cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4222
Views
5
Helpful
5
Replies

6to4 tunnel between Cisco and Linux/Windows

Steph1963
Level 1
Level 1

Hi,

I would like to know if it possible to create a 6to4 tunnels between Linux and a Cisco router. The following configuration does not seems to work

Linux A

IPv4 address 10.10.10.100

ip tunnel add tun6to4 mode sit ttl 254 remote 10.10.10.10

ip link set dev tun6to4 up
ip addr add 2002:0a0a:0a64::1 dev tun6to4
ip -6 route add 2001::/3 via ::10.10.10.10 dev tun6to4 metric 1

Cisco 6to4 tunnel configuration

interface Tunnel0

no ip address
no ip redirects
ipv6 address 2001:A0A:A0A:FFFF::1/64
tunnel source FastEthernet0/0
tunnel mode ipv6ip 6to4
!
interface FastEthernet0/0
ip address 10.10.10.10 255.255.255.0
ipv6 address 2001:A0A:A0A::1/64
!

ipv6 route 2002::/16 Tunnel0

Thanks

Stephane

1 Accepted Solution

Accepted Solutions

Seb Rupik
VIP Alumni
VIP Alumni

Hi Stephane,

If I am reading the linux/windows config correctly your v6 tunnel endpoints are in differnet endpoints. From the Cisco tunnel0 config the linux/windows config should be:

ip tunnel add tun6to4 mode sit ttl 254 remote 10.10.10.10
ip link set dev tun6to4 up
ip addr add 2001:0a0a:0a0a:ffff::2/64 dev tun6to4
ip -6 route add 2001::/3 via ::10.10.10.10 dev tun6to4 metric 1
ip -f inet6 addr

cheers,

Seb.


View solution in original post

5 Replies 5

Seb Rupik
VIP Alumni
VIP Alumni

Hi Stephane,

If I am reading the linux/windows config correctly your v6 tunnel endpoints are in differnet endpoints. From the Cisco tunnel0 config the linux/windows config should be:

ip tunnel add tun6to4 mode sit ttl 254 remote 10.10.10.10
ip link set dev tun6to4 up
ip addr add 2001:0a0a:0a0a:ffff::2/64 dev tun6to4
ip -6 route add 2001::/3 via ::10.10.10.10 dev tun6to4 metric 1
ip -f inet6 addr

cheers,

Seb.


James Leinweber
Level 4
Level 4

https://supportforums.cisco.com/message/4087215#4087215

Are you sure you want an RFC-3056 style 6to4 tunnel?  Those depend on the presence of 3rd party dual-stack anycast relay routers which advertise routes for 192.88.99/0/24 on the v4 side and 2002::/16 on the v6 side in BGP, and then either wrap (v6->v4) or unwrap (v4 -> v6) the native v6 packet from its protocol 41 IPv4 forwarding header.   The automatic tunneling technologies such as 6to4 and Teredo are heading toward deprecation due to their mediocre performance, high failure rates, and the rise of full native v6; see e.g. http://tools.ietf.org/html/draft-ietf-v6ops-6to4-to-historic-05

Maybe you want a point to point "6in4" tunnel instead?   That should work as long as you stay away from the 2002::/16 address space of 6to4.

-- Jim Leinweber, WI State Lab of Hygiene

Phillip Remaker
Cisco Employee
Cisco Employee

I don't think you want a 6to4 tunnel.  6to4 is only useful for unmanaged tunnel space, and even then, only marginally so.  It is a best practice to run screaming from 6to4 in any place that you encounter it.

Amond the reasons for avoiding 6to4 tunnels is the fact that they will fail across NATs, be design (the global IPv4 address is embedded in the IPv6 address).  You need a global address for each end of a 6to4 tunnel.  6to4 is worthless with RFC1918 addressing.

6in4 will also fail across most NATs, since you need to establish manual mapping for inbound connections.

If you are just trying to establish an IPv6 path from a Linux device to a Cisco device over an IPv4 network, GRE will probably be the simplest option, provided your IOS supports it and if your NAT will translate GRE (most will).

Some relevant reading:

http://lartc.org/howto/lartc.tunnel.gre.html

https://learningnetwork.cisco.com/thread/40210

Steph1963
Level 1
Level 1

Hi Seb,

Thanks for the correction.

Based on some Cisco example that I have found, I thought it was possilbe bo used tunnel endpoints in different IPv6 subnet as long as a route to the IPv4 was available as shown in the attached link.

http://ardenpackeer.com/tutorials/routeswitch/tutorial-ipv6-tunnels-part-2-automatic-6to4-tunnels/

My understanding is that is possible with Cisco but probably not with Linux or Windows automatic 6to4 tunnel implementation.

Thanks again for your help

Stephane

Ah, I should have twigged the '6to4' makes this a multi-point problem which allows the tunnel endpoints to be in different v6 subnets.

From reading the article try the following:

ip tunnel add tun6to4 mode sit remote any local 10.10.10.10 ttl 64

ip link set dev tun6to4 up

ip -6 addr add 2002:0a0a:0a0a::0100:1001:0010/128 dev tun6to4

ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1

ip -6 route add 2001:1:1:1::/64 via 2002:A0A:A0A::1 dev tun6to4

For the Cisco router is there any reason you are not using the loopback interface and puttuing all the config on fa0/0? Either way, the v6 address needs to be a 2002:: prefix, you have also duplicated the v4 address, so you need to change it to:

!

int fa0/0

  ip address 10.20.20.20 255.255.255.0

  ip address 2002:0a14:1414::2/64

!

I will lab this up tonight and see if I can get it to work...

cheers,

Seb.

Review Cisco Networking for a $25 gift card