6 Feature Mapping

Standards and RFCs

Standard/RFC
Title
RFCs for IPv6
IPv6 RFCs

Technical Assistance

Description
Link
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.
http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

Feature Information for IPv6 Rapid Deployment

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.
Table 1 Feature Information for IPv6 Rapid Deployment
Feature Name
Releases
Feature Information
IP Tunneling: 6RD IPv6 Rapid Deployment
Cisco IOS XE Release 3.1S
The 6RD feature allows a service provider to provide a unicast IPv6 service to customers over its IPv4 network by using encapsulation of IPv6 in IPv4.
The following commands were introduced or modified: tunnel 6rd ipv4, tunnel 6rd prefix, tunnel mode ipv6ip, tunnel source.

ISATAP intrasite automatic tunnel addressing protocol

ISATAP Tunnel Support for IPv6

ISATAP is an automatic overlay tunneling mechanism that uses the underlying IPv4 network as a NBMA link layer for IPv6

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Information About ISATAP Tunnel Support for IPv6



Overlay Tunnels for IPv6

Overlay tunneling encapsulates IPv6 packets in IPv4 packets for delivery across an IPv4 infrastructure (a core network or the figure below). By using overlay tunnels, you can communicate with isolated IPv6 networks without upgrading the IPv4 infrastructure between them. Overlay tunnels can be configured between border devices or between a border device and a host; however, both tunnel endpoints must support both the IPv4 and IPv6 protocol stacks. IPv6 supports the following types of overlay tunneling mechanisms:

  • Manual
  • Generic routing encapsulation (GRE)
  • IPv4-compatible
  • 6to4
  • Intrasite Automatic Tunnel Addressing Protocol (ISATAP)
Figure 1. Overlay Tunnels



Note


Overlay tunnels reduce the maximum transmission unit (MTU) of an interface by 20 octets (assuming that the basic IPv4 packet header does not contain optional fields). A network that uses overlay tunnels is difficult to troubleshoot. Therefore, overlay tunnels that connect isolated IPv6 networks should not be considered a final IPv6 network architecture. The use of overlay tunnels should be considered as a transition technique toward a network that supports both the IPv4 and IPv6 protocol stacks or just the IPv6 protocol stack.

Use the table below to help you determine which type of tunnel that you want to configure to carry IPv6 packets over an IPv4 network.

Table 1 Suggested Usage of Tunnel Types to Carry IPv6 Packets over an IPv4 Network
Tunneling Type Suggested Usage Usage Notes
Manual Simple point-to-point tunnels that can be used within a site or between sites. Can carry IPv6 packets only.
GRE- and IPv4- compatible Simple point-to-point tunnels that can be used within a site or between sites. Can carry IPv6, Connectionless Network Service (CLNS), and many other types of packets.
IPv4- compatible Point-to-multipoint tunnels. Uses the ::/96 prefix. We do not recommend using this tunnel type.
6to4 Point-to-multipoint tunnels that can be used to connect isolated IPv6 sites. Sites use addresses from the 2002::/16 prefix.
6RD IPv6 service is provided to customers over an IPv4 network by using encapsulation of IPv6 in IPv4. Prefixes can be from the SP’s own address block.
ISATAP Point-to-multipoint tunnels that can be used to connect systems within a site. Sites can use any IPv6 unicast addresses.
Individual tunnel types are discussed in detail in this document. We recommend that you review and understand the information about the specific tunnel type that you want to implement. When you are familiar with the type of tunnel you need, see the table below for a summary of the tunnel configuration parameters that you may find useful.

Table 2 Tunnel Configuration Parameters by Tunneling Type
Tunneling Type Tunnel Configuration Parameter
Tunnel Mode Tunnel Source Tunnel Destination Interface Prefix or Address
Manual ipv6ip An IPv4 address, or a reference to an interface on which IPv4 is configured. An IPv4 address. An IPv6 address.
GRE/IPv4 gre ip An IPv4 address. An IPv6 address.
IPv4- compatible ipv6ip auto-tunnel Not required. These are all point-to-multipoint tunneling types. The IPv4 destination address is calculated, on a per-packet basis, from the IPv6 destination. Not required. The interface address is generated as ::tunnel-source/96.
6to4 ipv6ip 6to4 An IPv6 address. The prefix must embed the tunnel source IPv4 address.
6RD ipv6ip 6rd An IPv6 address.
ISATAP ipv6ip isatap An IPv6 prefix in modified eui-64 format. The IPv6 address is generated from the prefix and the tunnel source IPv4 address.

ISATAP Tunnels

ISATAP is an automatic overlay tunneling mechanism that uses the underlying IPv4 network as a NBMA link layer for IPv6. ISATAP is designed for transporting IPv6 packets within a site where a native IPv6 infrastructure is not yet available; for example, when sparse IPv6 hosts are deployed for testing. ISATAP tunnels allow individual IPv4 or IPv6 dual-stack hosts within a site to communicate with other such hosts on the same virtual link, basically creating an IPv6 network using the IPv4 infrastructure.
The ISATAP router provides standard router advertisement network configuration support for the ISATAP site. This feature allows clients to automatically configure themselves as they would do if they were connected to a GigabitEthernet or FastEthernet. It can also be configured to provide connectivity out of the site. ISATAP uses a well-defined IPv6 address format composed of any unicast IPv6 prefix (/64), which can be link local, or global (including 6to4 prefixes), enabling IPv6 routing locally or on the Internet. The IPv4 address is encoded in the last 32 bits of the IPv6 address, enabling automatic IPv6-in-IPv4 tunneling.
Although the ISATAP tunneling mechanism is similar to other automatic tunneling mechanisms, such as IPv6 6to4 tunneling, ISATAP is designed for transporting IPv6 packets within a site, not between sites.
ISATAP uses unicast addresses that include a 64-bit IPv6 prefix and a 64-bit interface identifier. The interface identifier is created in modified EUI-64 format in which the first 32 bits contain the value 000:5EFE to indicate that the address is an IPv6 ISATAP address. The table below describes an ISATAP address format.

Table 3 IPv6 ISATAP Address Format
64 Bits 32 Bits 32 Bits
link local or global IPv6 unicast prefix 0000:5EFE IPv4 address of the ISATAP link
As shown in the table above, an ISATAP address consists of an IPv6 prefix and the ISATAP interface identifier. This interface identifier includes the IPv4 address of the underlying IPv4 link. The following example shows what an actual ISATAP address would look like if the prefix is 2001:DB8:1234:5678::/64 and the embedded IPv4 address is 10.173.129.8. In the ISATAP address, the IPv4 address is expressed in hexadecimal as 0AAD:8108:
2001:DB8:1234:5678:0000:5EFE:0AAD:8108

How to Configure ISATAP Tunnel Support for IPv6



Configuring ISATAP Tunnels

Before You Begin The tunnel source command used in the configuration of an ISATAP tunnel must point to an interface with an IPv4 address configured. The ISATAP IPv6 address and prefix (or prefixes) advertised are configured as for a native IPv6 interface. The IPv6 tunnel interface must be configured with a modified EUI-64 address because the last 32 bits in the interface identifier are constructed using the IPv4 tunnel source address.
SUMMARY STEPS
    1.    enable
    2.    configure terminal
    3.    interface tunnel tunnel-number
    4.    ipv6 address {ipv6-address / prefix-length | prefix-name sub-bits/prefix-length
    5.    no ipv6 nd ra suppress
    6.    tunnel source {ip-address| interface-type interface-number}
    7.    tunnel mode ipv6ip [6rd | 6to4 | auto-tunnel | isatap

DETAILED STEPS
Command or ActionPurpose
Step 1 enable


Example:
Router> enable
 
Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2 configure terminal


Example:
Router# configure terminal
 
Enters global configuration mode.
 
Step 3 interface tunnel tunnel-number


Example:
Router(config)# interface tunnel 1
 
Specifies a tunnel interface and number, and enters interface configuration mode.
 
Step 4 ipv6 address {ipv6-address / prefix-length | prefix-name sub-bits/prefix-length


Example:
Router(config-if)# ipv6 address 2001:DB8:6301::/64 eui-64
 
Specifies the IPv6 address assigned to the interface and enables IPv6 processing on the interface.
 
Step 5 no ipv6 nd ra suppress


Example:
Router(config-if)# no ipv6 nd ra suppress
 
Sending of IPv6 router advertisements is disabled by default on tunnel interfaces. This command reenables the sending of IPv6 router advertisements to allow client autoconfiguration.
 
Step 6 tunnel source {ip-address| interface-type interface-number}


Example:
Router(config-if)# tunnel source gigabitethernet 1/0/1
 
Specifies the source interface type and number for the tunnel interface.

Note    The interface type and number specified in the tunnel source command must be configured with an IPv4 address.
 
Step 7 tunnel mode ipv6ip [6rd | 6to4 | auto-tunnel | isatap


Example:
Router(config-if)# tunnel mode ipv6ip isatap
 
Specifies an IPv6 overlay tunnel using a ISATAP address.

  • The auto-tunnel keyword is not supported on Cisco ASR 1000 series routers.
 

Configuration Examples for ISATAP Tunnel Support for IPv6



Example: Configuring ISATAP Tunnels

The following example shows the tunnel source defined on GigabitEthernet 0/0/0 and the tunnel mode command used to configure the ISATAP tunnel. Router advertisements are enabled to allow client autoconfiguration.
ipv6 unicast-routing
interface tunnel 1
 tunnel source Gigabitethernet 0/0/0
 tunnel mode ipv6ip isatap
 ipv6 address 2001:DB8::/64 eui-64
 no ipv6 nd ra suppress
 exit

Additional References


Related Documents


Related Topic Document Title
IPv6 addressing and connectivity Cisco IOS IPv6 Configuration Guide
Cisco IOS commands Cisco IOS Master Commands List, All Releases
IPv6 commands Cisco IOS IPv6 Command Reference
Cisco IOS IPv6 features Cisco IOS IPv6 Feature Mapping

Standards and RFCs


Standard/RFC Title
RFCs for IPv6 IPv6 RFCs

Technical Assistance


Description Link
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

Feature Information for ISATAP Tunnel Support for IPv6

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Table 4 Feature Information for ISATAP Tunnel Support for IPv6
Feature Name Releases Feature Information
ISATAP Tunnel Support for IPv6 Cisco IOS XE Release 2.1 ISATAP is an automatic overlay tunneling mechanism that uses the underlying IPv4 network as a NBMA link layer for IPv6.
The following commands were introduced or modified: ipv6 nd ra suppress, tunnel mode ipv6ip, tunnel source.