Table of Contents Chapter 1 Tunneling Configuration

Similar documents
FiberstoreOS IPv6 Security Configuration Guide

FiberstoreOS IPv6 Service Configuration Guide

Operation Manual IPv6 H3C S3610&S5510 Series Ethernet Switches Table of Contents. Table of Contents

Configuring IPv6 basics

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

HP 3600 v2 Switch Series

Contents. EVPN overview 1

Contents. Configuring GRE 1

HP 6125 Blade Switch Series

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

IPv6 over IPv4 GRE Tunnels

IPv6 over IPv4 GRE Tunnels

IP Routing Volume Organization

Operation Manual MPLS VLL. Table of Contents

HP A5830 Switch Series Layer 3 - IP Services. Configuration Guide. Abstract

Operation Manual ARP H3C S5500-SI Series Ethernet Switches. Table of Contents

Operation Manual IPv4 Routing H3C S3610&S5510 Series Ethernet Switches. Table of Contents

IPv6 over IPv4 GRE Tunnels

Configuring MSDP. Overview. How MSDP operates. MSDP peers

Table of Contents 1 IPv6 Basics Configuration 1-1

Configuring MSDP. MSDP overview. How MSDP works. MSDP peers

Contents. Configuring a default route 1 Introduction to default routes 1

Implementing Cisco IP Routing

IPv6 TRAINING CONTENT

Configuring basic MBGP

Contents. Configuring MSDP 1

Transitioning to IPv6

H3C S10500 Switch Series

HPE FlexFabric 5940 Switch Series

Configuring VPLS. VPLS overview. Operation of VPLS. Basic VPLS concepts

Configuring multicast VPN

Data Center Configuration. 1. Configuring VXLAN

Table of Contents 1 MSDP Configuration 1-1

Implementing IP in IP Tunnel

Implementing Tunneling for IPv6

Manually Configured IPv6 over IPv4 Tunnels

HP Routing Switch Series

Planning for Information Network

Operation Manual Routing Protocol. Table of Contents

Table of Contents 1 Static Routing Configuration RIP Configuration 2-1

Configuring MPLS L2VPN

Table of Contents 1 MSDP Configuration 1-1

IPv6 Transition Technologies (TechRef)

Configuring IPv6 multicast routing and forwarding 1

Unit 5 - IPv4/ IPv6 Transition Mechanism(8hr) BCT IV/ II Elective - Networking with IPv6

IPv6 Feature Facts

Contents. Configuring EVI 1

IPv6 Tunnel through an IPv4 Network

H3C S3600V2 Switch Series

Implementing MPLS VPNs over IP Tunnels

IPv6 in Campus Networks

Table of Contents 1 Multicast VPN Configuration 1-1

IPv6 Technical Challenges

MPLS VPN over mgre. Finding Feature Information. Last Updated: November 1, 2012

OSPF. About OSPF. CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.4 1

MPLS VPN--Inter-AS Option AB

Chapter 15 IPv6 Transition Technologies

OSPFv3 Address Families

OSPFv3 Address Families

Foreword xxiii Preface xxvii IPv6 Rationale and Features

OSPFv3 Address Families

IPv6 Bootcamp Course (5 Days)

Configuring IP Version 6

Avaya Networking IPv6 Using Fabric Connect to ease IPv6 Deployment. Ed Koehler Director DSE Ron Senna SE Avaya Networking Solutions Architecture

Configuring MPLS L2VPN

Implementing Cisco IP Routing (ROUTE)

HP Routing Switch Series

Configuring MPLS L2VPN

LARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF

Table of Contents 1 MBGP Configuration 1-1

DHCPv6 Overview 1. DHCPv6 Server Configuration 1

Contents. Configuring GRE 1

IPv6 Switching: Provider Edge Router over MPLS

Operation Manual IP Addressing and IP Performance H3C S5500-SI Series Ethernet Switches. Table of Contents

MPLS VPN Inter-AS Option AB

H3C S5120-EI Switch Series

Lecture 3. The Network Layer (cont d) Network Layer 1-1

Organization of Product Documentation... xi

Configuring IPv6. Information About IPv6. Send document comments to CHAPTER

MPLS over GRE. Finding Feature Information. Prerequisites for MPLS VPN L3VPN over GRE

A Border Gateway Protocol 3 (BGP-3) DNS Extensions to Support IP version 6. Path MTU Discovery for IP version 6

H3C S6520XE-HI Switch Series

HP 5920 & 5900 Switch Series

CCNA Questions/Answers IPv6. Select the valid IPv6 address from given ones. (Choose two) A. FE63::0043::11:21 B :2:11.1 C.

Integrated Security 22

Vendor: Cisco. Exam Code: Exam Name: Cisco Interconnecting Cisco Networking Devices Part 1 (ICND1 v3.0) Version: Demo

H3C S7500E-XS Switch Series

IPv6 Neighbor Discovery

MPLS VPN Carrier Supporting Carrier Using LDP and an IGP

H3C S6800 Switch Series

Federal Agencies and the Transition to IPv6

HPE FlexFabric 5940 Switch Series

Radware ADC. IPV6 RFCs and Compliance

Interconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview

Start Here: Cisco IOS Software Release Specifics for IPv6 Features

IPv6 Rapid Deployment: Provide IPv6 Access to Customers over an IPv4-Only Network

FiberstoreOS BGP Configuration

Lab 1: Static MPLS LSP-RTX4-RTX1 LSP-RTX1-RTX4 LSP-RTX3-RTX2 LSP-RTX2-RTX3

IPv4/v6 Considerations Ralph Droms Cisco Systems

Transcription:

Table of Contents Table of Contents... 1-1 1.1 Introduction to Tunneling... 1-1 1.1.1 IPv6 over IPv4 Tunnel... 1-2 1.1.2 IPv4 over IPv4 Tunnel... 1-7 1.2 Tunneling Configuration Task List... 1-8 1.3 Configuring IPv6 Manually Configured Tunnel... 1-8 1.3.1 Configuration Prerequisites... 1-8 1.3.2 Configuration Procedure... 1-8 1.3.3 Configuration Example... 1-10 1.4 Configuring Automatic IPv4-Compatible IPv6 Tunnel... 1-13 1.4.1 Configuration Prerequisites... 1-13 1.4.2 Configuration Procedure... 1-13 1.4.3 Configuration Example... 1-15 1.5 Configuring 6to4 Tunnel... 1-17 1.5.1 Configuration Prerequisites... 1-17 1.5.2 Configuration Procedure... 1-17 1.5.3 Configuration Example... 1-20 1.6 Configuring 6to4 Relay... 1-23 1.6.1 Configuration Prerequisites... 1-23 1.6.2 Configuring 6to4 Relay... 1-23 1.6.3 Configuration Example... 1-24 1.7 Configuring ISATAP Tunnel... 1-26 1.7.1 Configuration Prerequisites... 1-26 1.7.2 Configuration Procedure... 1-27 1.7.3 Configuration Example... 1-29 1.8 Configuring IPv4 over IPv4 Tunnel... 1-31 1.8.1 Configuration Prerequisites... 1-31 1.8.2 Configuration Procedure... 1-32 1.8.3 Configuration Example... 1-33 1.9 Configuring Tunnel Hybrid Insertion... 1-36 1.9.1 Configuration Prerequisites... 1-36 1.9.2 Configuration Procedure... 1-36 1.9.3 Configuration Example... 1-38 1.10 Displaying and Maintaining Tunneling Configuration... 1-41 1.11 Troubleshooting Tunneling Configuration... 1-42 i

