Manual IPv6 GRE tunnel over IPv4


OVERVIEW

By definition, GRE is used to encapsulate IP/non-IP protocols into IPv4/IPv6, in the following lab we will encapsulate IPv6 into IPv4, so the outer packet has IPv4/6 source and destination addresses and the inner packet GRE, has IPv6 source and destination addresses (figure 1).

Figure 1: Packet encapsulation

tunneling

Figure 2 depicts the lab topology in which 3 sites: North, East, and West are isolated IPv6 sites and connected with each other over an IPv4 network with their respective border routers (dual-stack).

Each site establishes a FR point-to-point PVC to the other two with IPv4 as the network layer.

Figure 2: Topology

ipv6_GRE_top

This lab is organized as follow:

– Planning the address scheme.
– IPv6 address configuration.
         IPv6 connectivity check.
– FR configuration.
         FR connectivity check.
– Manual IPv6 GRE tunnel
         Tunnel configuration
– Connectivity check.

PLANNING THE ADDRESS SCHEME

Table 1:Addressing scheme:

2001:a:a:a::/64

Subnet used between BNorth and Northv6

2001:a:a:aa::64

North site Internal network

2001:b:b:b::/64

Subnet used between BWest and Westv6

2001:b:b:bb::/64

Worth site Internal network

2001:c:c:c::/64

Subnet used between BEast and Eastv6

2001:c:c:cc/64

East site Internal network

Tunnel’s IPv6 addressing

2001a:a:ab::/64

Tunnel between BNorth and BWest

2001:a:a:ac::/64

Tunnel between BNorth and Beast

2001:a:a:bc::/64

Tunnel between BWest and BEast

IPv4 NBMA addressing

192.168.13.0/24

NBMA subnet for point-to-point PVC between BNorth and BWest

192.168.32.0/24

NBMA subnet for point-to-point PVC between BEast and BWest

192.168.12.0/24

NBMA subnet for point-to-point PVC between BNorth and BEst

IPv6 ADDRESS CONFIGURATION

North Site:

Northv6:

!! Do not forget to enable IPv6 routing

ipv6 unicast-routing

!

!! loopback is used to simulate internal networks

!! interface Loopback0

ipv6 address 2001:A:A:AA::1/64

!

!! Interface that connect to the Border router

!! interface FastEthernet0/0

ipv6 address 2001:A:A:A::2/64

!

!! A default route will point to the next-hop (Border Router)

ipv6 route ::/0 2001:A:A:A::1

BNorth:

ipv6 unicast-routing

!

interface FastEthernet0/0

ipv6 address 2001:A:A:A::1/64

!! This a route to the internal network that points the internal router

ipv6 route 2001:A:A:AA::/64 2001:A:A:A::2

East Site:

Eastv6:

ipv6 unicast-routing

!

interface Loopback0

ipv6 address 2001:C:C:CC::1/64

!

interface FastEthernet1/0

ipv6 address 2001:C:C:C::2/64

!

ipv6 route ::/0 2001:C:C:C::1

BEast:

ipv6 unicast-routing

!

interface FastEthernet0/0

ipv6 address 2001:C:C:C::1/64

!

ipv6 route 2001:C:C:CC::/64 2001:C:C:C::2

West Site:

Westv6:

ipv6 unicast-routing

!

interface Loopback0

ipv6 address 2001:B:B:BB::1/64

!

interface FastEthernet0/0

ipv6 address 2001:B:B:B::2/64

!

ipv6 route ::/0 2001:B:B:B::1

BWest:

ipv6 unicast-routing

!

interface FastEthernet0/0

ipv6 address 2001:B:B:B::1/64

!

ipv6 route 2001:B:B:BB::/64 2001:B:B:B::2

IPv6 connectivity

BNorth(config)#do ping 2001:a:a:aa::1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001:A:A:AA::1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 36/56/92 ms

BNorth(config)#

BEast(config)#do ping 2001:c:c:cc::1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001:C:C:CC::1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 20/38/88 ms

BEast(config)#

BWest(config)#do ping 2001:b:b:bb::1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001:B:B:BB::1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/43/96 ms

BWest(config)#

FR CONFIGURATION

The configuration for point-to-point FR is very simple. Configure the ip address and the local DLCI, no need for neither inverse ARP nor static mapping as there is only one DLCI in the other side of the PVC.

