IPv6 手工tunnel和自动tunnel

IPv6 手工tunnel和自动tunnel
12.2.1 IPv4向IPv6过渡理论基础
隧道技术在CCIE考试中经常涉及,所以在BGP这个章节我们增加了相关的隧道技术
双栈(ipv4和ipv6同时运行)是ipv6 tunnel的前提,所以双栈技术也是一种过渡技术。IPv6手动tunnel和自动tunnel是IPv4向IPv6过渡的重要工具
 手动tunnel把ipv6封装到IPv4包内,支持任意的路由协议
 自动tunnel(6to4 tunnel)通过计算把IPv6地址内嵌到IPv6地址,不支持动态路由协议,支持静态路由
12.2.2 实验拓扑描述
13.IPv6 手工tunnel和自动tunnel
如图11-14所示,R2和R3各自有直连地址23.1.1.x/24和环回口22.1.1.1,33.1.1.1,IPv6的直连地址为20XY::X/64比如R1的e0/1=2012::1/64,环回口为20XX::X/128,如2011::1/128
图12-2 向IPv6过渡的隧道技术
12.2.3 IPv6隧道技术实现
1、启用双栈(既运行IPv4也运行IPv6),并在R2和R3之间运行任意的IPv4路由协议
我们选择eigrp,使得两者的环回口相互可达,参考命令:
R2R2#ping 33.1.1.1 source 22.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 22.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/41/60 ms
router eigrp 100
network 22.1.1.1 0.0.0.0
network 23.1.1.2 0.0.0.0
no auto-summary

运行IPv6
R2(config)#ipv6 unicast-routing
2、建立手动tunnel,并运行路由协议
R2(config)#interface tunnel 1
R2(config-if)# tunnel source Loopback0
R2(config-if)# tunnel destination 33.1.1.1
R2(config-if)# tunnel mode ipv6ip
R2(config-if)# ipv6 address 2023::2/64
R2(config-if)# ipv6 ospf 1 area 0---赋予IPv6地址并运行动态路由协议

R3:
R3(config)#interface tunnel 1
R3(config-if)# tunnel source Loopback0
R3(config-if)# tunnel destination 22.1.1.1
R3(config-if)# tunnel mode ipv6ip
R3(config-if)# ipv6 enable
R3(config-if)# ipv6 ospf 1 area 0

同时请在R1和R4运行OSPFv3,R2连接R1的接口以及R3连接R4的接口运行OSPFv3,此步骤仅仅以R4为例,请自行完成其他:
R4(config)#ipv6 unicast-routing
R4(config)#int lo0
R4(config-if)#ip add 4.4.4.4 255.255.255.255
R4(config-if)#ipv6 address 2044::4/128
R4(config-if)#int e0/1
R4(config-if)#no shut
R4(config-if)#ipv6 address 2034::4/64
R4(config-if)#ipv6 ospf 1 area 0
R4#show ipv6 route ospf
IPv6 Routing Table - 8 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
O 2011::1/128 [110/11131]
via FE80::CE02:57FF:FE20:1, Ethernet0/1
O 2012::/64 [110/11131]
via FE80::CE02:57FF:FE20:1, Ethernet0/1
O 2023::/64 [110/22232]
via FE80::CE02:57FF:FE20:1, Ethernet0/1
R4#ping 2011::1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2011::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 108/150/216 ms
3、自动tunnel(6to4 tunnel)
自动tunnel不支持动态路由协议,不能配置tunnel的Destination,所以去掉之前相关的配置
R3(config)#int tunnel 1
R3(config-if)#no ipv6 ospf 1 area 0
R3(config-if)#no tunnel destination
R3(config-if)#tunnel mode ipv6ip 6to4---把模式改为自动tunnel
接下来需要计算tunnel的地址,该地址以2002开始,接下来的32位是十进制的ipv4地址转换为16进制的IPv6地址,R2的tunnel的IPv6地址有22.1.1.1转换而来,那麽22=16,1=01,则转换后的地址为2002:1601:0101::/64;33.1.1.1转换完之后为33=21,则最终=2002:2101:101::/64
R3(config-if)#ipv6 address 2002:2101:101::3/64
由于不支持动态路由协议,我们来写一条静态去往2002::/16位的前缀
R3(config)#ipv6 route 2002::/16 tunnel 1

R2的配置:
interface Tunnel1
no ip address
no ip redirects
ipv6 address 2002:1601:101::2/64
tunnel source Loopback0
tunnel mode ipv6ip 6to4
ipv6 route 2002::/16 tunnel 1
测试
R2#ping 2002:2101:101::3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2002:2101:101::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/37/88 ms
查看tunnel的情况:
R2#show interfaces tunnel 1
Tunnel1 is up, line protocol is up
Hardware is Tunnel
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 22.1.1.1 (Loopback0), destination UNKNOWN
Tunnel protocol/transport IPv6 6to4

Fast tunneling enabled
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
但是现在R1不能和R4通信,因为R1和R4没有对端的路由(有ospfv3的邻居)
R4#show ipv6 ospf neighbor

Neighbor ID Pri State Dead Time Interface ID Interface
33.1.1.1 1 FULL/DR 00:00:39 5 Ethernet0/1

R4#show ipv6 route
IPv6 Routing Table - 6 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
O 2033::3/128 [110/10]
via FE80::CE02:57FF:FE20:1, Ethernet0/1
C 2034::/64 [0/0]
via ::, Ethernet0/1
L 2034::4/128 [0/0]
via ::, Ethernet0/1
LC 2044::4/128 [0/0]
via ::, Loopback0
L FE80::/10 [0/0]
via ::, Null0
L FF00::/8 [0/0]
via ::, Null0
解决方案为在R2和R3上写默认路由,下一跳指向对端的隧道地址
R2(config)#ipv6 route ::/0 2002:2101:101::3

R3(config)#ipv6 route ::/0 2002:1601:101::2
如果采用OSPFv3,那么可以在R2和R3上产生一条默认路由
R3(config)#ipv6 router ospf 1
R3(config-rtr)#default-information originate always
!
R2(config)#ipv6 router ospf 1
R2(config-rtr)#default-information originate always
R4#show ipv6 route
IPv6 Routing Table - 7 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
OE2 ::/0 [110/1], tag 1
via FE80::CE02:57FF:FE20:1, Ethernet0/1
O 2033::3/128 [110/10]
via FE80::CE02:57FF:FE20:1, Ethernet0/1
C 2034::/64 [0/0]
via ::, Ethernet0/1
L 2034::4/128 [0/0]
via ::, Ethernet0/1
LC 2044::4/128 [0/0]
via ::, Loopback0
L FE80::/10 [0/0]
via ::, Null0
L FF00::/8 [0/0]
via ::, Null0
R4#ping 2011::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2011::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/66/132 ms
实验完成

上一篇:Openvswitch手册(7): Interfaces


下一篇:c – 如何通过透明代理实现SSL隧道?