Note: The term router in this document refers to a router in a generic sense or an Ethernet switch running a routing protocol. At present, the S9500 does not support the running of multicast protocols, IS-IS, and IPv6-IS-IS on a tunnel. Only the cards suffixed with DA/DB support tunneling. 1.1 Introduction to Tunneling The expansion of Internet results in scarce IPv4 addresses. Although the techniques such as temporary IPv4 address allocation and network address translation (NAT) relieve the problem of IPv4 address shortage to some extent, they not only increase the overhead in address resolution and processing, but also lead to high-level application failures. Furthermore, they will still face the problem that IPv4 addresses will eventually be used up. Internet protocol version 6 (IPv6) adopting the 128-bit addressing scheme completely solves the above problem. Since significant improvements have been made in address space, security, network management, mobility, and QoS, IPv6 becomes one of the core standards for the next generation Internet protocol. IPv6 is compatible with all protocols except IPv4 in the TCP/IP suite. Therefore, IPv6 can completely take the place of IPv4. Before IPv6 becomes the dominant protocol, the network using the IPv6 protocol stack is expected to communicate with the Internet using IPv4. Therefore, an IPv6-IPv4 interworking technique must be developed to ensure the smooth transition from IPv4 to IPv6. In addition, the interworking technique should provide efficient, seamless information transfer. The Internet Engineering Task Force (IETF) set up the next generation transition (NGTRANS) working group to study problems about IPv4-to-IPv6 transition and efficient, seamless IPv4-IPv6 interworking. Currently, multiple transition techniques and interworking solutions are available. With their own characteristics, they are used to solve communication problems in different transition stages under different environments. Currently, there are three major transition techniques: dual stack (RFC 2893), tunneling (RFC 2893), and NAT-PT (RFC 2766). Tunneling is an encapsulation technique, which utilizes one network transport protocol to encapsulate packets of another network transport protocol and transfer them over 1-1

the network. A tunnel is a virtual point-to-point connection. In practice, the virtual interface that supports only point-to-point connections is called tunnel interface. One tunnel provides one channel to transfer encapsulated packets. Packets can be encapsulated and decapsulated at both ends of a tunnel. Tunneling refers to the whole process from data encapsulation to data transfer to data decapsulation. Note: For related configuration about the dual protocol stack, refer to Dual Stack Configuration. 1.1.1 IPv6 over IPv4 Tunnel I. Principle The IPv6 over IPv4 tunneling mechanism encapsulates an IPv4 header in IPv6 data packets so that IPv6 packets can pass an IPv4 network through a tunnel to realize interworking between isolated IPv6 networks, as shown in Figure 1-1. Caution: The devices at both ends of an IPv6 over IPv4 tunnel must support IPv4/IPv6 dual stack. Figure 1-1 Principle of IPv6 over IPv4 tunnel The IPv6 over IPv4 tunnel processes packets in the following way: 1-2

1) A host in the IPv6 network sends an IPv6 packet to the device at the source end of the tunnel. 2) After determining according to the routing table that the packet needs to be forwarded through the tunnel, the device at the source end of the tunnel encapsulates an IPv4 header in the IPv6 packet and forwards it through the physical interface of the tunnel. 3) The encapsulated packet goes through the tunnel to reach the device at the destination end of the tunnel. The device at the destination end decapsulates the packet if the destination address of the encapsulated packet is the device itself. 4) The device at the destination end of the tunnel forwards the packet according to the destination address in the decapsulated IPv6 packet. If the destination address is the device itself, the device at the destination end forwards the IPv6 packet to the upper-layer protocol for processing. II. Configured tunnel and automatic tunnel An IPv6 over IPv4 tunnel can be established between hosts, between hosts and devices, and between devices. The tunnel destination needs to forward packets if the tunnel destination is not the eventual destination of the IPv6 packet. According to the way the IPv4 address of the tunnel destination is acquired, tunnels are divided into configured tunnel and automatic tunnel. The tunnel destination IPv4 address cannot be acquired from the destination address of the IPv6 packet and it needs to be configured manually. Such a tunnel is called configured tunnel. If the tunnel destination is just the eventual destination of the IPv6 packet, an IPv4 address can be embedded into an IPv6 address so that the IPv4 address of the tunnel destination can automatically be acquired from the destination address of the IPv6 packet. Such a tunnel is called automatic tunnel. III. Type According to the way an IPv6 packet is encapsulated, IPv6 over IPv4 tunnels are divided into the following types: IPv6 manually configured tunnel Automatic IPv4-compatible IPv6 tunnel 6to4 tunnel ISATAP tunnel IPv6-over-IPv4 GRE tunnel (GRE tunnel for short) Among the above tunnels, the IPv6 manually configured tunnel and GRE tunnel are configured tunnels, while the automatic IPv4 compatible IPv6 tunnel, 6to4 tunnel, and intra-site automatic tunnel address protocol (ISATAP) tunnel are automatic tunnels. 1) IPv6 manually configured tunnel 1-3

A manually configured tunnel is a point-to-point link. One link is a separate tunnel. The IPv6 manually configured tunnel is mainly used for stable connections requiring regular secure communication between two border routers or between a border router and a host, or for connections to remote IPv6 networks. 2) Automatic IPv4-compatible IPv6 tunnel An automatic IPv4-compatible IPv6 tunnel is a point-to-multipoint link. IPv4-compatible IPv6 addresses are adopted at both ends of such a tunnel. The address format is 0:0:0:0:0:0:a.b.c.d/96, where a.b.c.d represents an embedded IPv4 address. The tunnel destination is automatically determined by the embedded IPv4 address, which makes it easy to create a tunnel for IPv6 over IPv4. However, an automatic IPv4-compatible IPv6 tunnel must use IPv4-compatible IPv6 addresses and it is still dependent on IPv4 addresses. Therefore, automatic IPv4-compatible IPv6 tunnels have limitations. 3) 6to4 tunnel An automatic 6to4 tunnel is a point-to-multipoint tunnel and is used to connect multiple isolated IPv6 networks over an IPv4 network to remote IPv6 networks. The embedded IPv4 address in an IPv6 address is used to automatically acquire the destination IPv4 address of the tunnel. The automatic 6to4 tunnel adopts 6to4 addresses. The address format is 2002:abcd:efgh:subnet number::interface ID/64, where 2002 represents the fixed IPv6 address prefix, and abcd:efgh represents the 32-bit globally unique source IPv4 address of the 6to4 tunnel, in hexadecimal notation. For example, 1.1.1.1 can be represented by 0101:0101. The part that follows 2002:abcd:efgh uniquely identifies a host in a 6to4 network. The tunnel destination is automatically determined by the embedded IPv4 address, which makes it easy to create a 6to4 tunnel. Because the 16-bit subnet number of the 64-bit address prefix in 6to4 addresses can be customized and the first 48 bits in the address prefix are fixed to a permanent value and the IPv4 address of the tunnel source or destination, it is possible that IPv6 packets can be forwarded by the tunnel. A 6to4 tunnel interconnects IPv6 networks over an IPv4 network, and overcomes the limitations of an automatic IPv4-compatible IPv6 tunnel. 4) 6to4 relay A 6to4 tunnel is only used to connect 6to4 networks, whose IP prefix must be 2002::/16. However, IPv6 network addresses with a prefix such as 2001::/16 may also be used in IPv6 networks. To connect a 6to4 network to an IPv6 network, a 6to4 router must be used as a gateway to forward packets to the IPv6 network. Such a router is called a 6to4 relay router. As shown in Figure 1-2, a static route must be configured on the border router (Router A) in the 6to4 network and the next-hop address must be the 6to4 address of the 6to4 relay router (Router C). In this way, all packets destined for the IPv6 network will be forwarded to the 6to4 relay router, and then to the IPv6 network. Thus, interworking 1-4

between the 6to4 network (with the address prefix starting with 2002) and the IPv6 network is realized. Figure 1-2 Principle of 6to4 tunnel and 6to4 relay 5) ISATAP tunnel With the application of the IPv6 technique, there will be more and more IPv6 hosts in the existing IPv4 network. The ISATAP tunneling technique provides a satisfactory solution for IPv6 application. An ISATAP tunnel is a point-to-point automatic tunnel. The destination of a tunnel can automatically be acquired from the embedded IPv4 address in the destination address of an IPv6 packet. When an ISATAP tunnel is used, the destination address of an IPv6 packet and the IPv6 address of a tunnel interface both adopt special addresses: ISATAP addresses. The ISATAP address format is prefix (64bit):0:5EFE:ip-address. The ip-address is in the form of a.b.c.d or abcd:efgh, where abcd:efgh represents a 32-bit source IPv4 address. Through the embedded IPv4 address, an ISATAP tunnel can automatically be created to transfer IPv6 packets. The ISATAP tunnel is mainly used for connection between IPv6 host and IPv6 router. Figure 1-3 ISATAP tunnel 6) GRE tunnel IPv6 packets can be carried over GRE tunnels to pass through the IPv4 network by using standard GRE protocol to encapsulate them. Like the IPv6 manually configured tunnel, a GRE tunnel is a point-to-point link, too. Each link is a separate tunnel. The GRE tunnel is mainly used for stable connections requiring regular secure communication between two border routers or between a host and a border router. For related configurations, refer to GRE Configuration in the MPLS VPN Volume. 1-5

IV. Expedite termination If expedite termination is disabled, a tunneled packet arriving at the destination node is first forwarded to the tunnel service loopback interface for processing, then the outer IPv4 header is removed, and finally the decapsulated original packet is forwarded. If expedite termination is enabled, the tunneled packet is unnecessarily sent to the loopback interface for processing, but is directly processed as IPv6 packets. If the source IP address of the tunneled packet matches the expedite termination subnet, the packet is sent to the IPv6 engine to forward or sent to the CPU for processing. If the tunneled packet needs to be forwarded, the IPv6 engine decapsulates the tunneled packet to obtain the original IPv6 packet and then forwards it directly. The expedite termination function solves the problem that the rate of tunneled packets is restricted by the loopback port in the tunnel service. Note: With expedite termination enabled, IPv6 packets to be encapsulated still need to be sent to the tunnel service loopback interface for processing. The IPv6 over IPv4 GRE tunnel supports the expedite termination function. There are two cases: The expediting subnet command is not applicable to a configured tunnel (for example, GRE tunnel and IPv6 manually configured tunnel). After the expedite termination function is enabled, the system will consider the destination address of the tunnel as the expedite termination subnet with subnet mask 255.255.255.255. For automatic tunnels (for example, automatic IPv4-compatible IPv6 tunnel, automatic 6to4 tunnel, and ISATAP tunnel), you need to use the expediting subnet command to designate an IP address and subnet mask for the expedite termination subnet after carrying out the expediting enable command. For details about the expediting enable command, refer to the Tunneling Commands. 1-6

V. Tunnel hybrid insertion In practice, many cards only support IPv4. However, a tunnel can only be established over IPv6 cards. After tunnel packets arrive on the destination node, it is very likely that an IPv4 card received the packets. The tunnel hybrid insertion function enables IPv4 cards to support the tunnel termination. Through the function, tunnel packets can be terminated without obstruction on the destination node. This function is implemented by configuring an ACL on incoming interfaces of IPv4 cards to redirect tunnel packets to IPv6 cards. Caution: In the case of tunnel hybrid insertion, the outbound interface of tunnel packets must support IPv6 if expedite termination is enabled. Otherwise, tunnel packets cannot be decapsulated. 1.1.2 IPv4 over IPv4 Tunnel I. Introduction to IPv4 over IPv4 tunneling protocol IPv4 over IPv4 tunneling protocol (RFC 1853) is developed for IP data packet encapsulation so that data can be transferred from one IPv4 network to another IPv4 network. II. Encapsulation and decapsulation Packets to be transferred through a tunnel undergo an encapsulation process and decapsulation process. Figure 1-4 shows these two processes. IPv4 header IPv4 data IPv4 header IPv4 header IPv4 data IPv4 header IPv4 data IPv4 network Router A IPv 4 network IPv4 tunnel Router B IPv 4 network IPv4 host IPv4 host Figure 1-4 Principle of IPv4 over IPv4 tunnel 1-7

1.2 Tunneling Configuration Task List Complete these tasks to configure the tunneling feature: Configuring IPv6 over IPv4 GRE tunnel Task Configuring IPv6 Manually Configured Tunnel Configuring Automatic IPv4-Compatible IPv6 Tunnel Configuring 6to4 Tunnel Configuring 6to4 Relay Configuring ISATAP Tunnel Remarks Configuring IPv4 over IPv4 Tunnel Configuring Tunnel Hybrid Insertion Note: When NAT is also enabled on the VLAN interface serving as the tunnel source interface, if possible, you need to enable expedite termination on the tunnel interface to ensure the availability of these two services. 1.3 Configuring IPv6 Manually Configured Tunnel 1.3.1 Configuration Prerequisites IP addresses are configured for interfaces such as VLAN interface, Ethernet interface, and loopback interface on the device so that they can communicate. These interfaces serve as the source interface of a tunnel interface to ensure that the tunnel destination address is reachable. 1.3.2 Configuration Procedure Follow these steps to configure an IPv6 manually configured tunnel: To do Use the command Remarks Enter system view system-view Enable the IPv6 packet forwarding function ipv6 By default, the IPv6 packet forwarding function is disabled. 1-8

To do Use the command Remarks Create a tunnel interface and enter tunnel interface view interface tunnel number By default, there is no tunnel interface on the device. Configur e an IPv6 address for the tunnel interface Configure a global unicast IPv6 address or a site-local address Configure a link-local IPv6 address ipv6 address { ipv6-address prefix-length ipv6-address/prefix-length } ipv6 address ipv6-address/prefix-length eui-64 ipv6 address auto link-local ipv6 address ipv6-address link-local Use any command. By default, no IPv6 global unicast address or site-local address is configured for the tunnel interface. A link-local address will automatically be created when an IPv6 global unicast address or site-local address is configured. Configure the tunnel to be an IPv6 manually configured tunnel Configure a source address or source interface for the tunnel Configure a destination address for the tunnel Configure a link aggregation group ID to be referenced by the tunnel interface Enable the expedite termination function Configure the MTU of a tunnel interface tunnel-protocol ipv6-ipv4 source { ip-address ipv6-address interface-type interface-number } destination ip-address aggregation-group aggregation-group-id expediting enable ipv6 mtu mtu-size By default, the tunnel is a GRE tunnel. The same tunnel type should be configured at both ends of the tunnel. Otherwise, packet delivery will fail. By default, no source address or interface is configured for the tunnel. By default, no destination address is configured for the tunnel. By default, the expedite termination function is disabled. 1-9

Note: For the configuration of tunnel interface MTU, refer to the ipv6 mtu command in IPv6 Basics Commands of IP Services Volume. Caution: After a tunnel interface is deleted, all the above features configured on the tunnel interface will be deleted. If the tunnel interface addresses at the two ends of a tunnel are not in the same network segment, a forwarding route through the tunnel to the peer must be configured so that the encapsulated packet can be forwarded normally. You can configure static or dynamic routes. IP addresses must be configured at both ends of the tunnel. For detailed configuration, refer to IP Routing Volume. When you configure a static route at one tunnel end, you need to configure a route to the destination IPv6 address of the packet, instead of the IPv4 address of the tunnel destination, and set the outbound interface to the tunnel interface at the local end or set the next-hop to the tunnel interface at the peer end. The similar configuration needs to be performed at the other tunnel end. Before configuring dynamic routes, you must enable the dynamic routing protocol on the tunnel interfaces at both ends. For configurations, refer to related contents in IP Routing Volume. The interfaces of an IPv6 manually configured tunnel support dynamic routing protocols such as OSPFv3, RIPng, and BGP4+. When configuring a dynamic routing protocol other than BGP4+ on tunnel interfaces, you need to enable expedite termination on the tunnel interfaces. The destination address of the route configured on the tunnel interface and the address of the tunnel interface must not be in the same network segment. Two or more tunnel interfaces using the same encapsulation protocol must have different source and destination addresses. 1.3.3 Configuration Example I. Network requirements Two IPv6 networks are connected through an IPv6 manually configured tunnel between Switch A and Switch B. As shown in Figure 1-5, the interface VLAN-interface 12 on Switch A can communicate with the interface VLAN-interface 12 on Switch B and an IPv4 packet route is available between. 1-10

II. Network diagram Figure 1-5 Network diagram for an IPv6 manually configured tunnel (on switches) III. Configuration procedure The following example shows how to configure an IPv6 manually configured tunnel between Switch A and Switch B. Before configuration, you must specify IP addresses for the source and destination of the tunnel. 1) Configure Switch A # Configure an IPv4 address for the interface VLAN-interface 12. <SwitchA> system-view [SwitchA] vlan 12 [SwitchA-vlan12] port GigabitEthernet 3/1/1 [SwitchA-vlan12] quit [SwitchA] interface vlan-interface 12 [SwitchA-vlan-interface12] ip address 192.168.100.1 255.255.255.0 [SwitchA-vlan-interface12] quit # Enable the IPv6 forwarding function. [SwitchA] ipv6 # Configure a link aggregation group and set the service type to tunnel. [SwitchA] link-aggregation group 1 mode manual [SwitchA] link-aggregation group 1 service-type tunnel [SwitchA] interface GigabitEthernet 3/1/2 [SwitchA-GigabitEthernet3/1/2] stp disable [SwitchA-GigabitEthernet3/1/2] port link-aggregation group 1 [SwitchA-GigabitEthernet3/1/2] quit # Configure an IPv6 manually configured tunnel. [SwitchA] interface tunnel 0/0/1 [SwitchA-Tunnel0/0/1] ipv6 address 3001::1 64 [SwitchA-Tunnel0/0/1] source vlan-interface 12 [SwitchA-Tunnel0/0/1] destination 192.168.100.2 [SwitchA-Tunnel0/0/1] tunnel-protocol ipv6-ipv4 1-11

# Reference link aggregation group 1 and enable expedite termination in tunnel interface view. [SwitchA-Tunnel0/0/1] aggregation-group 1 [SwitchA-Tunnel0/0/1] expediting enable [SwitchA-Tunnel0/0/1] quit # Configure a static route from the interface Tunnel 0/0/1 of Switch A to Switch B. [SwitchA] ipv6 route-static 2::0 64 tunnel 0/0/1 2) Configure Switch B. # Configure an IPv4 address for the interface VLAN-interface 12. <SwitchB> system-view [SwitchB] vlan 12 [SwitchB-vlan12] port GigabitEthernet 3/1/1 [SwitchB-vlan12] quit [SwitchB] interface Vlan-interface 12 [SwitchB-Vlan-interface12] ip address 192.168.100.2 255.255.255.0 [SwitchB-Vlan-interface12] quit # Enable the IPv6 forwarding function. [SwitchB] ipv6 # Configure a link aggregation group and set the service type to tunnel. [SwitchB] link-aggregation group 2 mode manual [SwitchB] link-aggregation group 2 service-type tunnel [SwitchB] interface GigabitEthernet 3/1/2 [SwitchB-GigabitEthernet3/1/2] stp disable [SwitchB-GigabitEthernet3/1/2] port link-aggregation group 2 [SwitchB-GigabitEthernet3/1/2] quit #Configure an IPv6 manually configured tunnel. [SwitchB] interface tunnel0/0/1 [SwitchB-Tunnel0/0/1] ipv6 address 3001::2 64 [SwitchB-Tunnel0/0/1] source vlan-interface 12 [SwitchB-Tunnel0/0/1] destination 192.168.100.1 [SwitchB-Tunnel0/0/1] tunnel-protocol ipv6-ipv4 # Reference link aggregation group 2 and enable expedite termination in tunnel interface view [SwitchB] interface tunnel 0/0/1 [SwitchB-Tunnel0/0/1] aggregation-group 2 [SwitchB-Tunnel0/0/1] expediting enable [SwitchB-Tunnel0/0/1] quit # Configure a static from the interface Tunnel0/0/1 of Switch B to Switch A. [SwitchB] ipv6 route-static 1::0 64 tunnel 0/0/1 1-12

