Cisco 6to4 Relay Service
From ARIN IPv6 Wiki
An ISP can set up a 6to4 relay service by configuring at least two well-connected IPv6-enabled routers to set up automatic 6to4 tunnels.
A 6to4 tunnel is an automatic IPv6 tunnel where a 6to4 border router in an isolated IPv6 network creates a tunnel to a 6to4 border router in another isolated IPv6 network over an IPv4 infrastructure. The tunnel destination is determined by the globally unique, 32-bit IPv4 address of the remote 6to4 border router that is concatenated to the prefix 2002::/16. 6to4 tunnels are configured between 6to4 border routers or between 6to4 border routers and hosts.
A 6to4 relay service is a 6to4 border router that offers traffic forwarding to the IPv6 Internet for remote 6to4 border routers. A 6to4 relay forwards packets that have a 2002::/16 source prefix.
6to4 tunnels and connections to a 6to4 relay service need not be requested or negotiated between customers and the ISP. The ISP simply configures the 6to4 relay service and customers can automatically connect to the service whenever they like. Because of the one-to-many relationship between the 6to4 relay service and each 6to4 tunnel (each customer), there is low maintenance and management overhead associated with 6to4 tunnels and a 6to4 relay service. However, given that customers use the IPv4 address of their border router to construct the 6to4 address that they use to connect to the 6to4 relay service (they are not delegated a /48 prefix from the ISP), the ISP may want to manage the IPv4 routing announcements for the relay service to control its use (the ISP will need IPv4 traffic statistics if it wants to identify and charge individual customers for using the service).
Reverse 6to4 delegation can be requested at: http://6to4.nro.net, please check the instructions at http://6to4.nro.net/6to4_reverse/non_2002/index.html.
Contents |
[edit] First Example (brief)
Here is an example config fragment. Check Cisco's documentation for full details.
Listing 11-7. A Cisco 6to4-to-IPv6 Gateway Configuration ! interface Loopback2002 ip address 192.88.99.1 255.255.255.255 ! interface Tunnel2002 ipv6 enable ipv6 mtu 1280 tunnel source 192.88.99.1 tunnel mode ipv6ip 6to4 !
Listing 11-8. A Private 6to4 Gateway in the IPv6-to-6to4 Direction ! interface Tunnel2002 ipv6 address 2002:DFE0:E1E2::/16 ipv6 mtu 1280 tunnel source 223.224.225.226 tunnel mode ipv6ip 6to4 !
[edit] Second Example (brief)
And a second example. This should be configured on a dual-stack router that has good IPv4 and IPv6 connectivity. To minimize latency, it should be on the border between your IPv4-only network and your dual-stack network. This configuration can duplicated to additional dual-stack routers for increased reliability.
interface Loopback2 description 6to4 relay anycast address (RFC 3068) ip address 192.88.99.1 255.255.255.0 ipv6 address 2002:C058:6301::/128 ! interface Tunnel1 description 6to4 Tunnel no ip address ipv6 unnumbered Loopback2 tunnel source Loopback2 tunnel mode ipv6ip 6to4 ! ipv6 route 2002::/16 Tunnel1
The purpose of a 6to4 gateway tunnel is twofold. It provides a route for packets from non-6to4 IPv6 devices within an IPv6 network to reach 6to4 devices which do not have native IPv6 connectivity. Secondly, it allows packets from 6to4 devices which have only IPv4 connectivity to reach the IPv6 network. To accomplish the first, the 2002::/16 route should be announced to other IPv6 routers using an IGP (eg. OSPFv3 or RIPv6). To accomplish the latter, the 192.88.99.0/24 should be propagated via an IGP (eg. OSPF or EIGRP) and/or EGP (eg. BGP) to other IPv4 routers. For example:
ipv6 router ospf 10 redistribute static ! router ospf 10 redistribute connected subnets
[edit] Third Example (explained)
Jordi Palet Martinez posted the following example on the AfriNIC mailing list:
[edit] Details of the example configuration
The examples below is assuming that the public IPv4 address in the WAN interface of the router is 192.1.2.3. You should replace that with the right information for your own case, same with other data used in the examples.
Also, you need to understand how to calculate the 6to4 IPv6 address for your router. This is done using the IPv4 address and the IPv6 6to4 prefix.
The 6to4 prefix 2002::/16 is taking the first 16 bits. Then the bits 17 to 48 are the nibble notation for your IPv4 address. So in our example it will be:
192 = c0 1 = 01 2 = 02 3 = 03
So consequently:
- 2002:c001:0203::/48
We will use the first address of the prefix for the WAN interface, so
- 2002:c001:0203::1/128
Also, the anycast address for 6to4 is: 192.88.99.1 Following the same example as above, in IPv6 will be:
- 2002:c058:6301::/128
For our example using a Loopback, we use 192.3.2.3, which in IPv6 will be
- 2002:0c03:0203::/128
We show below two options for the 6to4 Relay. One basic configuration and another using the anycast address for 6to4. You just need to configure one of them (A or B).
[edit] A Example configuration of a basic 6to4 Relay
This relay will only be reachable for hosts or routers with a manual configuration pointing to it.
A1) Enable IPv6 in the router
ipv6 unicast-routing
A2) Ethernet0/0 interface configuration (obviously you can use another interface)
interface Ethernet0/0 description 6to4 Relay Service ip address 192.1.2.3 255.255.255.0
A3) tunnel 6to4 virtual interface
interface Tunnel2002 description 6to4 Relay Interface no ip address no ip redirects ipv6 address 2002:c001:0203::1/128 tunnel source Ethernet0/0 tunnel mode ipv6ip 6to4
A4) 6to4 prefix route
ipv6 route 2002::/16 Tunnel2002
[edit] B Example configuration of a 6to4 Relay with anycast support
B1) Enable IPv6 in the router
ipv6 unicast-routing
B2) We use the loopback (recommended), but you could use an Ethernet Interface or any other one
interface Loopback0 description 6to4 Anycast Relay Service ip address 192.88.99.1 255.255.255.0 secondary ip address 192.3.2.3 255.255.255.255 ipv6 address 2002:c003:0203::1/128 ipv6 mtu 1480 no ipv6 mfib fast
Note: When using IPv4 anycast addresses is recommended to configure explicitly the BGP/OSPF ID with a unicast address, otherwise, the router may take by default the anycast address as the ID.
B3) tunnel 6to4 virtual interface
interface Tunnel2002 description anycast 6to4 Relay Interface no ip address no ip redirects ipv6 address 2002:C058:6301::/128 anycast ipv6 unnumbered Loopback0 no ipv6 mfib fast tunnel source Loopback0 tunnel mode ipv6ip 6to4 tunnel path-mtu-discovery
[edit] C Configuration for a public Relay
If you choose the anycast option (B), then you can also make the relay public via the following steps.
C1) You need to announce the 2002::/16 prefix usually via BGP. The example below will help you. You should add this to the normal unicast IPv6 configuration and replace the right information for your own case.
router bgp myASN no bgp default ipv4-unicast bgp log-neighbor-changes neighbor remotepeer_IPv6_address remote-as remoteASN neighbor remotepeer_IPv6_address description Peer to remoteISP address-family ipv6 neighbor remotepeer_IPv6_address activate neighbor remotepeer_IPv6_address route-map remoteISP_in in neighbor remotepeer_IPv6_address route-map remoteISP_out out network my_IPv6_prefix network 2002::/16 exit-address-family ipv6 route 2002::/16 Null0 ipv6 prefix-list 6to4_prefix seq 5 permit 2002::/16 route-map remoteISP_out permit 10 match ipv6 address prefix-list 6to4_prefix
Note: Of course, you need to replace some of the parameters with your specific data, such as myASN, remotepeer_IPv6, my_IPv6_prefix, remoteASN, remoteISP, remoteISP_in and remoteISP_out.
C2) Additionally you need to configure the announce of the 6to4 anycast prefix, 192.88.99.0/24, to your neighbor ISPs.
Once you have started announcing this prefix, add yourself to the list of ISPs currently announcing a 6to4 prefix.
[edit] D Configuration for a Private Relay
Alternatively, if you only want to offer the relay to your own customers, you need to announce the 192.88.99.0/24 prefix only to them. Then you will need to use example A) and use something adapted to your own network/routing protocol.
For example, if you are using OSPF as your IGP, you will add something such as:
router ospf 1 log-adjacency-changes auto-cost reference-bandwidth 10000 network 192.88.99.0 0.0.0.255 area 0|
