The automatic tunneling mechanisms like Automatic 6to4 tunnels and ISATAP (Intra Site Automatic Tunnel Addressing Protocol) tunnels are point to multipoint tunnels. The destination IPv4 address is encoded in the IPv6 address itself. These tunneling mechanisms treat the underlying IPv4 network as an NBMA network.
As the destination IPv4 address is found out from the IPv6 address itself, care must be taken when deploying dynamic routing protocols over these tunnels. Care must be taken that the intermediate routers on the path does know the route to the encoded IPv4 address in the IPv6 packet.
In the above topology the router R1 is connected to IPv6 Network natively. Static IPv4 routing is configured between all routers. A tunnel is constructed between R1 and R3 using different automatic tunneling methods.
Automatic 6to4 tunnels:
First let us test Automatic 6to4 tunneling method. In this tunneling mechanism the tunnel destination is automatically calculated on a per packet basis. For example if the destination IPv6 address is 2001:6666:6666::6, then the IPv4 destination address to transport the IPv6 packet will be 102.102.102.102. The range 2002::/16 is reserved for Automatic 6to4 tunnels.
The tunnel destination of the IPv4 address will be calculated as follows:
The leading bits from 17-48 are used to encode the destination IPv4 address. In the above example the encoded IPv4 address is calculated by converting the hex 6666:6666 into decimal.
Configuration:
R1(config)#interface tunnel 6R1(config-if)#description testing automatic 6to4 R1(config-if)#tunnel source ethernet 0/0R1(config-if)#tunnel mode ipv6ip 6to4R1(config-if)#ipv6 address 2002:A00:C01::1/64R3(config)#interface tunnel 6R3(config-if)#description testing automatic 6to4R3(config-if)#tunnel source ethernet 0/0R3(config-if)#tunnel mode ipv6ip 6to4R3(config-if)#ipv6 address 2002:A00:1703::3/64R3 is configured with a default static route pointing out tunnel 6
R3(config)# ipv6 route ::/0 tunnel 6Now for testing connectivity let us send a ping to 2000:1234:4321::4 which is in the IPv6 network. In this case R3 will send the tunnel packet to the destination IPv4 address of 18.52.67.33, which is derived from the IPv6 destination of 2000:1234:4321::4. The packet will not be forwarded because of the missing IPv4 route.
R3#ping 2000:1234:4321::4 repeat 1Type escape sequence to abort.Sending 1, 100-byte ICMP Echos to 2000:1234:4321::4, timeout is 2 seconds:IP: s=10.0.23.3 (local), d=18.52.67.33, len 120, unroutable.Success rate is 0 percent (0/1)To solve this issue we have to replace the default IPv6 route which points to the exit interface with the next hop IPv6 address.
R3(config)#no ipv6 route ::/0 tunnel 6R3(config)#ipv6 route 2002:A00:C01::1/128 tunnel 6R3(config)#ipv6 route ::/0 2002:A00:C01::1First a static route pointing to R1 tunnel interface IPv6 address is configured with exit interface as next hop. Then a default route is configured with R1 tunnel interface IPv6 address as next hop.
R3#ping 2000:1234:4321::4 repeat 1Type escape sequence to abort.Sending 1, 100-byte ICMP Echos to 2000:1234:4321::4, timeout is 2 seconds:!Success rate is 100 percent (1/1), round-trip min/avg/max = 76/76/76 msIP: s=10.0.23.3 (local), d=10.0.12.1 (Ethernet0/0), len 120, sendingIP: s=10.0.12.1 (Ethernet0/0), d=10.0.23.3 (Ethernet0/0), len 120, rcvd 3This same problem will occur when we configure a dynamic routing protocol. Like in case of OSPF which will send multicast hellos to FF02::5. In this case we have to change the control plane to use unicast instead of multicast.
ISATAP Tunnel:
Now let us remove the existing tunnel and configure ISATAP tunnel. This kind of tunneling mechanism is used to deploy IPv6 locally in a site. The addressing scheme is IPv6-Prefix:0000:5EFE::/64 eui-64. With this tunneling mechanism an IPv6 node can auto-configure its IPv6 address with use of neighbor discovery. The destination IPv4 address is encoded in the last 32 bits of the IPv6 address.
Configuration:
We configure R1 to send Router Advertisements so that R3 will automatically generate an IPv6 address for its tunnel interface. The R1 will be configured in tunnel mode if ISATAP. IPv6 routing must be enabled so that RA could be originated.
R1(config)#interface tunnel 6R1(config-if)#tunnel mode ipv6ip isatapR1(config-if)#tunnel source ethernet 0/0R1(config-if)#ipv6 address 2001:13::/64 eui-64On R3 which is acting as a client, a normal static IPv6 tunnel interface is configured.
The output of debug ipv6 nd shows that an IPv6 address is auto configured.
ICMPv6-ND: Sending RS on Tunnel6ICMPv6-ND: Received RA from FE80::5EFE:A00:C01 on Tunnel6ICMPv6-ND: Sending NS for 2001:13::A00:1703 on Tunnel6ICMPv6-ND: Autoconfiguring 2001:13::A00:1703 on Tunnel6ICMPv6-ND: DAD: 2001:13::A00:1703 is unique.ICMPv6-ND: Sending NA for 2001:13::A00:1703 on Tunnel6ICMPv6-ND: Address 2001:13::A00:1703/64 is up on Tunnel6We can notice that the interface identifier is generated from the IPv4 address configured on the interface used in the tunnel source. Now let us check the reachability to the IPv6 network. For this we send a ping to 2000:1234:4321::4
R3#ping 2000:1234:4321::4Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 2000:1234:4321::4, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 48/88/144 ms
An ISATAP tunnel mechanism is a point to multipoint tunnel and could be used so that hosts within a site can dynamically obtain an IPv6 address. Automatic 6to4 tunnel could be used with hosts which have public IPv4 address and thereby could gain point to multipoint connectivity across the global IPv4 Internet.