IPv6
{Back to Index}  

Table of Contents

1 基础配置

1.1 全局激活 IPv6 单播路由功能

Router(config)# ipv6 unicast-routing

1.2 激活接口 IPv6 并配置地址

Router(config)# interface e0/0
Router(config-if)# ipv6 enable
Router(config-if)# ipv6 address 2001:0001::/64 eui-64
Router(config-if)# no shutdown

1.3 配置静态路由

Router(config)# ipv6 route 2001:0002::/64 2012::2

Router(config)# ipv6 route ::/0 2012::3

1.4 配置验证

show ipv6 interface [brief]
show ipv6 routers
show ipv6 neighbors
debug ipv6 packet

2 地址类型

addr_cate.png

Figure 1: 地址空间

2.1 特征前缀

类型 前缀
Loopback ::1/128
Multicast FF00::8
Link-local FE80:10
Site-local FEC0::10
AGUA else

2.2 单播地址

2.2.1 接口 ID (Interface ID)

接口 ID 为 64bits ,用于标识链路上的接口,每条链路上接口 ID 必须唯一。

2.2.1.1 作用
  • 构建 Link-Local 地址
  • 无状态1配置环境中构建全局单播地址
2.2.1.2 配置方式
  • 可以根据 IEEE 的 EUI-64 规范 将 48 比特的 MAC 地址转化为 64 比特的接口 ID 。(MAC 地址的唯一性保证了接口 ID 的唯一性)
  • 手工配置 (自行维护唯一性)

2.2.2 AGUA

agua.png

agua2.png

Figure 3: 一般从运营商申请到的地址空间为 /48 ,再由用户根据需要进一步规划

  • 公网可路由地址
  • 地址规划: 2000::/3
    • 其中 2001::/16 被定义为 Internet Address
    • 其中 2002::/16 被定义为 6to4 Tunnel Address (参见 6.3)
2.2.2.1 手动配置 (eui-64)

eui64.png

Figure 4: EUI-64 生成示意

R4(config)#in e0/3
R4(config-if)#ipv6 enable ! 接口激活 IPv6
R4(config-if)#ipv6 address 2008::/64 eui-64
R4#sh interfaces e0/3 | i bia
  Hardware is AmdP2, address is aabb.cc00.4030 (bia aabb.cc00.4030)
R4#sh ipv6 interface e0/3
Ethernet0/3 is administratively down, line protocol is down
  IPv6 is tentative, link-local address is FE80::A8BB:CCFF:FE00:4030 [TEN]
  No Virtual link-local address(es):
  Global unicast address(es):
    2008::A8BB:CCFF:FE00:4030, subnet is 2008::/64 [EUI/TEN]
  Joined group address(es):
    FF02::1
    FF02::2
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds (using 30000)
  ND advertised reachable time is 0 (unspecified)
  ND advertised retransmit interval is 0 (unspecified)
  ND router advertisements are sent every 200 seconds
  ND router advertisements live for 1800 seconds
  ND advertised default router preference is Medium
  Hosts use stateless autoconfig for addresses.

上面这条命令的意思是使用 2008::/64 作为前缀,并且追加 64bits 的 EUI-64 格式接口 ID , 构成接口的 全局唯一 IPv6 地址。

2.2.2.2 手动配置 (general-prefix)
R1(config)#ipv general-prefix GEN_PRE 2008:12::/32
R1(config)#int e0/1
R1(config-if)#ipv address GEN_PRE ::1/64
R1(config-if)#do sh ipv int b
Ethernet0/1            [administratively down/down]
    FE80::A8BB:CCFF:FE00:1010
    2008:12::1
2.2.2.3 自动配置 (无状态)

参考 3.2

2.2.2.4 自动配置 (有状态)

即 DHCPv6 。

2.2.3 Link-Local

link-local-address.png

  • 用作本段链路上的唯一定位符, 不可路由
  • 只在本段链路中有效, 不同链路的 Link-Local 地址是可以重复的
  • 在路由协议交互路由过程中,link-local 将作为 Next Hop (为将来重编址提供灵活性)
  • 用于自动地址配置,邻居发现,路由器发现等机制
  • 一条链路上, 必须 知道对端 Link-Local 地址, 否则是不能通信的
  • 当一个节点启动 IPv6 协议栈时,节点的每个接口会自动配置一个链路本地地址。这种机制使得两个连接到同一链路的 IPv6 节点 不需要做任何配置就可以通信缺省网关建议使用链路本地地址 ,因为这个地址是相对稳定的
  • 由于最后 64 位是接口标识,因此该地址掩码固定为 /64
2.2.3.1 手动配置

不建议 手动修改 link-local 地址。 

R1(config-if)#ipv6 address fe80::1 link-local
R1(config-if)#do sh ipv6 inter b
Ethernet0/0            [administratively down/down]
    FE80::1
Ethernet0/1            [administratively down/down]
    unassigned
Ethernet0/2            [administratively down/down]
    unassigned
Ethernet0/3            [administratively down/down]
    unassigned
2.2.3.2 自动配置

接口上配置 ipv6 enable 可以自动生成 link-locl 地址。

2.2.4 Site-local

已废弃 ,由 Unique Local Address 取代。

site-local.png

2.3 组播地址

multicast.png

Figure 7: 组播地址

  • Flag 为 0 表示永久公网组播地址,相当于 224.0.0.1 ~ 224.0.0.255
  • Flag 为 1 表示临时私网组播地址,相当于 239.0.0.0 ~ 239.255.255.255

2.3.1 Solicited-Node Multicast Address 2

snma.png

Figure 8: 地址构成

每个 IPV6 单播地址,都会自动加入响应的被请求节点组播组,IPV6 单播地址最后 24bits,对应到被请求节点组播地址最后的 24bits 。

  • 通常,每个 IPv6 单播地址都会加入各自的被请求节点组播组,每个组播组中一般只有一个组成员
  • 如果知道对方的 IPv6 地址,可以计算出该 IPv6 单播地址对应的被请求节点组播地址

用途参见 10

3 邻居发现协议(NDP) 3

ndp_fr.png

Figure 9: NDP 所包含的功能

ICMPv6 Type Message
133 RS (路由器请求)
134 RA (路由器通告)
135 NS (邻居请求)
136 NA (邻居通告)
137 重定向

3.1 NS/NA 消息

3.1.1 地址解析 (取代 ARP)

ndp_arp.png

Figure 10: 地址解析流程

ndp_arp_ex.png

Figure 11: ping 实验

实验配置 
----------------- R1 ----------------------
en
conf t
hostname R1
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
int e0/0
  ipv6 address 2001:12::1/64
  no sh

----------------- R2 ----------------------
en
conf t
hostname R2
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
int e0/0
  ipv6 address 2001:12::2/64
  no sh
数据抓包

数据包下载

ndp_ns.png

Figure 12: NS

ndp_na.png

Figure 13: NA

查看 MAC 邻居 
R1#sh ipv6 neighbors
IPv6 Address                              Age Link-layer Addr State Interface
2001:12::2                                 97 aabb.cc00.2000  STALE Et0/0
FE80::A8BB:CCFF:FE00:2000                  97 aabb.cc00.2000  STALE Et0/0

3.1.2 重复地址检测 (DAD, 取代 Gratuitous ARP)

ndp_ns_dad.png

Figure 14: 使用 NS 消息探测网段中是否存在将要配置的 IP

上面的实验 中将 R1 的 e0/0 口重启,可以观察到 Duplicate Address Detection (DAD) 数据包:

数据包

抓包文件

ndp_dad_pcap.png

3.2 RA/RS 消息 (动态配置 AGUA 地址)

  • 在路由器(通常是 边界网关路由器 )上启用 ipv6 unicast-routing 之后,就会周期性发送 RA , 并且在收到 RS 后会立即进行回应
  • 可以在接口上配置 ipv6 nd ra suppress-ra 来抑制 RA (通常配置在运行动态路由协议的路由器上用以节约带宽) (收到 RS 仍会回应)
  • 当路由器( 尚无IP )收到 RA 后,提取 prefix 再结合自身的 EUI64 就生成了属于自己的网络地址, 并发送 RS 作为回应
  • 当路由器接口刚启动时,会主动发送 RS

ndp_ra.png

Figure 16: Router Advertisement

ndp_rs.png

Figure 17: Router Solicitation

rs_ra_ex.png

Figure 18: 实验环境

实验配置 
----------------- R1 ----------------------
en
conf t
hostname R1
no ip do lo
ipv6 unicast-routing
line con 0
  exec-timeout 0 0
  logging synchronous
int e0/0
  ipv6 address 2001:12::1/64
  no sh

----------------- R2 ----------------------
en
conf t
hostname R2
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
int e0/0
  ipv6 address autoconfig default ! default 意味着将 R1 作为默认网关
  no sh
查看 R1 接口信息 
R1#sh ipv6 interface e0/0
Ethernet0/0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:1000
  No Virtual link-local address(es):
  Global unicast address(es):
    2001:12::1, subnet is 2001:12::/64
  Joined group address(es):
    FF02::1
    FF02::2 ! 说明已成为运行 IPv6 协议的路由器
    FF02::1:FF00:1
    FF02::1:FF00:1000
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds (using 30000)
  ND advertised reachable time is 0 (unspecified)
  ND advertised retransmit interval is 0 (unspecified)
  ND router advertisements are sent every 200 seconds
  ND router advertisements live for 1800 seconds
  ND advertised default router preference is Medium
  Hosts use stateless autoconfig for addresses.
查看 R2 接口信息 
R2#sh ipv6 interface e0/0
Ethernet0/0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:2000
  No Virtual link-local address(es):
  Stateless address autoconfig enabled
  Global unicast address(es):
    2001:12::A8BB:CCFF:FE00:2000, subnet is 2001:12::/64 [EUI/CAL/PRE]
      valid lifetime 2591833 preferred lifetime 604633
  Joined group address(es):
    FF02::1
    FF02::1:FF00:2000
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds (using 30000)
  ND NS retransmit interval is 1000 milliseconds
  Default router is FE80::A8BB:CCFF:FE00:1000 on Ethernet0/0
数据抓包

数据包下载

ndp_ra_pcap.png

Figure 19: RA

ndp_rs_pcap.png

Figure 20: RS

4 路由协议

4.1 静态路由

static_route.png

Figure 21: 实验环境

实验配置 
----------------- R1 ----------------------
en
conf t
hostname R1
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
int e0/0
  ipv6 address 2001:12::1/64
  no sh
  exit
ipv6 route 2::/64 2001:12::2 ! static

----------------- R2 ----------------------
en
conf t
hostname R2
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
int lo0
  ipv6 address 2::2/64
int e0/0
  ipv6 address 2001:12::2/64
  no sh

4.2 OSPFv3

ospfv3.png

Figure 22: 实验环境

实验配置(方式一) 
----------------- R1 ----------------------
en
conf t
hostname R1
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
ipv6 unicast-routing ! required before any routing protocol configured
ipv6 router ospf 110
  router-id 11.11.11.11
int lo0
  ipv6 address 1::1/128
  ipv6 ospf 110 area 0
int e0/0
  ipv6 address 2001:12::1/64
  ipv6 ospf 110 area 0
  no sh
----------------- R2 ----------------------
en
conf t
hostname R2
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
ipv6 unicast-routing ! required before any routing protocol configured
ipv6 router ospf 110
  router-id 22.22.22.22
int lo0
  ipv6 address 2::2/128
  ipv6 ospf 110 area 0
int e0/0
  ipv6 address 2001:12::2/64
  ipv6 ospf 110 area 0
  no sh
实验配置(方式二) 
----------------- R1 ----------------------
en
conf t
hostname R1
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
ipv6 unicast-routing ! required before any routing protocol configured
router ospfv3 110
  address-family ipv6 unicast
    router-id 11.11.11.11
  exit-address-family
int lo0
  ipv6 address 1::1/128
  ospfv3 110 ipv6 area 0
int e0/0
  ipv6 address 2001:12::1/64
  ospfv3 110 ipv6 area 0
  no sh
----------------- R2 ----------------------
en
conf t
hostname R2
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
ipv6 unicast-routing ! required before any routing protocol configured
router ospfv3 110
  address-family ipv6 unicast
    router-id 22.22.22.22
  exit-address-family
int lo0
  ipv6 address 2::2/128
  ospfv3 110 ipv6 area 0
int e0/0
  ipv6 address 2001:12::2/64
  ospfv3 110 ipv6 area 0
  no sh

4.3 EIGRP

eigrp.png

Figure 23: 实验环境

实验配置 
----------------- R1 ----------------------
en
conf t
hostname R1
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
ipv6 unicast-routing ! required before any routing protocol configured
int lo0
  ipv6 address 1::1/128
int e0/0
  ipv6 address 2001:12::1/64
  no sh
int e0/1
  ipv6 address 2001:14::1/64
  no sh
router eigrp MY_EIGRP
  address-family ipv6 unicast autonomous-system 100
    no shutdown ! default
    eigrp router-id 11.11.11.11
  exit-address-family
----------------- R2 ----------------------
en
conf t
hostname R2
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
ipv6 unicast-routing ! required before any routing protocol configured
int lo0
  ipv6 address 2::2/64
int e0/0
  ipv6 address 2001:12::2/64
  no sh
int e0/1
  ipv6 address 2001:23::2/64
  no sh
router eigrp MY_EIGRP
  address-family ipv6 unicast autonomous-system 100
    eigrp router-id 22.22.22.22
    af-interface e0/1
      shutdown ! exclude
    exit-af-interface
  exit-address-family
----------------- R3 ----------------------
en
conf t
hostname R3
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
int e0/1
  ipv6 address 2001:23::3/64
  no sh
----------------- R4 ----------------------
en
conf t
hostname R4
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
int e0/1
  ipv6 address 2001:14::4/64
  no sh
查看 R1 的路由 
R1#sh ipv route eigrp
IPv6 Routing Table - default - 7 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
       IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
       ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
       RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
       lA - LISP away, a - Application
D   2::/64 [90/1024640] ! R2 只发送来该条路由
     via FE80::A8BB:CCFF:FE00:2000, Ethernet0/0
查看 R2 的路由 
R2#sh ipv route eigrp
IPv6 Routing Table - default - 9 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
       IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
       ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
       RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
       lA - LISP away, a - Application
D   1::1/128 [90/1024640]
     via FE80::A8BB:CCFF:FE00:1000, Ethernet0/0
D   2001:14::/64 [90/1536000]
     via FE80::A8BB:CCFF:FE00:1000, Ethernet0/0

4.4 BGP

bgp.png

Figure 24: 实验环境

实验配置 
----------------- R1 ----------------------
en
conf t
hostname R1
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
ipv6 unicast-routing ! required before any routing protocol configured
router bgp 100
  bgp router-id 11.11.11.11 ! must have
  no bgp default ipv4-unicast
  neighbor 2001:12::2 remote-as 200
  address-family ipv6 unicast
    neighbor 2001:12::2 activate
  exit-address-family
int e0/0
  ipv6 address 2001:12::1/64
  no sh
----------------- R2 ----------------------
en
conf t
hostname R2
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
ipv6 unicast-routing ! required before any routing protocol configured
router bgp 200
  bgp router-id 22.22.22.22 ! must have
  no bgp default ipv4-unicast
  neighbor 2001:12::1 remote-as 100
  address-family ipv6 unicast
    neighbor 2001:12::1 activate
    network 2::2/128 ! must conform to the one in route table, which is 2::2/128
  exit-address-family
int lo0
  ipv6 address 2::2/64
int e0/0
  ipv6 address 2001:12::2/64
  no sh
查看 BGP 信息 
R1#sh bgp ipv6 unicast summary  ! 邻居关系
BGP router identifier 11.11.11.11, local AS number 100
BGP table version is 2, main routing table version 2
1 network entries using 168 bytes of memory
1 path entries using 108 bytes of memory
1/1 BGP path/bestpath attribute entries using 160 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 460 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2001:12::2      4          200       6       5        2    0    0 00:01:59        1
R1#sh bgp ipv6 unicast  ! 查看 BGP 路由
BGP table version is 2, local router ID is 11.11.11.11
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
              t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>   2::2/128         2001:12::2               0             0 200 i

4.5 BGP (6 over 4)

如利用 IPv4 地址建立邻居关系,传递 IPv6 unicast 路由 需要将下一跳修改为 IPv6 地址 ,否则将造成下一跳不可达,路由也就无法装进 BGP 路由表。

配置示例: 

ipv6 unicast-routing
!
route-map [name] permit 10
 set ipv6 next-hop [ipv6 address]
exit
!
router bgp [AS]
 neighbor [ipv4 address] remote-as [AS]
 address-family ipv6 unicast
  neighbor [ipv4 address] activate
  neighbor [ipv4 address] route-map [name] out
 exit
exit

bgp_6_over_4.png

Figure 25: 实验环境

配置清单 
----------------- R1 ----------------------
en
conf t
 hostname R1
 no ip do lo
 line con 0
  exec-timeout 0 0
  logging synchronous
 exit
 ipv6 unicast-routing
 int lo0
  ipv6 address 1::1/128
 exit
 int e0/0
  ip address 10.1.12.1 255.255.255.0
  ipv6 address 2001:12::1/64
  no sh
 exit
 !
 route-map MODIFY_NEXT_HOP permit 10
  set ipv6 next-hop 2001:12::1
 exit
 !
 router bgp 100
  bgp router-id 1.1.1.1
  no bgp default ipv4-unicast
  neighbor 10.1.12.2 remote-as 200

  address-family ipv6 unicast
   neighbor 10.1.12.2 act
   neighbor 10.1.12.2 route-map MODIFY_NEXT_HOP out
   redistribute connected
  exit
 exit
end
----------------- R2 ----------------------
en
conf t
 hostname R2
 no ip do lo
 line con 0
  exec-timeout 0 0
  logging synchronous
 exit
 ipv6 unicast-routing
 int lo0
  ipv6 address 2::2/128
 exit
 int e0/0
  ip address 10.1.12.2 255.255.255.0
  ipv6 address 2001:12::2/64
  no sh
 exit
 !
 route-map MODIFY_NEXT_HOP permit 10
  set ipv6 next-hop 2001:12::2
 exit
 !
 router bgp 200
  bgp router-id 2.2.2.2
  no bgp default ipv4-unicast
  neighbor 10.1.12.1 remote-as 100

  address-family ipv6 unicast
   neighbor 10.1.12.1 act
   neighbor 10.1.12.1 route-map MODIFY_NEXT_HOP out
   redistribute connected
  exit
 exit
end
查看 BGP 路由 
R1#sh bgp ipv6 unicast
BGP table version is 4, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
              t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>   1::1/128         ::                       0         32768 ?
 *>   2::2/128         2001:12::2               0             0 200 ?
 *    2001:12::/64     2001:12::2               0             0 200 ?
 *>                    ::                       0         32768 ?
如果不修改下一跳 
R1#sh bgp ipv6 unicast
BGP table version is 3, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
              t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>   1::1/128         ::                       0         32768 ?
 *    2::2/128         ::FFFF:10.1.12.2
                                                0             0 200 ?
 *    2001:12::/64     ::FFFF:10.1.12.2
                                                0             0 200 ?
 *>                    ::                       0         32768 ?
R1#

4.6 重分布

IPv6 重分布配置与 IPv4 基本保持一致,但是 默认不重分布直连网段 , 需要使用参数 include-connected 才能重分布直连路由。

5 ACL 与 Prefix-list

IPV6 中 ACL 只能用于数据过滤 ,即通过接口下 ipv6 traffic-filter AclName [in|out] 的方式对数据进行过滤。

而针对前缀过滤,IPv6 中只能使用 prefix-list 不能使用 ACL 。

6 过渡技术

6.1 双栈

即链路层收到数据帧后,需要拆开并检查 IP 包头:

  • 如果包头中第一个字段为 4 ,则该数据包由 IPv4 协议栈处理
  • 如果包头中第一个字段为 6 ,则该数据包由 IPv6 协议栈处理

双栈要求网络节点必须同时支持IPv4 和 IPv6 。

6.2 隧道 (手动) 4

tunnel.png

Figure 26: Tunneling encapsulates the IPv6 packet in the IPv4 packet

tunnel_ipv6ip.png

Figure 27: 实验环境

实验配置 
----------------- R1 ----------------------
en
conf t
hostname R1
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
ipv6 unicast-routing ! required before any routing protocol configured
ipv6 router ospf 1
  router-id 11.11.11.11
int lo0
  ipv6 address 1::1/128
  ipv6 ospf 1 area 0
int e0/0
  ipv6 address 2001:12::1/64
  ipv6 ospf 1 area 0
  no sh
----------------- R2 ----------------------
en
conf t
hostname R2
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
ipv6 unicast-routing ! required before any routing protocol configured
ip route 0.0.0.0 0.0.0.0 10.1.23.3 ! default route
ipv6 router ospf 1
  router-id 22.22.22.22
  redistribute ospf 2 metric 10 include-connected
ipv6 router ospf 2
  router-id 22.22.22.22
  redistribute ospf 1 metric 10 include-connected
int e0/0
  ipv6 address 2001:12::2/64
  ipv6 ospf 1 area 0
  no sh
int e0/1
  ip address 10.1.23.2 255.255.255.0
  no sh
int tun1
  ipv6 enable ! just need ipv6 address
  tunnel source e0/1
  tunnel destination 10.1.34.4
  tunnel mode ipv6ip ! default is gre, use ipv6ip could 4 bytes GRE header
  ipv6 ospf 2 area 0
  no sh

----------------- R3 ----------------------
en
conf t
hostname R3
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
ipv6 unicast-routing
int e0/0
  ip address 10.1.23.3 255.255.255.0
  no sh
int e0/1
  ip address 10.1.34.3 255.255.255.0
  no sh
----------------- R4 ----------------------
en
conf t
hostname R4
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
ipv6 unicast-routing ! required before any routing protocol configured
ip route 0.0.0.0 0.0.0.0 10.1.34.3 ! default route
ipv6 router ospf 2
  router-id 44.44.44.44
  redistribute eigrp 100 metric 10 include-connected 
router eigrp MY_EIGRP
  address-family ipv6 unicast autonomous-system 100
    no shutdown ! default
    eigrp router-id 44.44.44.44
    af-interface e0/0
      shutdown
    exit-af-interface
    topology base
      redistribute ospf 2 metric 10000 100 255 1 1500 include-connected
    exit-af-topology
  exit-address-family
int e0/0
  ip address 10.1.34.4 255.255.255.0
  no sh
int e0/1
  ipv6 address 2001:45::4/64
  no sh
int tun1
  ipv6 enable ! just need ipv6 address
  tunnel source e0/0
  tunnel destination 10.1.23.2
  ipv6 ospf 2 area 0
  tunnel mode ipv6ip
  no sh

----------------- R5 ----------------------
en
conf t
hostname R5
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
ipv6 unicast-routing
int lo0
  ipv6 address 5::5/128
int e0/0
  ipv6 address 2001:45::5/64
  no sh
router eigrp MY_EIGRP
  address-family ipv6 unicast autonomous-system 100
    no shutdown ! default
    eigrp router-id 55.55.55.55
  exit-address-family

6.3 6to4 隧道 (自动)

6to4 隧道关键之处在于 Tunnel 目标地址由路由器 自动计算 :

  • 访问的 IPv6 地址必须以 2002::/16 作为前缀,之后 32 bits 会被转换为 IPv4 地址(即 Tunnel 目标地址)
  • 该地址要求接口标识占用 64 bits ,因此可以提供 16 bits 用于划分子网

使用 6to4 Tunnel 不能在 tunnel 接口上运行动态路由协议, 只能使用静态路由将流量导向 tunnel 接口

6to4_conf.png

Figure 28: 6to4 隧道配置示例

6to4_ex.png

Figure 29: 实验环境

实验配置 
----------------- R4 ----------------------
en
conf t
hostname R4
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
int e0/1
  ipv6 address 2002:0202:0202::4/64
  no sh
ipv6 route ::/0 2002:202:202::2 ! ipv6 default route

----------------- R2 ----------------------
en
conf t
hostname R2
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
ipv6 unicast-routing
router ospf 110
  router-id 22.22.22.22
  network 2.2.2.2 0.0.0.0 area 0
  network 10.1.12.2 0.0.0.0 area 0
int lo0
  ip address 2.2.2.2 255.255.255.255
int e0/0
  ip address 10.1.12.2 255.255.255.0
  no sh
int e0/1
  ipv6 address 2002:0202:0202::2/64
  no sh
int tun0
  ipv6 unnumbered e0/1 ! use e0/1's AGUA (tun0's address has to have 2002::/16 prefix)
  tunnel source lo0 ! no need to specify destination0
  tunnel mode ipv6ip 6to4
  no sh
ipv6 route 2002::/16 tun0 ! static route to let data go through tun0

----------------- R1 ----------------------
en
conf t
hostname R1
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
int e0/0
  ip address 10.1.12.1 255.255.255.0
  no sh
int e0/1
  ip address 10.1.13.1 255.255.255.0
  no sh
router ospf 110
  router-id 11.11.11.11
  network 10.1.12.1 0.0.0.0 area 0
  network 10.1.13.1 0.0.0.0 area 0

----------------- R3 ----------------------
en
conf t
hostname R3
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
ipv6 unicast-routing
int lo0
  ip address 3.3.3.3 255.255.255.255
int e0/0
  ipv6 address 2002:0303:0303::3/64
  no sh
int e0/1
  ip address 10.1.13.3 255.255.255.0
  no sh
router ospf 110
  router-id 33.33.33.33
  network 3.3.3.3   0.0.0.0 area 0
  network 10.1.13.3 0.0.0.0 area 0
int tun0
  ipv6 unnumbered e0/0
  tunnel source lo0 ! no need to specify destination0
  tunnel mode ipv6ip 6to4
  no sh
ipv6 route 2002::/16 tun0

----------------- R5 ----------------------
en
conf t
hostname R5
no ip do lo
line con 0
  exec-timeout 0 0
  logging synchronous
ipv6 unicast-routing
int e0/0
  ipv6 address 2002:0303:0303::5/64
  no sh
ipv6 route ::/0 2002:0303:0303::3

Footnotes:

1

无状态指的是利用 RA/RS 机制,有状态指的是 DHCPv6 方式

2

有点广播地址的意思,虽然 IPv6 中没有定义广播地址

3

NDP 其实是基于 ICMPv6 消息来实现其各种功能

4

适用于站点数量不多的情况

Author: Hao Ruan (ruanhao1116@gmail.com)

Created: 2021-06-13 Sun 11:17

Updated: 2021-10-19 Tue 00:07

Emacs 27.1 (Org mode 9.3)