7 Replies Latest reply: Sep 25, 2011 9:15 PM by Joshua Johnson - CCNP R&S RSS

    ipv6 manual tunnel

    sg4rb0sss

      Hey guys,

       

      So I decided to review manual tunnels again.  Using the link from Cisco:

      http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-tunnel.html#wp1056650

       

      (about 3/4 the way down) you can see that the way they configure an ipv6 manual tunnel is :

       

      Router A Configuration

      interface ethernet 0

       ip address 192.168.99.1 255.255.255.0

      interface tunnel 0

       ipv6 address 3ffe:b00:c18:1::3/127

       tunnel source ethernet 0

       tunnel destination 192.168.30.1

       tunnel mode ipv6ip

      Router B Configuration

      interface ethernet 0

       ip address 192.168.30.1 255.255.255.0

      interface tunnel 0

       ipv6 address 3ffe:b00:c18:1::2/127

       tunnel source ethernet 0

       tunnel destination 192.168.99.1

       tunnel mode ipv6ip
      

       

       

       

       

      My question, is why do they bother configuring the ipv6 address on the tunnel interface?  I don't see how its used.  I was pretty certain that the tunnel would only use the link local address to communicate.  So I just made a network to check.

       

      R1#sh run

      !

      hostname R1

      !

      ipv6 unicast-routing

      !

      interface Loopback0

      no ip address

      ipv6 address 2011:1:1:2::1/64

      !

      interface Tunnel0

      no ip address

      ipv6 enable

      tunnel source FastEthernet0/0

      tunnel destination 192.168.1.2

      !

      interface FastEthernet0/0

      ip address 192.168.1.1 255.255.255.0

      duplex auto

      speed auto

      !

      ipv6 route 2001:1:1:1::/64 Tunnel0

       

       

      R2#sh run

      !

      ipv6 unicast-routing

      !

      interface Loopback0

      no ip address

      ipv6 address 2001:1:1:1::1/64

      !

      interface Tunnel0

      no ip address

      ipv6 enable

      tunnel source FastEthernet0/0

      tunnel destination 192.168.1.1

      !

      interface FastEthernet0/0

      ip address 192.168.1.2 255.255.255.0

      duplex auto

      speed auto

      !

      ipv6 route 2011:1:1:2::/64 Tunnel0

      !

       

      R2#ping 2011:1:1:2::1 so lo0


      Sending 5, 100-byte ICMP Echos to 2011:1:1:2::1, timeout is 2 seconds:

      Packet sent with a source address of 2001:1:1:1::1

      !!!!!

      Success rate is 100 percent (5/5), round-trip min/avg/max = 20/25/40 ms

       

      My network diagram is below.

      manualTunnelUsingLinkLocal.jpg


       

      Anyone got any reason why Cisco use a statically configured ipv6 address for the tunnel?

       

      Cheers,

      Stephen

        • 1. Re: ipv6 manual tunnel
          Warren Sullivan - CCNP

          I was under the impression that it simply enables ipv6 on the interface, as does ipv6 enable under the tunnel......not sure why they actually address it though if ipv6 enable does the same thing.......management?

           

          looking forward to others thoughts......

          • 2. Re: ipv6 manual tunnel
            Scott Morris - CCDE/4xCCIE/2xJNCIE

            Because at that point it IS an ipv6 interface.  Merely using IPv4 as the underlying transport.

             

            If you want IPv6 networking to work, you need an end-to-end path (forget about the "over ipv4" part for a moment).  Think about it like any other network.  If you encounter a link that is not ipv6 enabled, what will happen when it receives an ipv6 packet?   It gets discarded.

             

            So the address is there for usability.  And it's there in case you're going to run any dynamic routing protocols and things like that.

             

            HTH,

             

            Scott

            • 3. Re: ipv6 manual tunnel
              sg4rb0sss

              What I was saying for this type of tunnel, is that it will use the link local address as opposed to using a statically configured one.  So surely there's no actual a need to configure an ipv6 address statically on the tunnel interface in my opinion.   All I think it needs is the #ipv6 enable command.  Am I correct? 

               

              I just put RIPng on this setup too to test that ipv6 connectivity works off using just the link local ipv6 address as the passenger protocol.

               

              R1#sh run

              !

              ipv6 unicast-routing

              !

              interface Loopback0

              no ip address

              ipv6 address 2001:1:1:1::1/64

              ipv6 rip stephen enable

              !

              interface Tunnel0

              no ip address

              ipv6 enable

              ipv6 rip stephen enable

              tunnel source FastEthernet0/0

              tunnel destination 192.168.1.1

              !

              interface FastEthernet0/0

              ip address 192.168.1.2 255.255.255.0

              !

              ipv6 router rip stephen

               

               

              R2#sh run

              ipv6 unicast-routing

              !

              interface Loopback0

              no ip address

              ipv6 address 2011:1:1:2::1/64

              ipv6 rip stephen enable

              !

              interface Tunnel0

              no ip address

              ipv6 enable

              ipv6 rip stephen enable

              tunnel source FastEthernet0/0

              tunnel destination 192.168.1.2

              !

              interface FastEthernet0/0

              ip address 192.168.1.1 255.255.255.0

              !

              ipv6 router rip stephen

               

               

              R1#ping 2011:1:1:2::1 so lo0

              Type escape sequence to abort.

              Sending 5, 100-byte ICMP Echos to 2011:1:1:2::1, timeout is 2 seconds:

              Packet sent with a source address of 2001:1:1:1::1

              !!!!!

              Success rate is 100 percent (5/5), round-trip min/avg/max = 16/23/40 ms

              • 4. Re: ipv6 manual tunnel
                Scott Morris - CCDE/4xCCIE/2xJNCIE

                Correct.  Since your IGPs will all use the link-local address as source/next-hop anyway, there isn't any other need to have a separate one specifically defined other than the fact that you will stress out your junior admins and NOC people when trying to figure things out. 

                 

                I thought you meant as opposed to not definig anything...  but the "ipv6 enable" command DOES produce a link-local address.  Which suffices for connectivity!

                 

                Scott

                • 5. Re: ipv6 manual tunnel
                  Joshua Johnson - CCNP R&S

                  That's good you figured that out, but don't forget that just because you can just use link-local for the interconnections, doesn't mean you should just use link-local.

                   

                  What if you wanted to ping that tunnel interface of one router using another router that doesn't share the same link?

                  • 6. Re: ipv6 manual tunnel
                    Scott Morris - CCDE/4xCCIE/2xJNCIE

                    Meh.  Who needs pings anyway? 

                    • 7. Re: ipv6 manual tunnel
                      Joshua Johnson - CCNP R&S

                      Sorry I meant to reply to Stephen, but yeah