Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: vlan tag and HE tunnel  (Read 3061 times)

Tunnelling1234

  • Newbie
  • *
  • Posts: 6
vlan tag and HE tunnel
« on: August 27, 2011, 09:01:59 PM »

An untagged interface exposed to the net works great for an HE tunnel!  No complaints there!

(insert employer/ISP upgrade here)

Now, my HE tunnel just doesn't work at all on a tagged interface. Yet ipv4 is ok, the interface has an accessible public address. I can't spot any filtering of services that I bring up on that interface. I poke around at the problem a while, then in addition to the work requirements I setup an untagged interface with a public address going through the same network upgrade (as a regular customer would) and HE tunnel and IPV6 is back and working!

Employer/ISP says great you got it working and we understand your quest towards IPV6 cert, but keep all your traffic tagged on these particular vlans as soon as possible...   

Ideally, I have an IPV6 tunnel and a happy employer, perhaps one willing to embrace IPV6 in the near future.

Before I crank up tcpdump, anybody else run into a similar problem with an HE tunnel and tags?

Am I Doing It Wrong™ ?


Logged

snarked

  • Hero Member
  • *****
  • Posts: 773
Re: vlan tag and HE tunnel
« Reply #1 on: August 28, 2011, 12:45:44 AM »

Why should it work?  Vlan tagging is a level 2 network service.  IP routing is a level 3 service.  These things occur at different levels in the standard OSI 7 level network model.
Logged

Tunnelling1234

  • Newbie
  • *
  • Posts: 6
Re: vlan tag and HE tunnel
« Reply #2 on: August 28, 2011, 06:01:49 AM »

Ah, it appears I have mistaken the seven layer model for bean dip...  :)
Logged

Tunnelling1234

  • Newbie
  • *
  • Posts: 6
Re: vlan tag and HE tunnel
« Reply #3 on: August 28, 2011, 12:53:37 PM »

Bear with me, I'm learning you see.

With the tag, tcpdump shows IPV6 leaving the henet interface bound for HE, but nothing is received.

When untagged frames leave my equipment, the next piece of equipment tags them immediately anyway! The addition and subsequent stripping of the tag by various managed switches between here and there - doesn't break the HE tunnel at all.  

So just to be clear - the henet interface should work regardless of what layer 2 does? (assuming layer 2 is setup correctly)

Maybe it's protocol 41 being dropped somewhere along the way on that particular route?
« Last Edit: August 28, 2011, 01:33:44 PM by Tunnelling1234 »
Logged

Tunnelling1234

  • Newbie
  • *
  • Posts: 6
Re: vlan tag and HE tunnel
« Reply #4 on: September 01, 2011, 06:41:06 PM »

Good old RFC4554 says:

Quote
2.1.  IPv6 Routing over VLANs

   In a typical scenario where connectivity is to be offered to a number
   of existing IPv6 internal subnets, one IPv6 router could be deployed,
   with both an external interface and one or more internal interfaces.
   The external interface connects to the wider IPv6 internet, and may
   be dual-stack if some tunnel mechanism is used for external
   connectivity, or IPv6-only if a native external connection is
   available.

   The internal interface(s) can be connected directly to a VLAN-capable
   switch.  It is then possible to write VLAN tags on the packets sent
   from the internal router interface based on the target IPv6 link
   prefix.  The VLAN-tagged traffic is then transported across the
   internal VLAN-capable site infrastructure to the target IPv6 links
   (which may be dispersed widely across the site network).

   Where the IPv6 router is unable to VLAN-tag the packets, a protocol-
   based VLAN can be created on the VLAN-capable device connected to the
   IPv6 router, causing IPv6 traffic to be tagged and then redistributed
   on (congruent) IPv4 subnet links that lie in the same VLAN.

...thus answering my (uneducated) question. Now, the fun part - figuring out what's being filtered where. I have plenty to learn.
« Last Edit: September 01, 2011, 07:13:47 PM by Tunnelling1234 »
Logged