Table of Contents

Chapter 1 Tunneling Configuration. 1-1

1.1 Introduction to Tunneling. 1-1

1.1.1 IPv6 over IPv4 Tunnel 1-2

1.1.2 IPv4 over IPv4 Tunnel 1-7

1.2 Tunneling Configuration Task List 1-8

1.3 Configuring IPv6 Manually Configured Tunnel 1-8

1.3.1 Configuration Prerequisites. 1-8

1.3.2 Configuration Procedure. 1-8

1.3.3 Configuration Example. 1-10

1.4 Configuring Automatic IPv4-Compatible IPv6 Tunnel 1-13

1.4.1 Configuration Prerequisites. 1-13

1.4.2 Configuration Procedure. 1-13

1.4.3 Configuration Example. 1-15

1.5 Configuring 6to4 Tunnel 1-17

1.5.1 Configuration Prerequisites. 1-17

1.5.2 Configuration Procedure. 1-17

1.5.3 Configuration Example. 1-20

1.6 Configuring 6to4 Relay. 1-23

1.6.1 Configuration Prerequisites. 1-23

1.6.2 Configuring 6to4 Relay. 1-23

1.6.3 Configuration Example. 1-24

1.7 Configuring ISATAP Tunnel 1-26

1.7.1 Configuration Prerequisites. 1-26

1.7.2 Configuration Procedure. 1-27

1.7.3 Configuration Example. 1-29

1.8 Configuring IPv4 over IPv4 Tunnel 1-31

1.8.1 Configuration Prerequisites. 1-31

1.8.2 Configuration Procedure. 1-32

1.8.3 Configuration Example. 1-33

1.9 Configuring Tunnel Hybrid Insertion. 1-36

1.9.1 Configuration Prerequisites. 1-36

1.9.2 Configuration Procedure. 1-36

1.9.3 Configuration Example. 1-38

1.10 Displaying and Maintaining Tunneling Configuration. 1-41

1.11 Troubleshooting Tunneling Configuration. 1-42

 

Chapter 1  Tunneling Configuration

 

 

1.1  Introduction to Tunneling

The expansion of Internet results in scarce IPv4 addresses. Although the techniques such as temporary IPv4 address allocation and network address translation (NAT) relieve the problem of IPv4 address shortage to some extent, they not only increase the overhead in address resolution and processing, but also lead to high-level application failures. Furthermore, they will still face the problem that IPv4 addresses will eventually be used up. Internet protocol version 6 (IPv6) adopting the 128-bit addressing scheme completely solves the above problem. Since significant improvements have been made in address space, security, network management, mobility, and QoS, IPv6 becomes one of the core standards for the next generation Internet protocol. IPv6 is compatible with all protocols except IPv4 in the TCP/IP suite. Therefore, IPv6 can completely take the place of IPv4.

Before IPv6 becomes the dominant protocol, the network using the IPv6 protocol stack is expected to communicate with the Internet using IPv4. Therefore, an IPv6-IPv4 interworking technique must be developed to ensure the smooth transition from IPv4 to IPv6. In addition, the interworking technique should provide efficient, seamless information transfer. The Internet Engineering Task Force (IETF) set up the next generation transition (NGTRANS) working group to study problems about IPv4-to-IPv6 transition and efficient, seamless IPv4-IPv6 interworking. Currently, multiple transition techniques and interworking solutions are available. With their own characteristics, they are used to solve communication problems in different transition stages under different environments.

Currently, there are three major transition techniques: dual stack (RFC 2893), tunneling (RFC 2893), and NAT-PT (RFC 2766).

Tunneling is an encapsulation technique, which utilizes one network transport protocol to encapsulate packets of another network transport protocol and transfer them over the network. A tunnel is a virtual point-to-point connection. In practice, the virtual interface that supports only point-to-point connections is called tunnel interface. One tunnel provides one channel to transfer encapsulated packets. Packets can be encapsulated and decapsulated at both ends of a tunnel. Tunneling refers to the whole process from data encapsulation to data transfer to data decapsulation.

 

 

1.1.1  IPv6 over IPv4 Tunnel

I. Principle

The IPv6 over IPv4 tunneling mechanism encapsulates an IPv4 header in IPv6 data packets so that IPv6 packets can pass an IPv4 network through a tunnel to realize interworking between isolated IPv6 networks, as shown in Figure 1-1.

 

 

Figure 1-1 Principle of IPv6 over IPv4 tunnel

The IPv6 over IPv4 tunnel processes packets in the following way:

1)         A host in the IPv6 network sends an IPv6 packet to the device at the source end of the tunnel.

2)         After determining according to the routing table that the packet needs to be forwarded through the tunnel, the device at the source end of the tunnel encapsulates an IPv4 header in the IPv6 packet and forwards it through the physical interface of the tunnel.

3)         The encapsulated packet goes through the tunnel to reach the device at the destination end of the tunnel. The device at the destination end decapsulates the packet if the destination address of the encapsulated packet is the device itself.

4)         The device at the destination end of the tunnel forwards the packet according to the destination address in the decapsulated IPv6 packet. If the destination address is the device itself, the device at the destination end forwards the IPv6 packet to the upper-layer protocol for processing.

II. Configured tunnel and automatic tunnel

An IPv6 over IPv4 tunnel can be established between hosts, between hosts and devices, and between devices. The tunnel destination needs to forward packets if the tunnel destination is not the eventual destination of the IPv6 packet.

According to the way the IPv4 address of the tunnel destination is acquired, tunnels are divided into configured tunnel and automatic tunnel.

l           The tunnel destination IPv4 address cannot be acquired from the destination address of the IPv6 packet and it needs to be configured manually. Such a tunnel is called configured tunnel.

l           If the tunnel destination is just the eventual destination of the IPv6 packet, an IPv4 address can be embedded into an IPv6 address so that the IPv4 address of the tunnel destination can automatically be acquired from the destination address of the IPv6 packet. Such a tunnel is called automatic tunnel.

III. Type

According to the way an IPv6 packet is encapsulated, IPv6 over IPv4 tunnels are divided into the following types:

l           IPv6 manually configured tunnel

l           Automatic IPv4-compatible IPv6 tunnel

l           6to4 tunnel

l           ISATAP tunnel

l           IPv6-over-IPv4 GRE tunnel (GRE tunnel for short)

Among the above tunnels, the IPv6 manually configured tunnel and GRE tunnel are configured tunnels, while the automatic IPv4 compatible IPv6 tunnel, 6to4 tunnel, and intra-site automatic tunnel address protocol (ISATAP) tunnel are automatic tunnels.

1)         IPv6 manually configured tunnel

A manually configured tunnel is a point-to-point link. One link is a separate tunnel. The IPv6 manually configured tunnel is mainly used for stable connections requiring regular secure communication between two border routers or between a border router and a host, or for connections to remote IPv6 networks.

2)         Automatic IPv4-compatible IPv6 tunnel

An automatic IPv4-compatible IPv6 tunnel is a point-to-multipoint link. IPv4-compatible IPv6 addresses are adopted at both ends of such a tunnel. The address format is 0:0:0:0:0:0:a.b.c.d/96, where a.b.c.d represents an embedded IPv4 address. The tunnel destination is automatically determined by the embedded IPv4 address, which makes it easy to create a tunnel for IPv6 over IPv4. However, an automatic IPv4-compatible IPv6 tunnel must use IPv4-compatible IPv6 addresses and it is still dependent on IPv4 addresses. Therefore, automatic IPv4-compatible IPv6 tunnels have limitations.

3)         6to4 tunnel

An automatic 6to4 tunnel is a point-to-multipoint tunnel and is used to connect multiple isolated IPv6 networks over an IPv4 network to remote IPv6 networks. The embedded IPv4 address in an IPv6 address is used to automatically acquire the destination IPv4 address of the tunnel.

The automatic 6to4 tunnel adopts 6to4 addresses. The address format is 2002:abcd:efgh:subnet number::interface ID/64, where 2002 represents the fixed IPv6 address prefix, and abcd:efgh represents the 32-bit globally unique source IPv4 address of the 6to4 tunnel, in hexadecimal notation. For example, 1.1.1.1 can be represented by 0101:0101. The part that follows 2002:abcd:efgh uniquely identifies a host in a 6to4 network. The tunnel destination is automatically determined by the embedded IPv4 address, which makes it easy to create a 6to4 tunnel.

Because the 16-bit subnet number of the 64-bit address prefix in 6to4 addresses can be customized and the first 48 bits in the address prefix are fixed to a permanent value and the IPv4 address of the tunnel source or destination, it is possible that IPv6 packets can be forwarded by the tunnel. A 6to4 tunnel interconnects IPv6 networks over an IPv4 network, and overcomes the limitations of an automatic IPv4-compatible IPv6 tunnel.

4)         6to4 relay

A 6to4 tunnel is only used to connect 6to4 networks, whose IP prefix must be 2002::/16. However, IPv6 network addresses with a prefix such as 2001::/16 may also be used in IPv6 networks. To connect a 6to4 network to an IPv6 network, a 6to4 router must be used as a gateway to forward packets to the IPv6 network. Such a router is called a 6to4 relay router.

As shown in Figure 1-2, a static route must be configured on the border router (Router A) in the 6to4 network and the next-hop address must be the 6to4 address of the 6to4 relay router (Router C). In this way, all packets destined for the IPv6 network will be forwarded to the 6to4 relay router, and then to the IPv6 network. Thus, interworking between the 6to4 network (with the address prefix starting with 2002) and the IPv6 network is realized.

Figure 1-2 Principle of 6to4 tunnel and 6to4 relay

5)         ISATAP tunnel

With the application of the IPv6 technique, there will be more and more IPv6 hosts in the existing IPv4 network. The ISATAP tunneling technique provides a satisfactory solution for IPv6 application. An ISATAP tunnel is a point-to-point automatic tunnel. The destination of a tunnel can automatically be acquired from the embedded IPv4 address in the destination address of an IPv6 packet. When an ISATAP tunnel is used, the destination address of an IPv6 packet and the IPv6 address of a tunnel interface both adopt special addresses: ISATAP addresses. The ISATAP address format is prefix (64bit):0:5EFE:ip-address. The ip-address is in the form of a.b.c.d or abcd:efgh, where abcd:efgh represents a 32-bit source IPv4 address. Through the embedded IPv4 address, an ISATAP tunnel can automatically be created to transfer IPv6 packets. The ISATAP tunnel is mainly used for connection between IPv6 host and IPv6 router.

Figure 1-3 ISATAP tunnel

6)         GRE tunnel

IPv6 packets can be carried over GRE tunnels to pass through the IPv4 network by using standard GRE protocol to encapsulate them. Like the IPv6 manually configured tunnel, a GRE tunnel is a point-to-point link, too. Each link is a separate tunnel. The GRE tunnel is mainly used for stable connections requiring regular secure communication between two border routers or between a host and a border router. For related configurations, refer to GRE Configuration in the MPLS VPN Volume.

IV. Expedite termination

If expedite termination is disabled, a tunneled packet arriving at the destination node is first forwarded to the tunnel service loopback interface for processing, then the outer IPv4 header is removed, and finally the decapsulated original packet is forwarded. If expedite termination is enabled, the tunneled packet is unnecessarily sent to the loopback interface for processing, but is directly processed as IPv6 packets.

l           If the source IP address of the tunneled packet matches the expedite termination subnet, the packet is sent to the IPv6 engine to forward or sent to the CPU for processing.

l           If the tunneled packet needs to be forwarded, the IPv6 engine decapsulates the tunneled packet to obtain the original IPv6 packet and then forwards it directly.

The expedite termination function solves the problem that the rate of tunneled packets is restricted by the loopback port in the tunnel service.

 

 

The IPv6 over IPv4 GRE tunnel supports the expedite termination function. There are two cases:

l           The expediting subnet command is not applicable to a configured tunnel (for example, GRE tunnel and IPv6 manually configured tunnel). After the expedite termination function is enabled, the system will consider the destination address of the tunnel as the expedite termination subnet with subnet mask 255.255.255.255.

l           For automatic tunnels (for example, automatic IPv4-compatible IPv6 tunnel, automatic 6to4 tunnel, and ISATAP tunnel), you need to use the expediting subnet command to designate an IP address and subnet mask for the expedite termination subnet after carrying out the expediting enable command.

For details about the expediting enable command, refer to the Tunneling Commands.

V. Tunnel hybrid insertion

In practice, many cards only support IPv4. However, a tunnel can only be established over IPv6 cards. After tunnel packets arrive on the destination node, it is very likely that an IPv4 card received the packets. The tunnel hybrid insertion function enables IPv4 cards to support the tunnel termination. Through the function, tunnel packets can be terminated without obstruction on the destination node. This function is implemented by configuring an ACL on incoming interfaces of IPv4 cards to redirect tunnel packets to IPv6 cards.

 

 

1.1.2  IPv4 over IPv4 Tunnel

I. Introduction to IPv4 over IPv4 tunneling protocol

IPv4 over IPv4 tunneling protocol (RFC 1853) is developed for IP data packet encapsulation so that data can be transferred from one IPv4 network to another IPv4 network.

II. Encapsulation and decapsulation

Packets to be transferred through a tunnel undergo an encapsulation process and decapsulation process. Figure 1-4 shows these two processes.

Figure 1-4 Principle of IPv4 over IPv4 tunnel

1.2  Tunneling Configuration Task List

Complete these tasks to configure the tunneling feature:

Task		Remarks
Configuring IPv6 over IPv4 GRE tunnel	Configuring IPv6 Manually Configured Tunnel	Optional
	Configuring Automatic IPv4-Compatible IPv6 Tunnel	Optional
	Configuring 6to4 Tunnel	Optional
	Configuring 6to4 Relay	Optional
	Configuring ISATAP Tunnel	Optional
Configuring IPv4 over IPv4 Tunnel		Optional
Configuring Tunnel Hybrid Insertion		Optional

 

 

1.3  Configuring IPv6 Manually Configured Tunnel

1.3.1  Configuration Prerequisites

IP addresses are configured for interfaces such as VLAN interface, Ethernet interface, and loopback interface on the device so that they can communicate. These interfaces serve as the source interface of a tunnel interface to ensure that the tunnel destination address is reachable.

1.3.2  Configuration Procedure

Follow these steps to configure an IPv6 manually configured tunnel:

To do…		Use the command…	Remarks
Enter system view		system-view	—
Enable the IPv6 packet forwarding function		ipv6	Required By default, the IPv6 packet forwarding function is disabled.
Create a tunnel interface and enter tunnel interface view		interface tunnel number	Required By default, there is no tunnel interface on the device.
Configure an IPv6 address for the tunnel interface	Configure a global unicast IPv6 address or a site-local address	ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }	Required Use any command. By default, no IPv6 global unicast address or site-local address is configured for the tunnel interface.
		ipv6 address ipv6-address/prefix-length eui-64
	Configure a link-local IPv6 address	ipv6 address auto link-local	Optional A link-local address will automatically be created when an IPv6 global unicast address or site-local address is configured.
		ipv6 address ipv6-address link-local
Configure the tunnel to be an IPv6 manually configured tunnel		tunnel-protocol ipv6-ipv4	Required By default, the tunnel is a GRE tunnel. The same tunnel type should be configured at both ends of the tunnel. Otherwise, packet delivery will fail.
Configure a source address or source interface for the tunnel		source { ip-address | ipv6-address | interface-type interface-number }	Required By default, no source address or interface is configured for the tunnel.
Configure a destination address for the tunnel		destination ip-address	Required By default, no destination address is configured for the tunnel.
Configure a link aggregation group ID to be referenced by the tunnel interface		aggregation-group aggregation-group-id	Required
Enable the expedite termination function		expediting enable	Optional By default, the expedite termination function is disabled.
Configure the MTU of a tunnel interface		ipv6 mtu mtu-size	Optional

 

 

 

1.3.3  Configuration Example

I. Network requirements

Two IPv6 networks are connected through an IPv6 manually configured tunnel between Switch A and Switch B. As shown in Figure 1-5, the interface VLAN-interface 12 on Switch A can communicate with the interface VLAN-interface 12 on Switch B and an IPv4 packet route is available between.

II. Network diagram

Figure 1-5 Network diagram for an IPv6 manually configured tunnel (on switches)

III. Configuration procedure

The following example shows how to configure an IPv6 manually configured tunnel between Switch A and Switch B. Before configuration, you must specify IP addresses for the source and destination of the tunnel.

1)         Configure Switch A

# Configure an IPv4 address for the interface VLAN-interface 12.

<SwitchA> system-view

[SwitchA] vlan 12

[SwitchA-vlan12] port GigabitEthernet 3/1/1

[SwitchA-vlan12] quit

[SwitchA] interface vlan-interface 12

[SwitchA-vlan-interface12] ip address 192.168.100.1 255.255.255.0

[SwitchA-vlan-interface12] quit

# Enable the IPv6 forwarding function.

[SwitchA] ipv6

# Configure a link aggregation group and set the service type to tunnel.

[SwitchA] link-aggregation group 1 mode manual

[SwitchA] link-aggregation group 1 service-type tunnel

[SwitchA] interface GigabitEthernet 3/1/2

[SwitchA-GigabitEthernet3/1/2] stp disable

[SwitchA-GigabitEthernet3/1/2] port link-aggregation group 1

[SwitchA-GigabitEthernet3/1/2] quit

# Configure an IPv6 manually configured tunnel.

[SwitchA] interface tunnel 0/0/1

[SwitchA-Tunnel0/0/1] ipv6 address 3001::1 64

[SwitchA-Tunnel0/0/1] source vlan-interface 12

[SwitchA-Tunnel0/0/1] destination 192.168.100.2

[SwitchA-Tunnel0/0/1] tunnel-protocol ipv6-ipv4

# Reference link aggregation group 1 and enable expedite termination in tunnel interface view.

[SwitchA-Tunnel0/0/1] aggregation-group 1

[SwitchA-Tunnel0/0/1] expediting enable

[SwitchA-Tunnel0/0/1] quit

# Configure a static route from the interface Tunnel 0/0/1 of Switch A to Switch B.

[SwitchA] ipv6 route-static 2::0 64 tunnel 0/0/1

2)         Configure Switch B.

# Configure an IPv4 address for the interface VLAN-interface 12.

<SwitchB> system-view

[SwitchB] vlan 12

[SwitchB-vlan12] port GigabitEthernet 3/1/1

[SwitchB-vlan12] quit

[SwitchB] interface Vlan-interface 12

[SwitchB-Vlan-interface12] ip address 192.168.100.2 255.255.255.0

[SwitchB-Vlan-interface12] quit

# Enable the IPv6 forwarding function.

[SwitchB] ipv6

# Configure a link aggregation group and set the service type to tunnel.

[SwitchB] link-aggregation group 2 mode manual

[SwitchB] link-aggregation group 2 service-type tunnel

[SwitchB] interface GigabitEthernet 3/1/2

[SwitchB-GigabitEthernet3/1/2] stp disable

[SwitchB-GigabitEthernet3/1/2] port link-aggregation group 2

[SwitchB-GigabitEthernet3/1/2] quit

#Configure an IPv6 manually configured tunnel.

[SwitchB] interface tunnel0/0/1

[SwitchB-Tunnel0/0/1] ipv6 address 3001::2 64

[SwitchB-Tunnel0/0/1] source vlan-interface 12

[SwitchB-Tunnel0/0/1] destination 192.168.100.1

[SwitchB-Tunnel0/0/1] tunnel-protocol ipv6-ipv4

# Reference link aggregation group 2 and enable expedite termination in tunnel interface view

[SwitchB] interface tunnel 0/0/1

[SwitchB-Tunnel0/0/1] aggregation-group 2

[SwitchB-Tunnel0/0/1] expediting enable

[SwitchB-Tunnel0/0/1] quit

# Configure a static from the interface Tunnel0/0/1 of Switch B to Switch A.

[SwitchB] ipv6 route-static 1::0 64 tunnel 0/0/1

IV. Configuration verification

After the above configurations, you can successfully ping the IPv6 address of the peer tunnel interface from one switch.

1.4  Configuring Automatic IPv4-Compatible IPv6 Tunnel

1.4.1  Configuration Prerequisites

IP addresses are configured for interfaces such as VLAN interface and Loopback interface on the device so that they can communicate. These interfaces serve as the source interface of the virtual tunnel interface to ensure that the tunnel destination address is reachable.

1.4.2  Configuration Procedure

Follow these steps to configure an automatic IPv4-compatible IPv6 tunnel:

To do…		Use the command…	Remarks
Enter system view		system-view	—
Enable the IPv6 packet forwarding function		ipv6	Required By default, the IPv6 packet forwarding function is disabled.
Create a tunnel interface and enter tunnel interface view		interface tunnel number	Required By default, there is no tunnel interface on the device.
Configure an IPv6 address for the tunnel interface	Configure an IPv6 global unicast address or site-local address	ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }	Required Use either command. By default, no IPv6 global unicast address or site-local address is configured for the tunnel interface.
		ipv6 address ipv6-address/prefix-length eui-64
	Configure an IPv6 link-local address	ipv6 address auto link-local	Optional By default, a link-local address will automatically be generated when an IPv6 global unicast or site-local address is configured for the interface.
		ipv6 address ipv6-address link-local
Configure an automatic IPv4-compatible IPv6 tunnel		tunnel-protocol ipv6-ipv4 auto-tunnel	Required By default, the tunnel is a GRE tunnel. The same tunnel type should be configured at both ends of the tunnel. Otherwise, packet delivery will fail.
Configure a source address for the tunnel		source { ip-address | ipv6-address | interface-type interface-number }	Required By default, no source address or interface is configured for the tunnel.
Configure a link aggregation group ID to be referenced by the tunnel interface		aggregation-group aggregation-group-id	Required
Enable the expedite termination function		expediting enable	Optional By default, the expedite termination function is disabled.
Configure an address and mask for the expedite termination subnet		expediting subnet ip-address mask	Optional By default, no expedite termination subnet is configured for a tunnel.
Configure a tunnel interface MTU		mtu mtu-size	Optional

 

 

 

1.4.3  Configuration Example

I. Network requirements

Between Switch A and Switch B is an IPv4 network. It is required that an IPv6 connection be established through an automatic IPv4-compatible IPv6 tunnel between the two dual-stack switches.

II. Network diagram

Figure 1-6 Network diagram for an automatic IPv4-compatible IPv6 tunnel

III. Configuration procedure

The following example shows how to configure an automatic IPv4-compatible IPv6 tunnel between Switch A and Switch B. No address needs to be specified for the tunnel destination because the tunnel destination address can automatically be obtained from the IPv4 address embedded in the IPv4-compatible IPv6 address.

1)         Configure Switch A

# Enable the IPv6 forwarding function.

<SwitchA> system-view

[SwitchA] ipv6

# Configure an IPv4 address for the interface VLAN-interface 12.

[SwitchA] vlan 12

[SwitchA-vlan12] port GigabitEthernet3/1/1

[SwitchA-vlan12] quit

[SwitchA] interface Vlan-interface 12

[SwitchA-Vlan-interface 12] ip address 2.1.1.1 255.0.0.0

[SwitchA-Vlan-interface 12] quit

# Configure an automatic IPv4-compatible IPv6 tunnel.

[SwitchA] interface tunnel 0/0/1

[SwitchA-Tunnel0/0/1] ipv6 address ::2.1.1.1/96

[SwitchA-Tunnel0/0/1] source Vlan-interface 12

[SwitchA-Tunnel0/0/1] tunnel-protocol ipv6-ipv4 auto-tunnel

# Configure a link aggregation group and set the service type to tunnel.

[SwitchA] link-aggregation group 1 mode manual

[SwitchA] link-aggregation group 1 service-type tunnel

[SwitchA] interface GigabitEthernet 3/1/2

[SwitchA-GigabitEthernet3/1/2] stp disable

[SwitchA-GigabitEthernet3/1/2] port link-aggregation group 1

[SwitchA-GigabitEthernet3/1/2] quit

# Reference link aggregation group 1 and enable expedite termination in tunnel interface view.

[SwitchA] interface tunnel 0/0/1

[SwitchA-Tunnel0/0/1] aggregation-group 1

[SwitchA-Tunnel0/0/1] expediting enable

[SwitchA-Tunnel0/0/1] expediting subnet 2.1.1.0 255.0.0.0

[SwitchA-Tunnel0/0/1] quit

2)         Configure Switch B

# Enable the IPv6 forwarding function.

<SwitchB> system-view

[SwitchB] ipv6

# Configure an IPv4 address for the interface VLAN-interface 12.

[SwitchB] vlan 12

[SwitchB-vlan12] port GigabitEthernet 3/1/1

[SwitchB] interface Vlan-interface 12

[SwitchB-GigabitEthernet3/1/1] ip address 2.1.1.2 255.0.0.0

[SwitchB-GigabitEthernet3/1/1] quit

# Configure an automatic IPv4-compatible IPv6 tunnel.

[SwitchB] interface tunnel 0/0/1

[SwitchB-Tunnel0/0/1] ipv6 address ::2.1.1.2/96

[SwitchB-Tunnel0/0/1] source Vlan-interface 12

[SwitchB-Tunnel0/0/1] tunnel-protocol ipv6-ipv4 auto-tunnel

# Configure a link aggregation group and set the service type to tunnel.

[SwitchB] link-aggregation group 1 mode manual

[SwitchB] link-aggregation group 1 service-type tunnel

[SwitchB] interface GigabitEthernet 3/1/2

[SwitchB-GigabitEthernet3/1/2] stp disable

[SwitchB-GigabitEthernet3/1/2] port link-aggregation group 1

[SwitchB-GigabitEthernet3/1/2] quit

# Reference link aggregation group 1 and enable expedite termination in tunnel interface view.

[SwitchB] interface tunnel 0/0/1

[SwitchB]-Tunnel0/0/1] aggregation-group 1

[SwitchB-Tunnel0/0/1] expediting enable

[SwitchB-Tunnel0/0/1] expediting subnet 2.1.1.0 255.0.0.0

[SwitchB-Tunnel0/0/1] quit

IV. Configuration verification

After the above configurations, you can successfully ping the IPv4-compatible IPv6 address of the peer tunnel interface from one switch.

1.5  Configuring 6to4 Tunnel

1.5.1  Configuration Prerequisites

IP addresses are configured for interfaces such as VLAN interface and Loopback interface on the device so that they can communicate. These interfaces serve as the source interface of the virtual tunnel interface to ensure that the tunnel destination address is reachable.

1.5.2  Configuration Procedure

Follow these steps to configure a 6to4 tunnel:

To do…		Use the command…	Remarks
Enter system view		system-view	—
Enable the IPv6 packet forwarding function		ipv6	Required By default, the IPv6 packet forwarding function is disabled.
Create a tunnel interface and enter tunnel interface view		interface tunnel number	Required By default, there is no tunnel interface on the device.
Configure an IPv6 address for the tunnel interface	Configure an IPv6 global unicast address or site-local address	ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }	Required. Use either command. By default, no IPv6 global unicast address or site-local address is configured for the tunnel interface.
		ipv6 address ipv6-address/prefix-length eui-64
	Configure an IPv6 link-local address	ipv6 address auto link-local	Optional By default, a link-local address will automatically be generated when an IPv6 global unicast address or site-local address is configured.
		ipv6 address ipv6-address link-local
Set a 6to4 tunnel		tunnel-protocol ipv6-ipv4 6to4	Required By default, the tunnel is a GRE tunnel. The same tunnel type should be configured at both ends of the tunnel. Otherwise, packet delivery will fail.
Configure a source address for the tunnel		source { ip-address | ipv6-address | interface-type interface-number }	Required By default, no source address or interface is configured for the tunnel.
Configure a link aggregation group ID to be referenced by the tunnel interface		aggregation-group aggregation-group-id	Required
Enable the expedite termination function		expediting enable	Optional By default, the expedite termination function is disabled.
Configure an address and mask for the expedite termination subnet		expediting subnet ip-address mask	Optional By default, no expedite termination subnet is configured for a tunnel.
Configure the tunnel interface MTU		mtu mtu-size	Optional

 

 

 

1.5.3  Configuration Example

I. Network requirements

Isolated IPv6 domains are interconnected through a 6to4 tunnel established in the IPv4 network.

II. Network diagram

Figure 1-7 Network diagram for a 6to4 tunnel

III. Configuration procedure

The following example shows how to configure a 6to4 tunnel between border switches on isolated IPv6 networks. After the IPv4 address 2.1.1.1 is converted into an IPv6 address, the address prefix is 2002:0201:0101::/64. The configured static route directs all traffic destined for the IPv6 address with the prefix 2002::/16 to the tunnel interface of the 6to4 tunnel.

1)         Configure Switch A

# Enable the IPv6 forwarding function.

<SwitchA> system-view

[SwitchA] ipv6

# Configure an IPv4 address for the interface VLAN-interface 100.

[SwitchA] vlan 100

[SwitchA-vlan100] port GigabitEthernet 1/1/1

[SwitchA-vlan100] quit

[SwitchA] interface vlan-interface 100

[SwitchA-Vlan-interface100] ip address 2.1.1.1 24

[SwitchA-Vlan-interface100] quit

# Configure a route from the interface VLAN-interface 100 to the interface VLAN-interface 100 of Switch B. (Here the next-hop address of the static route is represented by [nexthop]. In practice, you should configure the real next-hop address according to the network.)

[SwitchA] ip route-static 5.1.1.1 24 [nexthop]

# Configure an IPv6 address for the interface VLAN-interface 101.

[SwitchA] vlan 101

[SwitchA-vlan101] port GigabitEthernet 1/1/2

[SwitchA-vlan101] quit

[SwitchA] interface vlan-interface 101

[SwitchA-Vlan-interface101] ipv6 address 2002:0201:0101:1::1/64

[SwitchA-Vlan-interface101] quit

# Configure a 6to4 tunnel.

[SwitchA] interface tunnel 0/0/1

[SwitchA-Tunnel0/0/1] ipv6 address 2002:201:101::1 64

[SwitchA-Tunnel0/0/1] source vlan-interface 100

[SwitchA-Tunnel0/0/1] tunnel-protocol ipv6-ipv4 6to4

[SwitchA-Tunnel0/0/1] quit

# Configure a link aggregation group and set the service type to tunnel.

[SwitchA] link-aggregation group 1 mode manual

[SwitchA] link-aggregation group 1 service-type tunnel

[SwitchA] interface GigabitEthernet 1/1/3

[SwitchA-GigabitEthernet1/1/3] stp disable

[SwitchA-GigabitEthernet1/1/3] port link-aggregation group 1

[SwitchA-GigabitEthernet1/1/3] quit

# Reference link aggregation group 1 and enable expedite termination in tunnel interface view.

[SwitchA] interface tunnel 0/0/1

[SwitchA-Tunnel0/0/1] aggregation-group 1

[SwitchA-Tunnel0/0/1] expediting enable

[SwitchA-Tunnel0/0/1] expediting subnet 5.1.1.0 255.0.0.0

[SwitchA-Tunnel0/0/1] quit

# Configure a static route whose destination address is 2002::/16 and next-hop is the tunnel interface.

[SwitchA] ipv6 route-static 2002:: 16 tunnel 0/0/1

2)         Configure Switch B

# Enable the IPv6 forwarding function.

<SwitchB> system-view

[SwitchB] ipv6

# Configure an IPv4 address for the interface VLAN-interface 100.

[SwitchB] vlan 100

[SwitchB-vlan100] port GigabitEthernet 1/1/1

[SwitchB-vlan100] quit

[SwitchB] interface vlan-interface 100

[SwitchB-Vlan-interface100] ip address 5.1.1.1 24

[SwitchB-Vlan-interface100] quit

# Configure a route from the interface VLAN-interface 100 to the interface VLAN-interface 100 of Switch A. (Here the next-hop address of the static route is represented by [nexthop]. In practice, you should configure the real next-hop address according to the network.)

[SwitchB] ip route-static 2.1.1.1 24 [nexthop]

# Configure an IPv6 address for the interface VLAN-interface 101.

[SwitchB] vlan 101

[SwitchB-vlan101] port GigabitEthernet 1/1/2

[SwitchB-vlan101] quit

[SwitchB] interface vlan-interface 101

[SwitchB-Vlan-interface101] ipv6 address 2002:0501:0101:1::1/64

[SwitchB-Vlan-interface101] quit

# Configure a 6to4 tunnel.

[SwitchB] interface tunnel0/0/1

[SwitchB-Tunnel0/0/1] ipv6 address 2002:0501:0101::1 64

[SwitchB-Tunnel0/0/1] source vlan-interface 100

[SwitchB-Tunnel0/0/1] tunnel-protocol ipv6-ipv4 6to4

[SwitchB-Tunnel0/0/1] quit

# Configure a link aggregation group and set the service type to tunnel.

[SwitchB] link-aggregation group 1 mode manual

[SwitchB] link-aggregation group 1 service-type tunnel

[SwitchB] interface GigabitEthernet 1/1/3

[SwitchB-GigabitEthernet1/1/3] stp disable

[SwitchB-GigabitEthernet1/1/3] port link-aggregation group 1

[SwitchB-GigabitEthernet1/1/3] quit

# Reference link aggregation group 1 and enable expedite termination in tunnel interface view.

[SwitchB] interface tunnel 0/0/1

[SwitchB-Tunnel0/0/1] aggregation-group 1

[SwitchB-Tunnel0/0/1] expediting enable

[SwitchB-Tunnel0/0/1] expediting subnet 2.1.1.0 255.0.0.0

[SwitchB-Tunnel0/0/1] quit

# Configure a static route whose destination address is 2002::/16 and the next hop is the tunnel interface.

[SwitchB] ipv6 route-static 2002:: 16 tunnel0

IV. Configuration verification

After the above configuration, you can successfully ping Host B from Host A or ping Host A from Host B.

1.6  Configuring 6to4 Relay

1.6.1  Configuration Prerequisites

An interface, such as a VLAN or loopback interface that will serve as the source interface of a tunnel, must have an IP address configured

Make sure that a 6to4 tunnel has been established between the devices over an IPv4 network.

 

 

1.6.2  Configuring 6to4 Relay

Follow these steps to configure 6to4 relay:

To do…	Use the command…	Remarks
Configure a static 6to4 relay route to an IPv6 network	ipv6 route-static ipv6-address prefix-length nexthop-address	Required

 

 

1.6.3  Configuration Example

I. Network requirements

IPv6 networks (Site 1 and Site 2) are isolated by an IPv4 network. To make the two sites communicate through Switch A and Switch B, establish a 6to4 tunnel between the two switches, and configure default 6to4 relay routes to each other. Then, all IPv6 packets exchanged between Site 1 and Site 2 are forwarded through the 6to4 tunnel over the IPv4 network.

II. Network diagram

Figure 1-8 Network diagram for 6to4 relay

III. Configuration procedure

1)         Configure Switch A

# Enable the IPv6 forwarding function.

<SwitchA> system-view

[SwitchA] ipv6

# Configure an IPv4 address for the interface VLAN-interface 2001.

[SwitchA] vlan 2001

[SwitchA-vlan2001] port GigabitEthernet 4/1/1

[SwitchA-vlan2001] interface vlan-interface 2001

[SwitchA-Vlan-interface2001] ip address 11.0.0.2 24

[SwitchA-Vlan-interface2001] quit

# Configure a static route to the interface VLAN-interface 2003 of Switch B. (Here the next-hop address of the static route is represented by [nexthop]. In practice, you should configure the actual next-hop address.)

[SwitchA] ip route-static 13.0.0.0 24 [nexthop]

# Configure an IPv6 address for the interface VLAN-interface 101.

[SwitchA] vlan 101

[SwitchA-vlan101] port GigabitEthernet 4/1/5

[SwitchA-vlan101] interface vlan-interface 101

[SwitchA-Vlan-interface101] ipv6 address 2001:1::101 32

[SwitchA-Vlan-interface101] quit

# Configure a 6to4 tunnel.

[SwitchA] interface tunnel 4/0/0

[SwitchA-Tunnel4/0/0] ipv6 address 2002:b00:2:2::2 64

[SwitchA-Tunnel4/0/0] source vlan-interface 2001

[SwitchA-Tunnel4/0/0] tunnel-protocol ipv6-ipv4 6to4

[SwitchA-Tunnel4/0/0] quit

# Configure a link aggregation group and set the service type to tunnel.

[SwitchA] link-aggregation group 1 mode manual

[SwitchA] link-aggregation group 1 service-type tunnel

[SwitchA] interface GigabitEthernet 4/1/24

[SwitchA-GigabitEthernet4/1/24] stp disable

[SwitchA-GigabitEthernet4/1/24] port link-aggregation group 1

[SwitchA-GigabitEthernet4/1/24] quit

# Reference link aggregation group 1 in tunnel interface view.

[SwitchA] interface tunnel 4/0/0

[SwitchA-Tunnel4/0/0] aggregation-group 1

# Configure a static route whose destination address is 2002:d00:2:2::/64 and next-hop is the tunnel interface.

[SwitchA] ipv6 route-static 2002:d00:2:2:: 64 tunnel 4/0/0

# Configure a default 6to4 relay route whose next-hop is the IPv6 address of the peer tunnel interface.

[SwitchA] ipv6 route-static :: 0 2002:d00:2:2::2

2)         Configure Switch B

# Enable the IPv6 forwarding function.

<SwitchB> system-view

[SwitchB] ipv6

# Configure an IPv4 address for the interface VLAN-interface 2003.

[SwitchB] vlan 2003

[SwitchB-vlan2003] port GigabitEthernet 4/1/1

[SwitchB] interface vlan-interface 2003

[SwitchB-Vlan-interface2003] ip address 13.0.0.2 24

[SwitchB-Vlan-interface2003] quit

# Configure a route to the interface VLAN-interface 2001 of Switch A. (Here the next-hop address of the static route is represented by [nexthop]. In practice, you should configure the actual next-hop address.)

[SwitchB] ip route-static 11.0.0.0 24 [nexthop]

# Configure an IPv6 address for the interface VLAN-interface 102.

[SwitchB] vlan 102

[SwitchB-vlan102] port GigabitEthernet 4/1/5

[SwitchB] interface vlan-interface 102

[SwitchB-Vlan-interface102] ipv6 address 2001:2::102 32

[SwitchB-Vlan-interface102] quit

# Configure a 6to4 tunnel.

[SwitchB] interface tunnel4/0/0

[SwitchB-Tunnel4/0/0] ipv6 address 2002:d00:2:2::2 64

[SwitchB-Tunnel4/0/0] source vlan-interface 2003

[SwitchB-Tunnel4/0/0] tunnel-protocol ipv6-ipv4 6to4

[SwitchB-Tunnel4/0/0] quit

# Configure a link aggregation group and set the service type to tunnel.

[SwitchB] link-aggregation group 1 mode manual

[SwitchB] link-aggregation group 1 service-type tunnel

[SwitchB] interface GigabitEthernet 4/1/48

[SwitchB-GigabitEthernet4/1/48] stp disable

[SwitchB-GigabitEthernet4/1/48] port link-aggregation group 1

[SwitchB-GigabitEthernet4/1/48] quit

# Reference link aggregation group 1 in tunnel interface view.

[SwitchB] interface tunnel 4/0/0

[SwitchB-Tunnel4/0/0] aggregation-group 1

# Configure a static route whose destination address is 2002:b00:2:2::/64 and next-hop is the tunnel interface.

[SwitchB] ipv6 route-static 2002:b00:2:2:: 64 tunnel4/0/0

# Configure a default 6to4 relay route whose next-hop is the IPv6 address of the peer 6to4 tunnel interface.

[SwitchB] ipv6 route-static :: 0 2002:b00:2:2::2

1.7  Configuring ISATAP Tunnel

1.7.1  Configuration Prerequisites

IP addresses are configured for interfaces such as VLAN interface and Loopback interface on the device so that they can communicate. These interfaces serve as the source interface of the virtual tunnel interface to ensure that the tunnel destination address is reachable.

1.7.2  Configuration Procedure

Follow these steps to configure an ISATAP tunnel:

To do…		Use the command…	Remarks
Enter system view		system-view	—
Enable the IPv6 packet forwarding function		ipv6	Required By default, the IPv6 forwarding function is disabled.
Create a tunnel interface and enter tunnel interface view		interface tunnel number	Required By default, there is no tunnel interface on the device.
Configure an IPv6 address for the tunnel interface	Configure an IPv6 global unicast address or site-local address	ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }	Required. Use either command. By default, no IPv6 global unicast address or site-local address is configured for the tunnel interface.
		ipv6 address ipv6-address/prefix-length eui-64
	Configure an IPv6 link-local address	ipv6 address auto link-local	Optional By default, a link-local address will automatically be generated when an IPv6 global unicast address or link-local address is configured.
		ipv6 address ipv6-address link-local
Set the tunnel to an ISATAP tunnel		tunnel-protocol ipv6-ipv4 isatap	Required By default, the tunnel is a GRE tunnel. The same tunnel type should be configured at both ends of the tunnel. Otherwise, packet delivery will fail.
Configure a source address or source interface for the tunnel		source { ip-address | ipv6-address | interface-type interface-number }	Required By default, no source address or interface is configured for the tunnel.
Configure a link aggregation group ID to be referenced by the tunnel interface		aggregation-group aggregation-group-id	Required
Enable the expedite termination function		expediting enable	Optional By default, the expedite termination function is disabled.
Configure an address and mask for the expedite termination subnet		expediting subnet ip-address mask	Optional By default, no expedite termination subnet is configured for a tunnel.
Configure the tunnel interface MTU		mtu mtu-size	Optional

 

 

 

1.7.3  Configuration Example

I. Network requirements

The destination address of a tunnel is an ISATAP address. It is required that IPv6 hosts in the IPv4 network can access the IPv6 network via an ISATAP tunnel.

II. Network diagram

Figure 1-9 Network diagram for an ISATAP tunnel

III. Configuration procedure

The following example shows how to configure an ISATAP tunnel between the switch and the ISATAP host, which allows a separate ISATAP host to access the IPv6 network.

1)         Configure the switch

# Enable the IPv6 forwarding function.

<Switch> system-view

[Switch] ipv6

# Configure addresses for interfaces.

[Switch] vlan 100

[Switch-vlan100] port GigabitEthernet 1/1/1

[Switch-vlan100] quit

[Switch] interface vlan-interface 100

[Switch-Vlan-interface100] ipv6 address 3001::1/64

[Switch-Vlan-interface100] quit

[Switch] vlan 101

[Switch-vlan101] port GigabitEthernet 1/1/2

[Switch-vlan101] quit

[Switch] interface vlan-interface 101

[Switch-Vlan-interface101] ip address 2.1.1.1 255.0.0.0

[Switch-Vlan-interface101] quit

# Configure a link aggregation group and set the service type to tunnel.

[Switch] link-aggregation group 1 mode manual

[Switch] link-aggregation group 1 service-type tunnel

[Switch] interface GigabitEthernet 1/1/3

[Switch-GigabitEthernet1/1/3] stp disable

[Switch-GigabitEthernet1/1/3] port link-aggregation group 1

[Switch-GigabitEthernet1/1/3] quit

# Reference link aggregation group 1 and enable expedite termination in tunnel interface view.

[Switch] interface tunnel 2/0/1

[Switch-Tunnel2/0/1] aggregation-group 1

[Switch-Tunnel2/0/1] expediting enable

[Switch-Tunnel2/0/1] quit

# Configure an ISATAP tunnel.

[Switch] interface tunnel 2/0/1

[Switch-Tunnel2/0/1] ipv6 address 2001::5efe:0201:0101 64

[Switch-Tunnel2/0/1] source vlan-interface 101

[Switch-Tunnel2/0/1] tunnel-protocol ipv6-ipv4 isatap

[Switch-Tunnel2/0/1] expediting enable

[Switch-Tunnel2/0/1] expediting subnet 2.1.1.0  255.255.255.0

# Disable the RA suppression so that hosts can acquire information such as the address prefix from the RA message released by the ISATAP switch.

[Switch-Tunnel2/0/1] undo ipv6 nd ra halt

2)         Configure the ISATAP host

The specific configuration on the ISATAP host is related to its operating system. The following example shows the configuration of the host running the Windows XP.

# On a Windows XP-based host, the ISATAP interface is usually interface 2. Configure an IPv4 address for the ISATAP router to complete the configuration on the host. The ISATAP interface information is as follows:

C:\>ipv6 if 2

Interface 2: Automatic Tunneling Pseudo-Interface

{48FCE3FC-EC30-E50E-F1A7-71172AEEE3AE}

does not use Neighbor Discovery

does not use Router Discovery

routing preference 1

EUI-64 embedded IPv4 address: 0.0.0.0

router link-layer address: 0.0.0.0

preferred link-local fe80::5efe:2.1.1.2, life infinite

link MTU 1280 (true link MTU 65515)

current hop limit 128

reachable time 42500ms (base 30000ms)

retransmission interval 1000ms

DAD transmits 0

# A link-local address (fe80::5efe:2.1.1.2) in the ISATAP format is automatically generated for the ISATAP interface. Configure an IPv4 address for the ISATAP switch on the ISATAP interface.

C:\>ipv6 rlu 2 2.1.1.1

# After carrying out the above command, look at the information on the ISATAP interface.

C:\>ipv6 if 2

Interface 2: Automatic Tunneling Pseudo-Interface

{48FCE3FC-EC30-E50E-F1A7-71172AEEE3AE}

does not use Neighbor Discovery

uses Router Discovery

routing preference 1

EUI-64 embedded IPv4 address: 2.1.1.2

router link-layer address: 2.1.1.1

preferred global 2001::5efe:2.1.1.2, life 29d23h59m46s/6d23h59m46s (public)

preferred link-local fe80::5efe:2.1.1.2, life infinite

link MTU 1500 (true link MTU 65515)

current hop limit 255

reachable time 42500ms (base 30000ms)

retransmission interval 1000ms

DAD transmits 0

# By comparison, it is found that the host acquires the address prefix 2001::/64 and automatically generates the address 2001::5efe:2.1.1.2. Meanwhile, “uses Router Discovery” is displayed, indicating that the switch discovery function is enabled on the host. At this time, ping the IPv6 address of the tunnel interface of the switch. If the address is successfully pinged, an ISATAP tunnel is established.

# Configure a static route to the IPv6 host.

C:\>ipv6 rtu 3000::/64 2/2001::5efe:2.1.1.1

IV. Configuration verification

After the above configurations, the ISATAP host can access hosts in the IPV6 network.

1.8  Configuring IPv4 over IPv4 Tunnel

1.8.1  Configuration Prerequisites

IP addresses are configured for interfaces such as VLAN interface and Loopback interface on the device so that they can communicate. These interfaces serve as the source interface of the virtual tunnel interface to ensure that the tunnel destination address is reachable.

1.8.2  Configuration Procedure

Follow these steps to configure an IPv4 over IPv4 tunnel:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Create a tunnel interface and enter tunnel interface view	interface tunnel number	Required By default, there is no tunnel interface on the device.
Configure an IPv4 address for the tunnel interface	ip address ip-address { mask | mask-length } [ sub ]	Required By default, no IPv4 address is configured for the tunnel interface.
Set the tunnel to an IPv4 over IPv4 tunnel	tunnel-protocol ipv4-ipv4	Optional By default, the tunnel is a GRE tunnel. The same tunnel type should be configured at both ends of the tunnel. Otherwise, packet delivery will fail.
Configure a source address or source interface for the tunnel	source { ip-address | ipv6-address | interface-type interface-number }	Required By default, no source address or interface is configured for the tunnel.
Configure a destination address for the tunnel	destination ip-address	Required By default, no destination address is configured for the tunnel.
Configure a link aggregation group ID to be referenced by the tunnel interface	aggregation-group aggregation-group-id	Required

 

 

1.8.3  Configuration Example

I. Network requirements

The two subnets Group 1 and Group 2 running IPv4 are interconnected via an IPv4 over IPv4 tunnel between Switch A and Switch B.

II. Network diagram

Figure 1-10 Network diagram for an IPv4 over IPv4 tunnel

III. Configuration procedure

1)         Configure Switch A

# Configure an IPv4 address for the interface VLAN-interface 100.

<SwitchA> system-view

[SwitchA] vlan 100

[SwitchA-vlan100] port GigabitEthernet 1/1/1

[SwitchA-vlan100] quit

[SwitchA] interface vlan-interface 100

[SwitchA-Vlan-interface100] ip address 10.1.1.1 255.255.255.0

[SwitchA-Vlan-interface100] quit

# Configure an IPv4 address for the interface VLAN-interface 101 (the physical interface of the tunnel).

[SwitchA] vlan 101

[SwitchA-vlan101] port GigabitEthernet 1/1/2

[SwitchA-vlan101] quit

[SwitchA] interface vlan-interface 101

[SwitchA-Vlan-interface101] ip address 192.13.2.1 255.255.255.0

[SwitchA-Vlan-interface101] quit

# Create the interface Tunnel 1/0/0.

[SwitchA] interface tunnel 1/0/0

# Configure an IPv4 address for the interface Tunnel 1/0/0.

[SwitchA-Tunnel1/0/0] ip address 10.1.2.1 255.255.255.0

# Configure the tunnel encapsulation mode.

[SwitchA-Tunnel1/0/0] tunnel-protocol ipv4-ipv4

# Configure a source address for the interface Tunnel 1/0/0.

[SwitchA-Tunnel1/0/0] source 192.13.2.1

# Configure a source address for the interface Tunnel 1/0/0 (IP address of the interface VLAN-interface 101 of Switch B).

[SwitchA-Tunnel1/0/0] destination 131.108.5.2

# Configure a link aggregation group and set the service type to tunnel.

[SwitchA] link-aggregation group 1 mode manual

[SwitchA] link-aggregation group 1 service-type tunnel

[SwitchA] interface GigabitEthernet 1/1/3

[SwitchA-GigabitEthernet1/1/3] stp disable

[SwitchA-GigabitEthernet1/1/3] port link-aggregation group 1

[SwitchA-GigabitEthernet1/1/3] quit

# Reference link aggregation group 1 in tunnel interface view.

[SwitchA] interface tunnel 1/0/0

[SwitchA-Tunnel1/0/0] aggregation-group 1

[SwitchA-Tunnel1/0/0] quit

# Configure a static route from Switch A through the interface Tunnel 1/0/0 to Group 2.

[SwitchA] ip route-static 10.1.3.0 255.255.255.0 tunnel 1

2)         Configure Switch B.

# Configure an IPv4 address for the interface VLAN-interface 100.

<SwitchB> system-view

[SwitchB] vlan 100

[SwitchB-vlan100] port ethernet 1/1/1

[SwitchB-vlan100] quit

[SwitchB] interface vlan-interface 100

[SwitchB-Vlan-interface100] ip address 10.1.3.1 255.255.255.0

[SwitchB-Vlan-interface100] quit

# Configure an IPv4 address for the interface VLAN-interface 101 (the physical interface of the tunnel).

[SwitchB] vlan 101

[SwitchB-vlan101] port ethernet 1/1/2

[SwitchB-vlan101] quit

[SwitchB] interface vlan-interface 101

[SwitchB-Vlan-interface101] ip address 131.108.5.2 255.255.255.0

[SwitchB-Vlan-interface101] quit

# Create the interface Tunnel 2/0/0.

[SwitchB] interface tunnel 2/0/0

# Configure an IPv4 address for the interface Tunnel 2/0/0.

[SwitchB-Tunnel2/0/0] ip address 10.1.2.2 255.255.255.0

# Configure the tunnel encapsulation mode.

[SwitchB-Tunnel2/0/0] tunnel-protocol ipv4-ipv4

# Configure the source address for the interface Tunnel 2/0/0.

[SwitchB-Tunnel2/0/0] source 131.108.5.2

# Configure the destination address for the interface Tunnel 2/0/0 (IP address of the interface VLAN-interface 100 of Switch A).

[SwitchB-Tunnel2/0/0] destination 192.13.2.1

# Configure a link aggregation group and set the service type to tunnel.

[SwitchB] link-aggregation group 1 mode manual

[SwitchB] link-aggregation group 1 service-type tunnel

[SwitchB] interface GigabitEthernet 1/1/3

[SwitchB-GigabitEthernet1/1/3] stp disable

[SwitchB-GigabitEthernet1/1/3] port link-aggregation group 1

[SwitchB-GigabitEthernet1/1/3] quit

# Reference link aggregation group 1 in tunnel interface view.

[SwitchB] interface tunnel 2/0/0

[SwitchB-Tunnel2/0/0] aggregation-group 1

[SwitchB-Tunnel2/0/0] quit

# Configure a static route from Switch B through the interface Tunnel 2/0/0 to Group 1.

[SwitchB] ip route-static 10.1.1.0 255.255.255.0 tunnel 2/0/0

IV. Configuration verification

After the above configuration, you can successfully ping the address of the access interface of the peer IPv4 group from one switch.

1.9  Configuring Tunnel Hybrid Insertion

1.9.1  Configuration Prerequisites

IP addresses are configured for interfaces such as VLAN interface and Loopback interface on the device so that they can communicate. These interfaces serve as the source interface of the virtual tunnel interface to ensure that the tunnel destination address is reachable.

1.9.2  Configuration Procedure

Follow these steps to configure tunnel hybrid insertion:

To do…		Use the command…	Remarks
Enter system view		system-view	—
Enable the IPv6 packet forwarding function		ipv6	Required By default, the IPv6 packet forwarding function is disabled.
Create a tunnel interface and enter tunnel interface view		interface tunnel number	Required By default, there is no tunnel interface on the device.
Configure an IPv6 address for the tunnel interface	Configure an IPv6 global unicast address or site-local address	ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }	Use any command
		ipv6 address ipv6-address/prefix-length eui-64
	Configure a link-local address	ipv6 address auto link-local
		ipv6 address ipv6-address link-local
Configure the source address or source interface of the tunnel interface		source { ip-address | ipv6-address | interface-type interface-number }	Required By default, no source address or interface is configured for the tunnel interface.
Create an ACL and enter ACL view		acl number acl-number [ match-order { config | auto } ]	Required
Define a ACL rule		rule [ rule-id ] { permit | deny } protocol [ rule-string ]	Required
Define a class and enter class view		traffic classifier tcl-name [ operator { and | or } ]	Required
Define the packet matching rule		if-match [ not ] match-criteria	Required
Define a traffic behavior and enter traffic behavior view		traffic behavior behavior-name	Required
Configure the traffic redirection action for the traffic behavior		redirect { cpu | interface interface-type interface-number | link-aggregation group aggregation-group-id | next-hop { ipv4-add [ ipv4-add ] | ipv6-add [ interface-type interface-number ] [ ipv6-add [ interface-type interface-number ] ] } }	Required
Configure a service loopback group ID to be referenced by the tunnel interface		aggregation-group aggregation-group-id	Required
Enable the expedite termination function		expediting enable	Optional By default, the expedite termination function is disabled.

 

 

1.9.3  Configuration Example

I. Network requirement

l           Switch A and Switch B are configured with IPv6 cards and IPv4 cards. In this example, the tunnel type used for networking is an IPv6 manually configured tunnel, on which the RIPng routing protocol is enabled.

l           IPv6 packets (destination IPv6 address is 6666::6) enter the tunnel from the IPv6-supporting interface on Switch A. After encapsulation, the packets are turned into IPv6 over IPv4 tunnel packets.

l           IPv6 over IPv4 tunnel packets are sent to the IPv4 network through the port that supports IPv4 only.

l           After passing through the IPv4 network, tunnel packets enter the destination dual-stack node, Switch B, through the port that supports IPv4 only.

l           On Switch B, the ACL is used to redirect tunnel packets from IPv4 cards to the link aggregation group, whose service type is tunnel. This link aggregation group is established over IPv6 cards.

l           After expedite termination on IPv6 cards, tunnel packets are forwarded from IPv4 cards to the IPv6 network.

l           On PC A, the next hop gateway address of the route to PC B (6666::6/64) is set to 1000::1, and on PC B, the next hop gateway address of the route to PC A (1000::2/64) s is set to 6666::9.

II. Network diagram

Figure 1-11 Network diagram for tunnel hybrid insertion

III. Configuration procedure

1)         Configure Switch A.

<SwitchA> system-view# Enable the IPv6 forwarding function.

[SwitchA] ipv6

# Configure an IPv4 address for the interface VLAN-interface 12.

[SwitchA] interface Vlan-interface 12

[SwitchA-Vlan-interface12] ipv6 address 1000::1 64

[SwitchA-Vlan-interface12] quit

# Configure a link aggregation group and set the service type to tunnel.

[SwitchA] link-aggregation group 1 mode manual

[SwitchA] link-aggregation group 1 service-type tunnel

[SwitchA-GigabitEthernet4/1/1] stp disable

[SwitchA-GigabitEthernet4/1/1] port link-aggregation group 1

[SwitchA-GigabitEthernet4/1/1] quit

# Configure the tunnel source interface – VLAN-interface 10 on the IPv4 card.

[SwitchA] vlan 10

[SwitchA-vlan10] port GigabitEthernet 3/1/1

[SwitchA] interface Vlan-interface 10

[SwitchA-Vlan-interface10] ip address 1.1.1.1 24

[SwitchA-Vlan-interface10] quit

# Configure an IPv6 manually configured tunnel on the interface Tunnel 4/0/0.

[SwitchA] interface Tunnel 4/0/0

[SwitchA-Tunnel4/0/0] tunnel-protocol ipv6-ipv4

[SwitchA-Tunnel4/0/0] ipv6 address 3333::1 64

[SwitchA-Tunnel4/0/0] source Vlan-interface 10

[SwitchA-Tunnel4/0/0] destination 1.1.1.2

[SwitchA-Tunnel4/0/0] aggregation-group 1

# Enable expedite termination on the interface Tunnel 4/0/0.

[SwitchA-Tunnel4/0/0] expediting enable

[SwitchA-Tunnel4/0/0] quit

# Enable RIPng on the interface Tunnel 4/0/0.

[SwitchA] ripng

[SwitchA-ripng-1] import-route direct

[SwitchA-ripng-1] quit

[SwitchA] interface Tunnel 4/0/0

[SwitchA-Tunnel4/0/0] ripng 1 enable

# Configure an ACL and redirect the tunnel packets that come from the IPv4 cards and should be terminated to IPv6 cards. The protocol number of IPv6 over IPv4 tunnel packets is 41.

[SwitchA] acl number 3000

[SwitchA-acl-adv-3000] rule permit 41

[SwitchA-acl-adv-3000] quit

[SwitchA] traffic classifier 1

[SwitchA-classifier-1] if-match acl 3000

[SwitchA-classifier-1] quit

[SwitchA] traffic behavior 1

[SwitchA-behavior-1] redirect link-aggregation group 1

[SwitchA] qos policy 1

[SwitchA-qospolicy-1] classifier 1 behavior 1

[SwitchA-qospolicy-1] quit

[SwitchA] qos vlan-policy 1 vlan 10 inbound

2)         Configure Switch B.

# Enable IPv6 globally.

[SwitchB] ipv6

# Configure the tunnel destination address on the interface Tunnel 3/0/0.

[SwitchB] vlan 10

[SwitchB-vlan10] port GigabitEthernet 2/1/1

[SwitchB-vlan10] quit

[SwitchB] interface Vlan-interface 10

[SwitchB-Vlan-interface10] ip address 1.1.1.2 24

[SwitchB-Vlan-interface10] quit

# Configure a link aggregation group and set the service type to tunnel on the IPv6 card.

[SwitchB] link-aggregation group 1 mode manual

[SwitchB] link-aggregation group 1 service-type tunnel

[SwitchB] interface GigabitEthernet 3/1/2

[SwitchB-GigabitEthernet3/1/2] stp disable

[SwitchB-GigabitEthernet3/1/2] port link-aggregation group 1

[SwitchB-GigabitEthernet3/1/2] quit

# Create the tunnel interfaces.

[SwitchB] interface Tunnel 3/0/0

[SwitchB-Tunnel3/0/0] tunnel-protocol ipv6-ipv4

[SwitchB-Tunnel3/0/0] ipv6 address 3333::2 64

[SwitchB-Tunnel3/0/0] source Vlan-interface 10

[SwitchB-Tunnel3/0/0] destination 1.1.1.1 

[SwitchB-Tunnel3/0/0] aggregation-group 1

# Enable expedite termination on the interface Tunnel 3/0/0.

[SwitchB-Tunnel3/0/0] expediting enable

# Enable RIPng on the interface Tunnel 3/0/0.

[SwitchB-Tunnel3/0/0] quit

[SwitchB] ripng

[SwitchB-ripng-1] import-route direct

[SwitchB-ripng-1] quit

[SwitchB] interface Tunnel 3/0/0

[SwitchB-Tunnel3/0/0] ripng 1 enable

# Configure an ACL and redirect the tunnel packets that come from the IPv4 cards and should be terminated to IPv6 cards. The protocol number of IPv6 over IPv4 tunnel packets is 41.

[SwitchB] acl number 3000

[SwitchB-acl-adv-3000] rule permit 41

[SwitchB-acl-adv-3000] quit

[SwitchB] traffic classifier 1

[SwitchB-classifier-1] if-match acl 3000

[SwitchB-classifier-1] quit

[SwitchB] traffic behavior 1

[SwitchB-behavior-1] redirect link-aggregation group 1

[SwitchB-behavior-1] quit

[SwitchB] qos policy 1

[SwitchB-qospolicy-1] classifier 1 behavior 1

[SwitchB-qospolicy-1] quit

[SwitchB] qos vlan-policy 1 vlan 10 inbound

# Configure the outbound interface for terminated IPv6 packets.

[SwitchB] vlan 12

[SwitchB-vlan12] port GigabitEthernet 3/1/1

[SwitchB-vlan12] quit

[SwitchB] interface Vlan-interface 12

[SwitchB-Vlan-interface12] ipv6 address 6666::9 64

IV. Configuration verification

After the above configurations, you can successfully ping the IPv6 address 6666::6 of PC B from PC A or the IPv6 address 1000::2 of PC A from PC B.

1.10  Displaying and Maintaining Tunneling Configuration

To do…	Use the command…	Remarks
Display information related to a specified tunnel interface	display interface tunnel number	Available in any view
Display IPv6 information related to a specified tunnel interface	display ipv6 interface tunnel number

 

 

1.11  Troubleshooting Tunneling Configuration

Symptom: After the configuration of related parameters such as tunnel source address, tunnel destination address, and tunnel type, the tunnel interface is still not up.

Solution: Follow the steps below:

1)         The common cause is that the physical interface of the tunnel source is not up. Use the display interface tunnel or display ipv6 interface tunnel commands to view whether the physical interface of the tunnel source is up or down. If the physical interface is down, use the debugging tunnel event command in user view to view the cause. For related commands and description of debugging information, refer to Tunneling Commands.

2)         Another possible cause is that the tunnel destination is unreachable. Use the display ipv6 routing-table or display ip routing-table command to view whether the tunnel destination is reachable. If no routing entry is available for tunnel communication in the routing table, configure related routes.