IV. Configuration verification After the above configurations, you can successfully ping the IPv6 address of the peer tunnel interface from one switch. 1.4 Configuring Automatic IPv4-Compatible IPv6 Tunnel 1.4.1 Configuration Prerequisites IP addresses are configured for interfaces such as VLAN interface and Loopback interface on the device so that they can communicate. These interfaces serve as the source interface of the virtual tunnel interface to ensure that the tunnel destination address is reachable. 1.4.2 Configuration Procedure Follow these steps to configure an automatic IPv4-compatible IPv6 tunnel: To do Use the command Remarks Enter system view system-view Enable the IPv6 packet forwarding function Create a tunnel interface and enter tunnel interface view ipv6 interface tunnel number By default, the IPv6 packet forwarding function is disabled. By default, there is no tunnel interface on the device. Configure an IPv6 address for the tunnel interface Configure an IPv6 global unicast address or site-local address Configure an IPv6 link-local address ipv6 address { ipv6-address prefix-length ipv6-address/prefix-length } ipv6 address ipv6-address/prefix-length eui-64 ipv6 address auto link-local ipv6 address ipv6-address link-local Use either command. By default, no IPv6 global unicast address or site-local address is configured for the tunnel interface. By default, a link-local address will automatically be generated when an IPv6 global unicast or site-local address is configured for the interface. 1-13

To do Use the command Remarks Configure an automatic IPv4-compatible IPv6 tunnel Configure a source address for the tunnel Configure a link aggregation group ID to be referenced by the tunnel interface Enable the expedite termination function Configure an address and mask for the expedite termination subnet Configure a tunnel interface MTU tunnel-protocol ipv6-ipv4 auto-tunnel source { ip-address ipv6-address interface-type interface-number } aggregation-group aggregation-group-id expediting enable expediting subnet ip-address mask mtu mtu-size By default, the tunnel is a GRE tunnel. The same tunnel type should be configured at both ends of the tunnel. Otherwise, packet delivery will fail. By default, no source address or interface is configured for the tunnel. By default, the expedite termination function is disabled. By default, no expedite termination subnet is configured for a tunnel. Note: For the configuration of the tunnel interface MTU, refer to the ipv6 mtu command in IPv6 Basics Commands in IP Services Volume. 1-14

Caution: For automatic IPv4-compatible IPv6 tunnels, 6to4 tunnels, or ISATAP tunnels, their tunnel interfaces must have different source addresses. No destination address needs to be configured for an automatic IPv4-compatible IPv6 tunnel. If the tunnel interface addresses at the two ends of a tunnel are not in the same network segment, a forwarding route through the tunnel to the peer must be configured so that the encapsulated packet can be forwarded. You can configure static or dynamic routes. A forwarding route needs to be configured at both ends of the tunnel. For detailed configuration, refer to IP Routing Volume. Automatic IPv4-compatible IPv6 tunnels support only BGP4+. When you configure a static route at one tunnel end, you need to configure a route to the destination IPv6 address of the packet, instead of the IPv4 address of the tunnel destination, and set the outbound interface to the tunnel interface at the local end or set the next-hop to the tunnel interface at the peer end. The similar configuration needs to be performed at the other tunnel end. 1.4.3 Configuration Example I. Network requirements Between Switch A and Switch B is an IPv4 network. It is required that an IPv6 connection be established through an automatic IPv4-compatible IPv6 tunnel between the two dual-stack switches. II. Network diagram Figure 1-6 Network diagram for an automatic IPv4-compatible IPv6 tunnel III. Configuration procedure The following example shows how to configure an automatic IPv4-compatible IPv6 tunnel between Switch A and Switch B. No address needs to be specified for the tunnel destination because the tunnel destination address can automatically be obtained from the IPv4 address embedded in the IPv4-compatible IPv6 address. 1) Configure Switch A 1-15

# Enable the IPv6 forwarding function. <SwitchA> system-view [SwitchA] ipv6 # Configure an IPv4 address for the interface VLAN-interface 12. [SwitchA] vlan 12 [SwitchA-vlan12] port GigabitEthernet3/1/1 [SwitchA-vlan12] quit [SwitchA] interface Vlan-interface 12 [SwitchA-Vlan-interface 12] ip address 2.1.1.1 255.0.0.0 [SwitchA-Vlan-interface 12] quit # Configure an automatic IPv4-compatible IPv6 tunnel. [SwitchA] interface tunnel 0/0/1 [SwitchA-Tunnel0/0/1] ipv6 address ::2.1.1.1/96 [SwitchA-Tunnel0/0/1] source Vlan-interface 12 [SwitchA-Tunnel0/0/1] tunnel-protocol ipv6-ipv4 auto-tunnel # Configure a link aggregation group and set the service type to tunnel. [SwitchA] link-aggregation group 1 mode manual [SwitchA] link-aggregation group 1 service-type tunnel [SwitchA] interface GigabitEthernet 3/1/2 [SwitchA-GigabitEthernet3/1/2] stp disable [SwitchA-GigabitEthernet3/1/2] port link-aggregation group 1 [SwitchA-GigabitEthernet3/1/2] quit # Reference link aggregation group 1 and enable expedite termination in tunnel interface view. [SwitchA] interface tunnel 0/0/1 [SwitchA-Tunnel0/0/1] aggregation-group 1 [SwitchA-Tunnel0/0/1] expediting enable [SwitchA-Tunnel0/0/1] expediting subnet 2.1.1.0 255.0.0.0 [SwitchA-Tunnel0/0/1] quit 2) Configure Switch B # Enable the IPv6 forwarding function. <SwitchB> system-view [SwitchB] ipv6 # Configure an IPv4 address for the interface VLAN-interface 12. [SwitchB] vlan 12 [SwitchB-vlan12] port GigabitEthernet 3/1/1 [SwitchB] interface Vlan-interface 12 [SwitchB-GigabitEthernet3/1/1] ip address 2.1.1.2 255.0.0.0 [SwitchB-GigabitEthernet3/1/1] quit 1-16

# Configure an automatic IPv4-compatible IPv6 tunnel. [SwitchB] interface tunnel 0/0/1 [SwitchB-Tunnel0/0/1] ipv6 address ::2.1.1.2/96 [SwitchB-Tunnel0/0/1] source Vlan-interface 12 [SwitchB-Tunnel0/0/1] tunnel-protocol ipv6-ipv4 auto-tunnel # Configure a link aggregation group and set the service type to tunnel. [SwitchB] link-aggregation group 1 mode manual [SwitchB] link-aggregation group 1 service-type tunnel [SwitchB] interface GigabitEthernet 3/1/2 [SwitchB-GigabitEthernet3/1/2] stp disable [SwitchB-GigabitEthernet3/1/2] port link-aggregation group 1 [SwitchB-GigabitEthernet3/1/2] quit # Reference link aggregation group 1 and enable expedite termination in tunnel interface view. [SwitchB] interface tunnel 0/0/1 [SwitchB]-Tunnel0/0/1] aggregation-group 1 [SwitchB-Tunnel0/0/1] expediting enable [SwitchB-Tunnel0/0/1] expediting subnet 2.1.1.0 255.0.0.0 [SwitchB-Tunnel0/0/1] quit IV. Configuration verification After the above configurations, you can successfully ping the IPv4-compatible IPv6 address of the peer tunnel interface from one switch. 1.5 Configuring 6to4 Tunnel 1.5.1 Configuration Prerequisites IP addresses are configured for interfaces such as VLAN interface and Loopback interface on the device so that they can communicate. These interfaces serve as the source interface of the virtual tunnel interface to ensure that the tunnel destination address is reachable. 1.5.2 Configuration Procedure Follow these steps to configure a 6to4 tunnel: To do Use the command Remarks Enter system view system-view 1-17

To do Use the command Remarks Enable the IPv6 packet forwarding function Create a tunnel interface and enter tunnel interface view ipv6 interface tunnel number By default, the IPv6 packet forwarding function is disabled. By default, there is no tunnel interface on the device. Configure an IPv6 address for the tunnel interface Configure an IPv6 global unicast address or site-local address Configure an IPv6 link-local address ipv6 address { ipv6-address prefix-length ipv6-address/prefix-lengt h } ipv6 address ipv6-address/prefix-lengt h eui-64 ipv6 address auto link-local ipv6 address ipv6-address link-local. Use either command. By default, no IPv6 global unicast address or site-local address is configured for the tunnel interface. By default, a link-local address will automatically be generated when an IPv6 global unicast address or site-local address is configured. Set a 6to4 tunnel Configure a source address for the tunnel Configure a link aggregation group ID to be referenced by the tunnel interface Enable the expedite termination function tunnel-protocol ipv6-ipv4 6to4 source { ip-address ipv6-address interface-type interface-number } aggregation-group aggregation-group-id expediting enable By default, the tunnel is a GRE tunnel. The same tunnel type should be configured at both ends of the tunnel. Otherwise, packet delivery will fail. By default, no source address or interface is configured for the tunnel. By default, the expedite termination function is disabled. 1-18

To do Use the command Remarks Configure an address and mask for the expedite termination subnet Configure the tunnel interface MTU expediting subnet ip-address mask mtu mtu-size By default, no expedite termination subnet is configured for a tunnel. Note: For the configuration of the tunnel interface MTU, refer to the ipv6 mtu command in IPv6 Basics Commands of IP Services Volume. Caution: For automatic IPv4-compatible IPv6 tunnels, 6to4 tunnels, or ISATAP tunnels, their tunnel interfaces must have different source addresses. Two or more tunnel interfaces using the same encapsulation protocol must have different source and destination addresses. No destination address needs to be configured for an automatic tunnel because the destination address can automatically be obtained from the IPv4 address embedded in the IPv4-compatible IPv6 address. If the tunnel interface addresses at the two ends of a tunnel are not in the same network segment, a forwarding route through the tunnel to the peer must be configured so that the encapsulated packet can be forwarded. You can configure static or dynamic routes. A forwarding route needs to be configured at both ends of the tunnel. For the detailed configuration, refer to IP Routing Volume. 6to4 tunnels support only BGP4+. When you configure a static route, you need to configure a route to the destination address (the destination IP address of the packet, instead of the IPv4 address of the tunnel destination) and set the next-hop to the tunnel interface number or network address at the local end of the tunnel. A static route must be configured at both ends of the tunnel. 1-19

1.5.3 Configuration Example I. Network requirements Isolated IPv6 domains are interconnected through a 6to4 tunnel established in the IPv4 network. II. Network diagram Figure 1-7 Network diagram for a 6to4 tunnel III. Configuration procedure The following example shows how to configure a 6to4 tunnel between border switches on isolated IPv6 networks. After the IPv4 address 2.1.1.1 is converted into an IPv6 address, the address prefix is 2002:0201:0101::/64. The configured static route directs all traffic destined for the IPv6 address with the prefix 2002::/16 to the tunnel interface of the 6to4 tunnel. 1) Configure Switch A # Enable the IPv6 forwarding function. <SwitchA> system-view [SwitchA] ipv6 # Configure an IPv4 address for the interface VLAN-interface 100. [SwitchA] vlan 100 [SwitchA-vlan100] port GigabitEthernet 1/1/1 [SwitchA-vlan100] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ip address 2.1.1.1 24 [SwitchA-Vlan-interface100] quit # Configure a route from the interface VLAN-interface 100 to the interface VLAN-interface 100 of Switch B. (Here the next-hop address of the static route is represented by [nexthop]. In practice, you should configure the real next-hop address according to the network.) 1-20

[SwitchA] ip route-static 5.1.1.1 24 [nexthop] # Configure an IPv6 address for the interface VLAN-interface 101. [SwitchA] vlan 101 [SwitchA-vlan101] port GigabitEthernet 1/1/2 [SwitchA-vlan101] quit [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] ipv6 address 2002:0201:0101:1::1/64 [SwitchA-Vlan-interface101] quit # Configure a 6to4 tunnel. [SwitchA] interface tunnel 0/0/1 [SwitchA-Tunnel0/0/1] ipv6 address 2002:201:101::1 64 [SwitchA-Tunnel0/0/1] source vlan-interface 100 [SwitchA-Tunnel0/0/1] tunnel-protocol ipv6-ipv4 6to4 [SwitchA-Tunnel0/0/1] quit # Configure a link aggregation group and set the service type to tunnel. [SwitchA] link-aggregation group 1 mode manual [SwitchA] link-aggregation group 1 service-type tunnel [SwitchA] interface GigabitEthernet 1/1/3 [SwitchA-GigabitEthernet1/1/3] stp disable [SwitchA-GigabitEthernet1/1/3] port link-aggregation group 1 [SwitchA-GigabitEthernet1/1/3] quit # Reference link aggregation group 1 and enable expedite termination in tunnel interface view. [SwitchA] interface tunnel 0/0/1 [SwitchA-Tunnel0/0/1] aggregation-group 1 [SwitchA-Tunnel0/0/1] expediting enable [SwitchA-Tunnel0/0/1] expediting subnet 5.1.1.0 255.0.0.0 [SwitchA-Tunnel0/0/1] quit # Configure a static route whose destination address is 2002::/16 and next-hop is the tunnel interface. [SwitchA] ipv6 route-static 2002:: 16 tunnel 0/0/1 2) Configure Switch B # Enable the IPv6 forwarding function. <SwitchB> system-view [SwitchB] ipv6 # Configure an IPv4 address for the interface VLAN-interface 100. [SwitchB] vlan 100 [SwitchB-vlan100] port GigabitEthernet 1/1/1 [SwitchB-vlan100] quit 1-21

[SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ip address 5.1.1.1 24 [SwitchB-Vlan-interface100] quit # Configure a route from the interface VLAN-interface 100 to the interface VLAN-interface 100 of Switch A. (Here the next-hop address of the static route is represented by [nexthop]. In practice, you should configure the real next-hop address according to the network.) [SwitchB] ip route-static 2.1.1.1 24 [nexthop] # Configure an IPv6 address for the interface VLAN-interface 101. [SwitchB] vlan 101 [SwitchB-vlan101] port GigabitEthernet 1/1/2 [SwitchB-vlan101] quit [SwitchB] interface vlan-interface 101 [SwitchB-Vlan-interface101] ipv6 address 2002:0501:0101:1::1/64 [SwitchB-Vlan-interface101] quit # Configure a 6to4 tunnel. [SwitchB] interface tunnel0/0/1 [SwitchB-Tunnel0/0/1] ipv6 address 2002:0501:0101::1 64 [SwitchB-Tunnel0/0/1] source vlan-interface 100 [SwitchB-Tunnel0/0/1] tunnel-protocol ipv6-ipv4 6to4 [SwitchB-Tunnel0/0/1] quit # Configure a link aggregation group and set the service type to tunnel. [SwitchB] link-aggregation group 1 mode manual [SwitchB] link-aggregation group 1 service-type tunnel [SwitchB] interface GigabitEthernet 1/1/3 [SwitchB-GigabitEthernet1/1/3] stp disable [SwitchB-GigabitEthernet1/1/3] port link-aggregation group 1 [SwitchB-GigabitEthernet1/1/3] quit # Reference link aggregation group 1 and enable expedite termination in tunnel interface view. [SwitchB] interface tunnel 0/0/1 [SwitchB-Tunnel0/0/1] aggregation-group 1 [SwitchB-Tunnel0/0/1] expediting enable [SwitchB-Tunnel0/0/1] expediting subnet 2.1.1.0 255.0.0.0 [SwitchB-Tunnel0/0/1] quit # Configure a static route whose destination address is 2002::/16 and the next hop is the tunnel interface. [SwitchB] ipv6 route-static 2002:: 16 tunnel0 1-22

IV. Configuration verification After the above configuration, you can successfully ping Host B from Host A or ping Host A from Host B. 1.6 Configuring 6to4 Relay 1.6.1 Configuration Prerequisites An interface, such as a VLAN or loopback interface that will serve as the source interface of a tunnel, must have an IP address configured Make sure that a 6to4 tunnel has been established between the devices over an IPv4 network. Note: For details about how to configure a 6to4 tunnel, refer to 1.5 Configuring 6to4 Tunnel. 1.6.2 Configuring 6to4 Relay Follow these steps to configure 6to4 relay: To do Use the command Remarks Configure a static 6to4 relay route to an IPv6 network ipv6 route-static ipv6-address prefix-length nexthop-address Caution: To connect a 6to4 network (using 6to4 addresses) to an IPv6 network, a 6to4 relay router is needed. In addition, you need to configure a static route to the IPv6 network on the tunnel source end; the destination address of the static route cannot be a 6to4 address, while the next-hop address must be a 6to4 address and the IPv4 address embedded in the next-hop address must be a public unicast address. For details about 6to4 relay, refer to 1.1.1 III. 3) 6to4 tunnel. 1-23

1.6.3 Configuration Example I. Network requirements IPv6 networks (Site 1 and Site 2) are isolated by an IPv4 network. To make the two sites communicate through Switch A and Switch B, establish a 6to4 tunnel between the two switches, and configure default 6to4 relay routes to each other. Then, all IPv6 packets exchanged between Site 1 and Site 2 are forwarded through the 6to4 tunnel over the IPv4 network. II. Network diagram Figure 1-8 Network diagram for 6to4 relay III. Configuration procedure 1) Configure Switch A # Enable the IPv6 forwarding function. <SwitchA> system-view [SwitchA] ipv6 # Configure an IPv4 address for the interface VLAN-interface 2001. [SwitchA] vlan 2001 [SwitchA-vlan2001] port GigabitEthernet 4/1/1 [SwitchA-vlan2001] interface vlan-interface 2001 [SwitchA-Vlan-interface2001] ip address 11.0.0.2 24 [SwitchA-Vlan-interface2001] quit # Configure a static route to the interface VLAN-interface 2003 of Switch B. (Here the next-hop address of the static route is represented by [nexthop]. In practice, you should configure the actual next-hop address.) [SwitchA] ip route-static 13.0.0.0 24 [nexthop] # Configure an IPv6 address for the interface VLAN-interface 101. [SwitchA] vlan 101 1-24

[SwitchA-vlan101] port GigabitEthernet 4/1/5 [SwitchA-vlan101] interface vlan-interface 101 [SwitchA-Vlan-interface101] ipv6 address 2001:1::101 32 [SwitchA-Vlan-interface101] quit # Configure a 6to4 tunnel. [SwitchA] interface tunnel 4/0/0 [SwitchA-Tunnel4/0/0] ipv6 address 2002:b00:2:2::2 64 [SwitchA-Tunnel4/0/0] source vlan-interface 2001 [SwitchA-Tunnel4/0/0] tunnel-protocol ipv6-ipv4 6to4 [SwitchA-Tunnel4/0/0] quit # Configure a link aggregation group and set the service type to tunnel. [SwitchA] link-aggregation group 1 mode manual [SwitchA] link-aggregation group 1 service-type tunnel [SwitchA] interface GigabitEthernet 4/1/24 [SwitchA-GigabitEthernet4/1/24] stp disable [SwitchA-GigabitEthernet4/1/24] port link-aggregation group 1 [SwitchA-GigabitEthernet4/1/24] quit # Reference link aggregation group 1 in tunnel interface view. [SwitchA] interface tunnel 4/0/0 [SwitchA-Tunnel4/0/0] aggregation-group 1 # Configure a static route whose destination address is 2002:d00:2:2::/64 and next-hop is the tunnel interface. [SwitchA] ipv6 route-static 2002:d00:2:2:: 64 tunnel 4/0/0 # Configure a default 6to4 relay route whose next-hop is the IPv6 address of the peer tunnel interface. [SwitchA] ipv6 route-static :: 0 2002:d00:2:2::2 2) Configure Switch B # Enable the IPv6 forwarding function. <SwitchB> system-view [SwitchB] ipv6 # Configure an IPv4 address for the interface VLAN-interface 2003. [SwitchB] vlan 2003 [SwitchB-vlan2003] port GigabitEthernet 4/1/1 [SwitchB] interface vlan-interface 2003 [SwitchB-Vlan-interface2003] ip address 13.0.0.2 24 [SwitchB-Vlan-interface2003] quit # Configure a route to the interface VLAN-interface 2001 of Switch A. (Here the next-hop address of the static route is represented by [nexthop]. In practice, you should configure the actual next-hop address.) 1-25

[SwitchB] ip route-static 11.0.0.0 24 [nexthop] # Configure an IPv6 address for the interface VLAN-interface 102. [SwitchB] vlan 102 [SwitchB-vlan102] port GigabitEthernet 4/1/5 [SwitchB] interface vlan-interface 102 [SwitchB-Vlan-interface102] ipv6 address 2001:2::102 32 [SwitchB-Vlan-interface102] quit # Configure a 6to4 tunnel. [SwitchB] interface tunnel4/0/0 [SwitchB-Tunnel4/0/0] ipv6 address 2002:d00:2:2::2 64 [SwitchB-Tunnel4/0/0] source vlan-interface 2003 [SwitchB-Tunnel4/0/0] tunnel-protocol ipv6-ipv4 6to4 [SwitchB-Tunnel4/0/0] quit # Configure a link aggregation group and set the service type to tunnel. [SwitchB] link-aggregation group 1 mode manual [SwitchB] link-aggregation group 1 service-type tunnel [SwitchB] interface GigabitEthernet 4/1/48 [SwitchB-GigabitEthernet4/1/48] stp disable [SwitchB-GigabitEthernet4/1/48] port link-aggregation group 1 [SwitchB-GigabitEthernet4/1/48] quit # Reference link aggregation group 1 in tunnel interface view. [SwitchB] interface tunnel 4/0/0 [SwitchB-Tunnel4/0/0] aggregation-group 1 # Configure a static route whose destination address is 2002:b00:2:2::/64 and next-hop is the tunnel interface. [SwitchB] ipv6 route-static 2002:b00:2:2:: 64 tunnel4/0/0 # Configure a default 6to4 relay route whose next-hop is the IPv6 address of the peer 6to4 tunnel interface. [SwitchB] ipv6 route-static :: 0 2002:b00:2:2::2 1.7 Configuring ISATAP Tunnel 1.7.1 Configuration Prerequisites IP addresses are configured for interfaces such as VLAN interface and Loopback interface on the device so that they can communicate. These interfaces serve as the source interface of the virtual tunnel interface to ensure that the tunnel destination address is reachable. 1-26

1.7.2 Configuration Procedure Follow these steps to configure an ISATAP tunnel: To do Use the command Remarks Enter system view system-view Enable the IPv6 packet forwarding function Create a tunnel interface and enter tunnel interface view ipv6 interface tunnel number By default, the IPv6 forwarding function is disabled. By default, there is no tunnel interface on the device. Configure an IPv6 address for the tunnel interface Configure an IPv6 global unicast address or site-local address Configure an IPv6 link-local address ipv6 address { ipv6-address prefix-length ipv6-address/prefix-length } ipv6 address ipv6-address/prefix-length eui-64 ipv6 address auto link-local ipv6 address ipv6-address link-local. Use either command. By default, no IPv6 global unicast address or site-local address is configured for the tunnel interface. By default, a link-local address will automatically be generated when an IPv6 global unicast address or link-local address is configured. Set the tunnel to an ISATAP tunnel Configure a source address or source interface for the tunnel tunnel-protocol ipv6-ipv4 isatap source { ip-address ipv6-address interface-type interface-number } By default, the tunnel is a GRE tunnel. The same tunnel type should be configured at both ends of the tunnel. Otherwise, packet delivery will fail. By default, no source address or interface is configured for the tunnel. 1-27

To do Use the command Remarks Configure a link aggregation group ID to be referenced by the tunnel interface Enable the expedite termination function Configure an address and mask for the expedite termination subnet Configure the tunnel interface MTU aggregation-group aggregation-group-id expediting enable expediting subnet ip-address mask mtu mtu-size By default, the expedite termination function is disabled. By default, no expedite termination subnet is configured for a tunnel. Note: For the configuration of the tunnel interface MTU, refer to the ipv6 mtu command in IPv6 Basics Commands of IP Services Volume. Caution: For automatic IPv4-compatible IPv6 tunnels, 6to4 tunnels, or ISATAP tunnels, their tunnel interfaces must have different source addresses. If the tunnel interface addresses at the two ends of a tunnel are not in the same network segment, a forwarding route through the tunnel to the peer must be configured so that the encapsulated packet can be forwarded. You can configure static or dynamic routes. A forwarding route needs to be configured at both ends of the tunnel. For the detailed configuration, refer to IP Routing Volume. When you configure a static route, you need to configure a route to the destination address (the destination IP address of the packet, instead of the IPv4 address of the tunnel destination) and set the next-hop to the tunnel interface number or network address at the local end of the tunnel. A static route must be configured at both ends of the tunnel. Protocol packets can be processed properly only after expedite termination is enabled on the tunnel interface. 1-28

1.7.3 Configuration Example I. Network requirements The destination address of a tunnel is an ISATAP address. It is required that IPv6 hosts in the IPv4 network can access the IPv6 network via an ISATAP tunnel. II. Network diagram IPv6 network Vlan-int100 3001::1/64 Vlan-int101 2.1.1.1/8 IPv4 network IPv6 host IPv6 address: 3001::2/64 ISATAP switch ISATAP host IPv4 address: 2.1.1.2/32 IPv6 address: FE80:5EFE:0201:0102 2001:5EFE0201:0102 Figure 1-9 Network diagram for an ISATAP tunnel III. Configuration procedure The following example shows how to configure an ISATAP tunnel between the switch and the ISATAP host, which allows a separate ISATAP host to access the IPv6 network. 1) Configure the switch # Enable the IPv6 forwarding function. <Switch> system-view [Switch] ipv6 # Configure addresses for interfaces. [Switch] vlan 100 [Switch-vlan100] port GigabitEthernet 1/1/1 [Switch-vlan100] quit [Switch] interface vlan-interface 100 [Switch-Vlan-interface100] ipv6 address 3001::1/64 [Switch-Vlan-interface100] quit [Switch] vlan 101 [Switch-vlan101] port GigabitEthernet 1/1/2 [Switch-vlan101] quit [Switch] interface vlan-interface 101 [Switch-Vlan-interface101] ip address 2.1.1.1 255.0.0.0 [Switch-Vlan-interface101] quit # Configure a link aggregation group and set the service type to tunnel. [Switch] link-aggregation group 1 mode manual [Switch] link-aggregation group 1 service-type tunnel [Switch] interface GigabitEthernet 1/1/3 1-29

[Switch-GigabitEthernet1/1/3] stp disable [Switch-GigabitEthernet1/1/3] port link-aggregation group 1 [Switch-GigabitEthernet1/1/3] quit # Reference link aggregation group 1 and enable expedite termination in tunnel interface view. [Switch] interface tunnel 2/0/1 [Switch-Tunnel2/0/1] aggregation-group 1 [Switch-Tunnel2/0/1] expediting enable [Switch-Tunnel2/0/1] quit # Configure an ISATAP tunnel. [Switch] interface tunnel 2/0/1 [Switch-Tunnel2/0/1] ipv6 address 2001::5efe:0201:0101 64 [Switch-Tunnel2/0/1] source vlan-interface 101 [Switch-Tunnel2/0/1] tunnel-protocol ipv6-ipv4 isatap [Switch-Tunnel2/0/1] expediting enable [Switch-Tunnel2/0/1] expediting subnet 2.1.1.0 255.255.255.0 # Disable the RA suppression so that hosts can acquire information such as the address prefix from the RA message released by the ISATAP switch. [Switch-Tunnel2/0/1] undo ipv6 nd ra halt 2) Configure the ISATAP host The specific configuration on the ISATAP host is related to its operating system. The following example shows the configuration of the host running the Windows XP. # On a Windows XP-based host, the ISATAP interface is usually interface 2. Configure an IPv4 address for the ISATAP router to complete the configuration on the host. The ISATAP interface information is as follows: C:\>ipv6 if 2 Interface 2: Automatic Tunneling Pseudo-Interface {48FCE3FC-EC30-E50E-F1A7-71172AEEE3AE} does not use Neighbor Discovery does not use Router Discovery routing preference 1 EUI-64 embedded IPv4 address: 0.0.0.0 router link-layer address: 0.0.0.0 preferred link-local fe80::5efe:2.1.1.2, life infinite link MTU 1280 (true link MTU 65515) current hop limit 128 reachable time 42500ms (base 30000ms) retransmission interval 1000ms DAD transmits 0 1-30

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback