So I'm updating my notes for automatic 6to4 tunnels. I understand everything bar 1 thing which is highlighted in red below. I don't understand the point/purose of ever creating a subnet on a tunnel interface.
ip address 192.168.1.1 255.255.255.0
!so this is the ipv4 ip i am using to send info between networks for my tunnel.
!when the tunnel is created it embeds this ip in the 2nd and 3rd quartet (ipv6).
!When the tunnel sends the message, it uses IPV4 to reach destinations. so here
!to reach R11 it will use 192.168.2.1. Which when embeded in IPV6 looks like:
!remember that this ipv4 network needs to be advertised through the internet
!as this is the public ipv4 we will be using for our tunnel. For the purpose
!of our network, we just need to route this network as well as the one on the
!physical interface. The physical interface IP would be equivalent to our frame IP.
!the one on this loopback would be equivalent to a public subnet that our ISP can
no ip address
ipv6 address 2002:C0A8:101:5::1/64
!this is a network on the router (i.e. another network a group of users are on)
!this must match the first 2002:ip-v4:address::/48 of the lo0 ip that were using
!for talking between tunnels. i.e.:2002:C0A8:101::/48 (this is the ipv4 address
!embeded into ipv6). The last 16 bits can be used for the subnets were making
!on the router. Here we are using 5.
no ip address
no ip redirects
ipv6 address 2002:C0A8:101:20::1/64
!so here we have made a subnet of 20 for this particular router. Just random,
!and i can't even see a reason for doing this, but thats what you gotta do
tunnel source Loopback0
tunnel mode ipv6ip 6to4
ip address 10.10.10.1 255.255.255.0
ip address 10.10.20.1 255.255.255.0
no ip http server
no ip http secure-server
ip forward-protocol nd
ip route 192.168.2.0 255.255.255.0 FastEthernet0/0
ip route 192.168.3.0 255.255.255.0 FastEthernet0/1
!paramount that we route this, as we are routing our tunnels via this ipv4
!address and need to access other routers on ipv4.
ipv6 route 2002::/16 Tunnel0
I can't possibly see any benefits that are derived from using subnet(s) on a tunnel interface. It's simply just 1 unique IP that remote devices will use to connect to when they need to use the tunnel. Any elaboration on this is greatly appreciated.
You don't NEED to have that at all....
In 6to4 tunneling, the bits from 17-48 are interpreted as the address by which to be used as a destination for the tunnel.
So "C0A8:101" are the important pieces here inticating 192.168.1.1, and as you point out, what others will use as a destination. But a subnet beyond that is tecehnically irrelevant. I suppose if you had multiple tunnels setup this would be helpful for sourcing, but that would be odd.
The problem with most of the examples of 6to4 tunnels is that they really don't tell the whole story of implementation and what kinds of things you may end up seeing.
First, think about what would drive packets into a tunnel to begin with. Routing. You have a single static route of 2002::/16 into tunnel0. Which is all nice and all, but assumes that everyone is using 2002 addresses and to what end? That's a set reserved for tunneling as a set-aside, but not what you will use for the rest of your network!
So let's say that company A has FC08:0100:ABCD::/48 (a unique local address), Company B has 2020:1111:2222::/48 (a global address), and Company C has FEC0:300:300::/48 (a deprecated site local address set).
You would like to talk to each of them but have no IPv6 provider...
You'll need to figure out your own internal IPv6 addressing (forget about the tunnels for a moment) and set that all up. Once you know your range (let's pick FC11:1111:1111/48 for fun) then you'll need to share that with the other companies.
They've told you that their public IPv4 addresses are:
Company A: 184.108.40.206
Company B: 220.127.116.11
Company C: 18.104.22.168
Now you have to set up other routes. If you're going to stick with the 2002 addreses, that's cool, but actually isn't required... (Just a nice idea to play well with others!)
ipv6 route FC08:0100:ABCD::/48 2002:6565:6565::1
ipv6 route 2020:1111:2222::/48 2002:6F6F:6F6F:200::2
ipv6 route FEC0:300:300::/48 2002:C8C8:C8C8:AB:381:1111:2222:1111:3333
All of those will now route into your tunnel 0.
Based on the "tunnel mode ipv6 6to4" statement, the router will then interpret:
6565:6565 to be 22.214.171.124
6F6F:6F6F to be 126.96.36.199
C8C8:C8C8 to be 188.8.131.52
The remaining parts of:
Are technically irrelevant, but definitely will be used on the receiving side one IPv6 is fucntional to know about next hop info (especially if you're using any dynamic routing protocols where that's important to resolve).
Right, I think I follow that. So if (in your network demo) I remove the #ipv6 route 2002::/16 statment ,and replace it with the
ipv6 route FC08:0100:ABCD::/48 2002:6565:6565::1 tun0
ipv6 route 2020:1111:2222::/48 2002:6F6F:6F6F:200::2 tun0
ipv6 route FEC0:300:300::/48 2002:C8C8:C8C8:AB:381:1111:2222:1111:3333 tun0
Then that explicitly states which networks I am joining together. And these 2002:: addresses would be the ipv6 address configured on the interface of the other side of the tunnels? Is that right (it sounds logical anyway )
And this : FC11:1111:1111/48 address is the one I'm using in my tunnel interface?
The FC address is what you've used through the REST of your network to get IPv6 working on whatever interfaces you want. The 2002 address is what you have ONLY on the tunnel interface.
I think I'd keep the /16 static route in there also, just to future-proof configurations as a placeholder. (Remind myself what's going where)
Yes, the 2002 addresses are the other side of the tunnel, but remember, the immediate need is for the 2002:xxxx:xxxx part to determine the IPv4 address as the tunnel destination address.