Manual IPv6 GRE tunnel over IPv4


OVERVIEW

By definition, GRE is used to encapsulate IP/non-IP protocols into IPv4/IPv6, in the following lab we will encapsulate IPv6 into IPv4, so the outer packet has IPv4/6 source and destination addresses and the inner packet GRE, has IPv6 source and destination addresses (figure 1).

Figure 1: Packet encapsulation

tunneling

Figure 2 depicts the lab topology in which 3 sites: North, East, and West are isolated IPv6 sites and connected with each other over an IPv4 network with their respective border routers (dual-stack).

Each site establishes a FR point-to-point PVC to the other two with IPv4 as the network layer.

Figure 2: Topology

ipv6_GRE_top

This lab is organized as follow:

– Planning the address scheme.
– IPv6 address configuration.
         IPv6 connectivity check.
– FR configuration.
         FR connectivity check.
– Manual IPv6 GRE tunnel
         Tunnel configuration
– Connectivity check.

PLANNING THE ADDRESS SCHEME

Table 1:Addressing scheme:

2001:a:a:a::/64

Subnet used between BNorth and Northv6

2001:a:a:aa::64

North site Internal network

2001:b:b:b::/64

Subnet used between BWest and Westv6

2001:b:b:bb::/64

Worth site Internal network

2001:c:c:c::/64

Subnet used between BEast and Eastv6

2001:c:c:cc/64

East site Internal network

Tunnel’s IPv6 addressing

2001a:a:ab::/64

Tunnel between BNorth and BWest

2001:a:a:ac::/64

Tunnel between BNorth and Beast

2001:a:a:bc::/64

Tunnel between BWest and BEast

IPv4 NBMA addressing

192.168.13.0/24

NBMA subnet for point-to-point PVC between BNorth and BWest

192.168.32.0/24

NBMA subnet for point-to-point PVC between BEast and BWest

192.168.12.0/24

NBMA subnet for point-to-point PVC between BNorth and BEst

IPv6 ADDRESS CONFIGURATION

North Site:

Northv6:

!! Do not forget to enable IPv6 routing

ipv6 unicast-routing

!

!! loopback is used to simulate internal networks

!! interface Loopback0

ipv6 address 2001:A:A:AA::1/64

!

!! Interface that connect to the Border router

!! interface FastEthernet0/0

ipv6 address 2001:A:A:A::2/64

!

!! A default route will point to the next-hop (Border Router)

ipv6 route ::/0 2001:A:A:A::1

BNorth:

ipv6 unicast-routing

!

interface FastEthernet0/0

ipv6 address 2001:A:A:A::1/64

!! This a route to the internal network that points the internal router

ipv6 route 2001:A:A:AA::/64 2001:A:A:A::2

East Site:

Eastv6:

ipv6 unicast-routing

!

interface Loopback0

ipv6 address 2001:C:C:CC::1/64

!

interface FastEthernet1/0

ipv6 address 2001:C:C:C::2/64

!

ipv6 route ::/0 2001:C:C:C::1

BEast:

ipv6 unicast-routing

!

interface FastEthernet0/0

ipv6 address 2001:C:C:C::1/64

!

ipv6 route 2001:C:C:CC::/64 2001:C:C:C::2

West Site:

Westv6:

ipv6 unicast-routing

!

interface Loopback0

ipv6 address 2001:B:B:BB::1/64

!

interface FastEthernet0/0

ipv6 address 2001:B:B:B::2/64

!

ipv6 route ::/0 2001:B:B:B::1

BWest:

ipv6 unicast-routing

!

interface FastEthernet0/0

ipv6 address 2001:B:B:B::1/64

!

ipv6 route 2001:B:B:BB::/64 2001:B:B:B::2

IPv6 connectivity

BNorth(config)#do ping 2001:a:a:aa::1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001:A:A:AA::1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 36/56/92 ms

BNorth(config)#

BEast(config)#do ping 2001:c:c:cc::1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001:C:C:CC::1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 20/38/88 ms

BEast(config)#

BWest(config)#do ping 2001:b:b:bb::1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001:B:B:BB::1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/43/96 ms

BWest(config)#

FR CONFIGURATION

The configuration for point-to-point FR is very simple. Configure the ip address and the local DLCI, no need for neither inverse ARP nor static mapping as there is only one DLCI in the other side of the PVC.

BNorth:

interface Serial1/0

no ip address

encapsulation frame-relay

no frame-relay inverse-arp

!

interface Serial1/0.101 point-to-point

ip address 192.168.12.1 255.255.255.0

frame-relay interface-dlci 101

!

interface Serial1/0.102 point-to-point

ip address 192.168.13.1 255.255.255.0

frame-relay interface-dlci 102

BEst:

interface Serial1/0

no ip address

encapsulation frame-relay

no frame-relay inverse-arp

!

interface Serial1/0.110 point-to-point

ip address 192.168.12.2 255.255.255.0

frame-relay interface-dlci 110

!

interface Serial1/0.203 point-to-point

ip address 192.168.32.1 255.255.255.0

frame-relay interface-dlci 203

BWest:

interface Serial1/0

no ip address

encapsulation frame-relay

no frame-relay inverse-arp

!

interface Serial1/0.201 point-to-point

ip address 192.168.13.2 255.255.255.0

frame-relay interface-dlci 201

!

interface Serial1/0.302 point-to-point

ip address 192.168.32.2 255.255.255.0

frame-relay interface-dlci 302

FR connectivity check

BWest#ping 192.168.13.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.13.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 24/80/108 ms

BWest#

BWest#ping 192.168.32.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.32.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 40/72/120 ms

BWest#

IPv6 GRE

It is a point-to-point tunnel, so the tunnel source and destination are pre-configured, the logical topology is illustrated in figure3.

Figure3: Logical topology

ipv6_GRE_top_virt

Table2: Point-to-point GRE parameters on BNorth

Tunnelling parameters

BEast

BWest

Tunnel interface

Tunnel 12

Tunnel 13

Tunnel ip address &mask

2001:a:a:ac::1/64

2001:a:a:ab::1/64

Tunnel source interface

s0/0.101

s0/0.102

Tunnel destination

192.168.12.2

192.168.13.2

Tunnel mode

gre ip

BNorth:

interface Tunnel12

no ip address

ipv6 address 2001:A:A:AC::1/64

tunnel source Serial1/0.101

tunnel destination 192.168.12.2

tunnel mode gre ip

!

interface Tunnel13

no ip address

ipv6 address 2001:A:A:AB::1/64

tunnel source Serial1/0.102

tunnel destination 192.168.13.2

tunnel mode gre ip

!

!!Each Border router will be configured with static routes to other sites !!internal networks

ipv6 route 2001:B::/32 Tunnel13

ipv6 route 2001:C::/32 Tunnel12

BEst:

Table2: Point-to-point GRE parameters on BEast

Tunnelling parameters

BNorth

BWest

Tunnel interface

Tunnel 21

Tunnel 23

Tunnel ip address &mask

2001:a:a:ac::2/64

2001:a:a:bc::1/64

Tunnel source interface

s0/0.110

s0/0.203

Tunnel destination

192.168.12.1

192.168.32.1

Tunnel mode

gre ip

interface Tunnel21

no ip address

ipv6 address 2001:A:A:AC::2/64

tunnel source Serial1/0.110

tunnel destination 192.168.12.1

tunnel mode gre ip

!

interface Tunnel23

no ip address

ipv6 address 2001:A:A:BC::1/64

tunnel source Serial1/0.203

tunnel destination 192.168.32.2

tunnel mode gre ip

!

ipv6 route 2001:A::/32 Tunnel21

ipv6 route 2001:B::/32 Tunnel23

BWest:

Table2: Point-to-point GRE parameters on BWest

Tunnelling parameters

BEast

BNorth

Tunnel interface

Tunnel 32

Tunnel 31

Tunnel ip address &mask

2001:a:a:bc::2/64

2001:a:a:ab::2/64

Tunnel source interface

s0/0.302

s0/0.201

Tunnel destination

192.168.32.2

192.168.13.1

Tunnel mode

gre ip

interface Tunnel31

no ip address

ipv6 address 2001:A:A:AB::2/64

tunnel source Serial1/0.201

tunnel destination 192.168.13.1

tunnel mode gre ip

!

interface Tunnel32

no ip address

ipv6 address 2001:A:A:BC::2/64

tunnel source Serial1/0.302

tunnel destination 192.168.32.1

tunnel mode gre ip

!

ipv6 route 2001:A::/32 Tunnel31

ipv6 route 2001:C::/32 Tunnel32

CONNECTIVITY CHECK

For each destination site IPv6 traffic takes the corresponding tunnel and is encapsulated into a packet with that tunnel source and destination.

Northv6#trace 2001:c:c:cc::1

Type escape sequence to abort.

Tracing the route to 2001:C:C:CC::1

1 2001:A:A:A::1 36 msec 32 msec 48 msec

2 2001:A:A:AC::2 132 msec 72 msec 100 msec

3 2001:C:C:CC::1 148 msec 196 msec 120 msec

Northv6#trace 2001:b:b:bb::1

Type escape sequence to abort.

Tracing the route to 2001:B:B:BB::1

1 2001:A:A:A::1 40 msec 36 msec 12 msec

2 2001:A:A:AB::2 136 msec 136 msec 44 msec

3 2001:B:B:BB::1 136 msec 68 msec 188 msec

Northv6#

DEBUGGING:

Figure3: IPv6 GRE traffic capture

BNorth#
*Mar  1 00:41:39.911: ICMPv6: Sending ICMP timeout to 2001:A:A:A::2
*Mar  1 00:41:39.939: ICMPv6: Sending ICMP timeout to 2001:A:A:A::2
*Mar  1 00:41:39.943: ICMPv6: Sending ICMP timeout to 2001:A:A:A::2
*Mar  1 00:41:39.947: Tunnel12: GRE/IP encapsulated 192.168.12.1->192.168.12.2 (linktype=79, len=72)
*Mar  1 00:41:39.947: Tunnel12 count tx, adding 24 encap bytes
*Mar  1 00:41:39.951: Tunnel12: GRE/IP to classify 192.168.12.2->192.168.12.1 (len=120 type=0x86DD ttl=254 tos=0x0)
*Mar  1 00:41:39.955: Tunnel12: GRE/IP encapsulated 192.168.12.1->192.168.12.2 (linktype=79, len=72)

BNorth#
*Mar  1 00:41:49.927: ICMPv6: Received ICMPv6 packet from FE80::C001:14FF:FED1:0, type 135
*Mar  1 00:41:49.947: ICMPv6: Received ICMPv6 packet from FE80::C001:14FF:FED1:0, type 136
BNorth#

Advertisements
%d bloggers like this: