Manual IPv6 GRE tunnel over IPv4

OVERVIEW

By definition, GRE is used to encapsulate IP/non-IP protocols into IPv4/IPv6, in the following lab we will encapsulate IPv6 into IPv4, so the outer packet has IPv4/6 source and destination addresses and the inner packet GRE, has IPv6 source and destination addresses (figure 1).

Figure 1: Packet encapsulation

Figure 2 depicts the lab topology in which 3 sites: North, East, and West are isolated IPv6 sites and connected with each other over an IPv4 network with their respective border routers (dual-stack).

Each site establishes a FR point-to-point PVC to the other two with IPv4 as the network layer.

Figure 2: Topology

This lab is organized as follow:

– Planning the address scheme.
– IPv6 address configuration.
         IPv6 connectivity check.
– FR configuration.
         FR connectivity check.
– Manual IPv6 GRE tunnel
         Tunnel configuration
– Connectivity check.

PLANNING THE ADDRESS SCHEME

Table 1:Addressing scheme:

2001:a:a:a::/64	Subnet used between BNorth and Northv6
2001:a:a:aa::64	North site Internal network
2001:b:b:b::/64	Subnet used between BWest and Westv6
2001:b:b:bb::/64	Worth site Internal network
2001:c:c:c::/64	Subnet used between BEast and Eastv6
2001:c:c:cc/64	East site Internal network
Tunnel’s IPv6 addressing
2001a:a:ab::/64	Tunnel between BNorth and BWest
2001:a:a:ac::/64	Tunnel between BNorth and Beast
2001:a:a:bc::/64	Tunnel between BWest and BEast
IPv4 NBMA addressing
192.168.13.0/24	NBMA subnet for point-to-point PVC between BNorth and BWest
192.168.32.0/24	NBMA subnet for point-to-point PVC between BEast and BWest
192.168.12.0/24	NBMA subnet for point-to-point PVC between BNorth and BEst

IPv6 ADDRESS CONFIGURATION

North Site:

Northv6:

!! Do not forget to enable IPv6 routing ipv6 unicast-routing ! !! loopback is used to simulate internal networks !! interface Loopback0 ipv6 address 2001:A:A:AA::1/64 ! !! Interface that connect to the Border router !! interface FastEthernet0/0 ipv6 address 2001:A:A:A::2/64 ! !! A default route will point to the next-hop (Border Router) ipv6 route ::/0 2001:A:A:A::1

BNorth:

ipv6 unicast-routing ! interface FastEthernet0/0 ipv6 address 2001:A:A:A::1/64 !! This a route to the internal network that points the internal router ipv6 route 2001:A:A:AA::/64 2001:A:A:A::2

East Site:

Eastv6:

ipv6 unicast-routing ! interface Loopback0 ipv6 address 2001:C:C:CC::1/64 ! interface FastEthernet1/0 ipv6 address 2001:C:C:C::2/64 ! ipv6 route ::/0 2001:C:C:C::1

BEast:

ipv6 unicast-routing ! interface FastEthernet0/0 ipv6 address 2001:C:C:C::1/64 ! ipv6 route 2001:C:C:CC::/64 2001:C:C:C::2

West Site:

Westv6:

ipv6 unicast-routing ! interface Loopback0 ipv6 address 2001:B:B:BB::1/64 ! interface FastEthernet0/0 ipv6 address 2001:B:B:B::2/64 ! ipv6 route ::/0 2001:B:B:B::1

BWest:

ipv6 unicast-routing ! interface FastEthernet0/0 ipv6 address 2001:B:B:B::1/64 ! ipv6 route 2001:B:B:BB::/64 2001:B:B:B::2

IPv6 connectivity

BNorth(config)#do ping 2001:a:a:aa::1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:A:A:AA::1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 36/56/92 ms BNorth(config)#

BEast(config)#do ping 2001:c:c:cc::1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:C:C:CC::1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 20/38/88 ms BEast(config)#

BWest(config)#do ping 2001:b:b:bb::1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:B:B:BB::1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/43/96 ms BWest(config)#

FR CONFIGURATION

The configuration for point-to-point FR is very simple. Configure the ip address and the local DLCI, no need for neither inverse ARP nor static mapping as there is only one DLCI in the other side of the PVC.

BNorth:

interface Serial1/0 no ip address encapsulation frame-relay no frame-relay inverse-arp ! interface Serial1/0.101 point-to-point ip address 192.168.12.1 255.255.255.0 frame-relay interface-dlci 101 ! interface Serial1/0.102 point-to-point ip address 192.168.13.1 255.255.255.0 frame-relay interface-dlci 102

BEst:

interface Serial1/0 no ip address encapsulation frame-relay no frame-relay inverse-arp ! interface Serial1/0.110 point-to-point ip address 192.168.12.2 255.255.255.0 frame-relay interface-dlci 110 ! interface Serial1/0.203 point-to-point ip address 192.168.32.1 255.255.255.0 frame-relay interface-dlci 203

BWest:

interface Serial1/0 no ip address encapsulation frame-relay no frame-relay inverse-arp ! interface Serial1/0.201 point-to-point ip address 192.168.13.2 255.255.255.0 frame-relay interface-dlci 201 ! interface Serial1/0.302 point-to-point ip address 192.168.32.2 255.255.255.0 frame-relay interface-dlci 302

FR connectivity check

BWest#ping 192.168.13.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.13.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/80/108 ms BWest# BWest#ping 192.168.32.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.32.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/72/120 ms BWest#

IPv6 GRE

It is a point-to-point tunnel, so the tunnel source and destination are pre-configured, the logical topology is illustrated in figure3.

Figure3: Logical topology

Table2: Point-to-point GRE parameters on BNorth

Tunnelling parameters	BEast	BWest
Tunnel interface	Tunnel 12	Tunnel 13
Tunnel ip address &mask	2001:a:a:ac::1/64	2001:a:a:ab::1/64
Tunnel source interface	s0/0.101	s0/0.102
Tunnel destination	192.168.12.2	192.168.13.2
Tunnel mode	gre ip

BNorth:

interface Tunnel12 no ip address ipv6 address 2001:A:A:AC::1/64 tunnel source Serial1/0.101 tunnel destination 192.168.12.2 tunnel mode gre ip ! interface Tunnel13 no ip address ipv6 address 2001:A:A:AB::1/64 tunnel source Serial1/0.102 tunnel destination 192.168.13.2 tunnel mode gre ip ! !!Each Border router will be configured with static routes to other sites !!internal networks ipv6 route 2001:B::/32 Tunnel13 ipv6 route 2001:C::/32 Tunnel12

BEst:

Table2: Point-to-point GRE parameters on BEast

Tunnelling parameters	BNorth	BWest
Tunnel interface	Tunnel 21	Tunnel 23
Tunnel ip address &mask	2001:a:a:ac::2/64	2001:a:a:bc::1/64
Tunnel source interface	s0/0.110	s0/0.203
Tunnel destination	192.168.12.1	192.168.32.1
Tunnel mode	gre ip

interface Tunnel21 no ip address ipv6 address 2001:A:A:AC::2/64 tunnel source Serial1/0.110 tunnel destination 192.168.12.1 tunnel mode gre ip ! interface Tunnel23 no ip address ipv6 address 2001:A:A:BC::1/64 tunnel source Serial1/0.203 tunnel destination 192.168.32.2 tunnel mode gre ip ! ipv6 route 2001:A::/32 Tunnel21 ipv6 route 2001:B::/32 Tunnel23

BWest:

Table2: Point-to-point GRE parameters on BWest

Tunnelling parameters	BEast	BNorth
Tunnel interface	Tunnel 32	Tunnel 31
Tunnel ip address &mask	2001:a:a:bc::2/64	2001:a:a:ab::2/64
Tunnel source interface	s0/0.302	s0/0.201
Tunnel destination	192.168.32.2	192.168.13.1
Tunnel mode	gre ip

interface Tunnel31 no ip address ipv6 address 2001:A:A:AB::2/64 tunnel source Serial1/0.201 tunnel destination 192.168.13.1 tunnel mode gre ip ! interface Tunnel32 no ip address ipv6 address 2001:A:A:BC::2/64 tunnel source Serial1/0.302 tunnel destination 192.168.32.1 tunnel mode gre ip ! ipv6 route 2001:A::/32 Tunnel31 ipv6 route 2001:C::/32 Tunnel32

CONNECTIVITY CHECK

For each destination site IPv6 traffic takes the corresponding tunnel and is encapsulated into a packet with that tunnel source and destination.

Northv6#trace 2001:c:c:cc::1 Type escape sequence to abort. Tracing the route to 2001:C:C:CC::1 1 2001:A:A:A::1 36 msec 32 msec 48 msec 2 2001:A:A:AC::2 132 msec 72 msec 100 msec 3 2001:C:C:CC::1 148 msec 196 msec 120 msec Northv6#trace 2001:b:b:bb::1 Type escape sequence to abort. Tracing the route to 2001:B:B:BB::1 1 2001:A:A:A::1 40 msec 36 msec 12 msec 2 2001:A:A:AB::2 136 msec 136 msec 44 msec 3 2001:B:B:BB::1 136 msec 68 msec 188 msec Northv6#

DEBUGGING:

Figure3: IPv6 GRE traffic capture

BNorth# *Mar  1 00:41:39.911: ICMPv6: Sending ICMP timeout to 2001:A:A:A::2 *Mar  1 00:41:39.939: ICMPv6: Sending ICMP timeout to 2001:A:A:A::2 *Mar  1 00:41:39.943: ICMPv6: Sending ICMP timeout to 2001:A:A:A::2 *Mar  1 00:41:39.947: Tunnel12: GRE/IP encapsulated 192.168.12.1->192.168.12.2 (linktype=79, len=72) *Mar  1 00:41:39.947: Tunnel12 count tx, adding 24 encap bytes *Mar  1 00:41:39.951: Tunnel12: GRE/IP to classify 192.168.12.2->192.168.12.1 (len=120 type=0x86DD ttl=254 tos=0x0) *Mar  1 00:41:39.955: Tunnel12: GRE/IP encapsulated 192.168.12.1->192.168.12.2 (linktype=79, len=72) … BNorth# *Mar  1 00:41:49.927: ICMPv6: Received ICMPv6 packet from FE80::C001:14FF:FED1:0, type 135 *Mar  1 00:41:49.947: ICMPv6: Received ICMPv6 packet from FE80::C001:14FF:FED1:0, type 136 BNorth#