BNorth:

interface Serial1/0

no ip address

encapsulation frame-relay

no frame-relay inverse-arp

!

interface Serial1/0.101 point-to-point

ip address 192.168.12.1 255.255.255.0

frame-relay interface-dlci 101

!

interface Serial1/0.102 point-to-point

ip address 192.168.13.1 255.255.255.0

frame-relay interface-dlci 102

BEst:

interface Serial1/0

no ip address

encapsulation frame-relay

no frame-relay inverse-arp

!

interface Serial1/0.110 point-to-point

ip address 192.168.12.2 255.255.255.0

frame-relay interface-dlci 110

!

interface Serial1/0.203 point-to-point

ip address 192.168.32.1 255.255.255.0

frame-relay interface-dlci 203

BWest:

interface Serial1/0

no ip address

encapsulation frame-relay

no frame-relay inverse-arp

!

interface Serial1/0.201 point-to-point

ip address 192.168.13.2 255.255.255.0

frame-relay interface-dlci 201

!

interface Serial1/0.302 point-to-point

ip address 192.168.32.2 255.255.255.0

frame-relay interface-dlci 302

FR connectivity check

BWest#ping 192.168.13.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.13.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 24/80/108 ms

BWest#

BWest#ping 192.168.32.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.32.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 40/72/120 ms

BWest#

IPv6 GRE

It is a point-to-point tunnel, so the tunnel source and destination are pre-configured, the logical topology is illustrated in figure3.

Figure3: Logical topology

ipv6_GRE_top_virt

Table2: Point-to-point GRE parameters on BNorth

Tunnelling parameters

BEast

BWest

Tunnel interface

Tunnel 12

Tunnel 13

Tunnel ip address &mask

2001:a:a:ac::1/64

2001:a:a:ab::1/64

Tunnel source interface

s0/0.101

s0/0.102

Tunnel destination

192.168.12.2

192.168.13.2

Tunnel mode

gre ip

BNorth:

interface Tunnel12

no ip address

ipv6 address 2001:A:A:AC::1/64

tunnel source Serial1/0.101

tunnel destination 192.168.12.2

tunnel mode gre ip

!

interface Tunnel13

no ip address

ipv6 address 2001:A:A:AB::1/64

tunnel source Serial1/0.102

tunnel destination 192.168.13.2

tunnel mode gre ip

!

!!Each Border router will be configured with static routes to other sites !!internal networks

ipv6 route 2001:B::/32 Tunnel13

ipv6 route 2001:C::/32 Tunnel12

BEst:

Table2: Point-to-point GRE parameters on BEast

Tunnelling parameters

BNorth

BWest

Tunnel interface

Tunnel 21

Tunnel 23

Tunnel ip address &mask

2001:a:a:ac::2/64

2001:a:a:bc::1/64

Tunnel source interface

s0/0.110

s0/0.203

Tunnel destination

192.168.12.1

192.168.32.1

Tunnel mode

gre ip

interface Tunnel21

no ip address

ipv6 address 2001:A:A:AC::2/64

tunnel source Serial1/0.110

tunnel destination 192.168.12.1

tunnel mode gre ip

!

interface Tunnel23

no ip address

ipv6 address 2001:A:A:BC::1/64

tunnel source Serial1/0.203

tunnel destination 192.168.32.2

tunnel mode gre ip

!

ipv6 route 2001:A::/32 Tunnel21

ipv6 route 2001:B::/32 Tunnel23

BWest:

Table2: Point-to-point GRE parameters on BWest

Tunnelling parameters

BEast

BNorth

Tunnel interface

Tunnel 32

Tunnel 31

Tunnel ip address &mask

2001:a:a:bc::2/64

2001:a:a:ab::2/64

Tunnel source interface

s0/0.302

s0/0.201

Tunnel destination

192.168.32.2

192.168.13.1

Tunnel mode

gre ip

interface Tunnel31

no ip address

ipv6 address 2001:A:A:AB::2/64

tunnel source Serial1/0.201

tunnel destination 192.168.13.1

tunnel mode gre ip

!

interface Tunnel32

no ip address

ipv6 address 2001:A:A:BC::2/64

tunnel source Serial1/0.302

tunnel destination 192.168.32.1

tunnel mode gre ip

!

ipv6 route 2001:A::/32 Tunnel31

ipv6 route 2001:C::/32 Tunnel32

CONNECTIVITY CHECK

For each destination site IPv6 traffic takes the corresponding tunnel and is encapsulated into a packet with that tunnel source and destination.

Northv6#trace 2001:c:c:cc::1

Type escape sequence to abort.

Tracing the route to 2001:C:C:CC::1

1 2001:A:A:A::1 36 msec 32 msec 48 msec

2 2001:A:A:AC::2 132 msec 72 msec 100 msec

3 2001:C:C:CC::1 148 msec 196 msec 120 msec

Northv6#trace 2001:b:b:bb::1

Type escape sequence to abort.

Tracing the route to 2001:B:B:BB::1

1 2001:A:A:A::1 40 msec 36 msec 12 msec

2 2001:A:A:AB::2 136 msec 136 msec 44 msec

3 2001:B:B:BB::1 136 msec 68 msec 188 msec

Northv6#

DEBUGGING:

Figure3: IPv6 GRE traffic capture

BNorth#
*Mar  1 00:41:39.911: ICMPv6: Sending ICMP timeout to 2001:A:A:A::2
*Mar  1 00:41:39.939: ICMPv6: Sending ICMP timeout to 2001:A:A:A::2
*Mar  1 00:41:39.943: ICMPv6: Sending ICMP timeout to 2001:A:A:A::2
*Mar  1 00:41:39.947: Tunnel12: GRE/IP encapsulated 192.168.12.1->192.168.12.2 (linktype=79, len=72)
*Mar  1 00:41:39.947: Tunnel12 count tx, adding 24 encap bytes
*Mar  1 00:41:39.951: Tunnel12: GRE/IP to classify 192.168.12.2->192.168.12.1 (len=120 type=0x86DD ttl=254 tos=0x0)
*Mar  1 00:41:39.955: Tunnel12: GRE/IP encapsulated 192.168.12.1->192.168.12.2 (linktype=79, len=72)

BNorth#
*Mar  1 00:41:49.927: ICMPv6: Received ICMPv6 packet from FE80::C001:14FF:FED1:0, type 135
*Mar  1 00:41:49.947: ICMPv6: Received ICMPv6 packet from FE80::C001:14FF:FED1:0, type 136
BNorth#

Advertisements

About ajnouri
Se vi deziras sekure komuniki eksterbloge, jen mia publika (GPG) ŝlosilo: My public key for secure communication: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x41CCDE1511DF0EB8

12 Responses to Manual IPv6 GRE tunnel over IPv4

  1. honor says:

    I welcome warmly. Whether at you it is possible to put the ipv 6 tunnel on, if this way very much I asked it. I would like to establish a few addresses on IRCnet, if it’s possible. I am greeting and I am waiting for the write-off.

  2. Blessings says:

    Good read. I have learnt one or two, especially the way you have arranged the addressing scheme. Keep it up!

  3. Greetings, this is really a genuinely absorbing internet blog and I’ve cherished studying lots of in the content and posts contained around the internet site, maintain up the excellent function and wish to learn a great deal more stimulating articles or blog posts in the future.

  4. Pingback: ¿Están su empresa preparada para el cambio a IPv6?

  5. Pingback: ¿Está su empresa preparada para el cambio a IPv6?

  6. jordi says:

    Sir, i must say you made a mistake with the tittle of this entry. what you are doing here is encapsulating IPv6 within an IPv4 packet but using protocol 41. When you use IPv6 gree tunnels you use protocol 47 and the command is tunnel mode gre or tunnel mode gre ipv6.

    regards

    • ajnouri says:

      Hi Jordi,
      Thank you for pointing out the error. I corrected the tunnel mode. It looks like I copied and pasted from the wrong config.
      Much Appreciated.

  7. Pingback: IPv6 Solutions for Business | Mosaic NetworX | Tunneling and Dual IP Configurations

  8. Pingback: Week 4: dinsdag 04/03 | Stage blog: Shana Boone

  9. This is an amazing fact about Dubai that the total contribution of natural gas
    and petroleum in Dubai GDP is only 6 % and rest of
    the revenue comes from tourism department. I had a small criticism about Raza when and I known as to handle it.
    The city of Dubai is a hub not only for tourists and oil companies but it is
    also popular amongst job seekers.

  10. Pingback: Week 4: donderdag 06-03 | Stage blog: Shana Boone

  11. They know what it is for, but sometimes just pick not to use a specific one.
    Kittens can squeeze into smaller spaces and get stuck. It is sometimes time consuming but just
    think of it as a moment to bond between you and your Persian cat.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: