Tunneling IPv6 Dynamic Routing Protocols over IPv4
In this short article, we will explore the options we have for running dynamic routing protocols in IPv6-over-IPv4 tunnels. If you’d like to skip to the results, just scroll to the very bottom of the page.
We will use the following topology, with one tunnel interface per tunneling method:
Tunnel #
Mode
100
GRE
200
Manual 6in4
300
6to4
400
6RD
R1 tunnel configuration:
ipv6 unicast-routing
!
int tun100
description GRE
ipv6 add 2001:db8:100::1/64
tunnel source lo0
tunnel destination 3.3.3.3
tunnel mode gre ip ! This is the default
!
int tun200
description 6in4
ipv6 address 2001:db8:200::1/64
tunnel source Lo0
tunnel destination 3.3.3.3
tunnel mode ipv6ip
!
int tun300
description 6to4
ipv6 address 2002:0101:0101::1/48 ! 1.1.1.1 in Hex is 0x01010101
tunnel source lo0
tunnel mode ipv6ip 6to4
!
ipv6 route 2002::/16 tun300
!
int tun400
description 6rd
ipv6 address 2001:db8:400:0101:0101::1/80 ! /48 prefix plus 32 bit IP in hex = /80
tunnel source lo0
tunnel mode ipv6ip 6rd
tunnel 6rd prefix 2001:db8:400::/48 ! 6RD allows you to use any prefix
!
ipv6 route 2001:db8:400::/48 tun400
R3 tunnel configuration:
ipv6 unicast-routing
!
int tun100
description GRE
ipv6 add 2001:db8:100::3/64
tunnel source lo0
tunnel destination 1.1.1.1
tunnel mode gre ip ! This is the default
!
int tun200
description 6in4
ipv6 address 2001:db8:200::3/64
tunnel source Lo0
tunnel destination 1.1.1.1
tunnel mode ipv6ip
!
int tun300
description 6to4
ipv6 address 2002:0303:0303::3/48 ! 3.3.3.3 in Hex is 0x03030303
tunnel source lo0
tunnel mode ipv6ip 6to4
!
ipv6 route 2002::/16 tun300
!
int tun400
description 6rd
ipv6 address 2001:db8:400:0303:0303::3/80 ! /48 prefix plus 32 bit IP in hex = /80
tunnel source lo0
tunnel mode ipv6ip 6rd
tunnel 6rd prefix 2001:db8:400::/48 ! 6RD allows you to use any prefix
!
ipv6 route 2001:db8:400::/48 tun400
Ping verifcation to make sure all tunnels are reachable:
R1#ping 2001:db8:100::3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:100::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms.
R1#ping 2001:db8:200::3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:200::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/4 ms
R1#ping 2002:0303:0303::3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2002:303:303::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
R1#ping 2001:db8:400:0303:0303::3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:400:303:303::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/4 ms
Testing
Tunneling OSPFv3 over IPv4
First we’ll try to establish an OSPF adjacency on all tunnels:
#R1 and R2
int tun100
ipv6 ospf 1 area 0
int tun200
ipv6 ospf 1 area 0
int tun300
ipv6 ospf 1 area 0
int tun400
ipv6 ospf 1 area 0
! By default, OSPFv3 will pick the loopback for the RID, so this is the minimum configuration needed
OSPF is only established on tun100 and tun200. These are our two point-to-point tunnels, for which a tunnel destination is explicitly specified. Therefore broadcast/multicast traffic is tunneled directly to the destination. 6to4 and 6rd have no destination specified - the IPv4 tunnel endpoint destinatinon is dynamically generated based on the IPv6 destination.
R1#show ipv6 ospf nei
OSPFv3 Router with ID (1.1.1.1) (Process ID 1)
Neighbor ID Pri State Dead Time Interface ID Interface
3.3.3.3 0 FULL/ - 00:00:39 18 Tunnel200
3.3.3.3 0 FULL/ - 00:00:34 17 Tunnel100
Tunneling ISIS over IPv4
Next we’ll try to run ISIS over the tunnel interfaces.
#R1
router isis
net 49.0001.0000.0000.0001.00
#R2
router isis
net 49.0001.0000.0000.0003.00
#R1 and R2
int tun100
ipv6 router isis
int tun200
ipv6 router isis
int tun300
ipv6 router isis
int tun400
ipv6 router isis
An ISIS adjacency only forms on tun100, which is our GRE tunnel. Why is that?
R1#show isis neighbors
System Id Type Interface IP Address State Holdtime Circuit Id
R3 L1L2 Tu100 UP 27 09
This is because ISIS discovery frames do not useIPv6. GRE is able to encapsulate any protocol, but 6in4 can only encapsulation IPv6 in IPv4. In the pcap below, you can see the protocol type is OSI in the GRE header:
The manual 6in4 tunnel cannot encapsulate non-IPv6 traffic.
Tunneling BGP IPv6 Unicast over IPv4
Finally we’ll run BGP for IPv6 over the tunnels, creating one peer per tunnel:
