• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

LAB IPv6 behind ISP router (DUAL STACK - CISCO)

Started by poupon, October 01, 2011, 08:57:38 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

poupon

October 01, 2011, 08:57:38 AM Last Edit: October 07, 2011, 07:10:07 AM by poupon
Hello all,

I'va tested the tunnel broker to my PC (windows vista) and it work fine.

Now i'll try to install a router cisco (1721 IOS 12.4), this one will deserve an IPv6 network lab.

Topology :

                  |---------|               |----------|                                |--------------|
  ( HE ).....|   WEB     |........... | ISP BOX | ......!Switch!...... | CISCO Router |........ !Switch!.........( PC )  
                   |---------|               |----------|                                |--------------|
IPv6                  IPv4 Public        _NAT_         IPv4 Private                                     IPv6

    <=================TUNNEL=================>


I've seen that it's possible with a static ISP IPv4 but mine isn't (but it can be change on HE site).

I think to use a "routed /48" but i don't know how to configure.

But first, do you think it's possible ?

FP

cholzhauer

#1
October 01, 2011, 09:28:01 AM
I guess I'm not sure what your question is.

If you're asking if you can create a tunnel with a dynamic endpoint, the answer is yes, you can.

I can't tell if you're behind a NAT or not, but if you are, remember to use the public IP address when you enter the commands on the router

poupon

#2
October 01, 2011, 05:36:36 PM Last Edit: October 01, 2011, 05:49:04 PM by poupon
I'm not clear, sorry.

I complete the topology.

The ISP BOX have IPv4 public address (dynamic - 83.134.x.y) and IPv4 private address (192.168.1.0)
I'm behind NAT.

The CISCO Router have a IPv4 private address (static -192.168.1.z).


Is it possible ?
First Step : i will configure the CISCO router a tunnel  with /64 prefix (like i do with windows)
Second Step: i will configure a tunnel /48 prefix, the goal is to have multiple network /52


cholzhauer

#3
October 03, 2011, 05:58:08 AM
Sure, you can do both of your steps

You just need to make sure that your ISP box is passing protocol41 to your cisco router and when you create the tunnel on your router, you use 192.168.1.z in place of your public IP address

poupon

#4
October 06, 2011, 11:14:47 AM Last Edit: October 06, 2011, 01:16:37 PM by poupon
Hello,

I've configured my cisco router (1721 - IOS 12.4) for IPv6.

Here is the config.

Quote
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R6in4
!
!
no aaa new-model
ip cef
!
ip name-server 2620:0:CCC::2
ip name-server 2620:0:CCD::2
!
ipv6 unicast-routing
ipv6 dhcp pool LAN2
dns-server 2620:0:CCC::2
dns-server 2001:470:20::2
!
!
interface Tunnel0
description HE IPV6 TUNNEL BROKER
no ip address
ipv6 address 2001:470:1F08:1570::2/64
ipv6 enable
tunnel source 192.168.1.48
tunnel destination 216.66.80.26
tunnel mode ipv6ip
!
interface Ethernet0
description LAN1toBOX IPV4
ip address 192.168.1.48 255.255.255.0
half-duplex
!
interface FastEthernet0
description LAN2 IPV6
no ip address
speed auto
ipv6 address 2001:470:6839:1::1/64
ipv6 enable
ipv6 nd other-config-flag
ipv6 dhcp server LAN2
!
interface Serial0
no ip address
shutdown
no fair-queue
!
interface Serial1
no ip address
shutdown
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Ethernet0
!
!
ipv6 route 2001:470:6839::/48 Ethernet0
ipv6 route ::/0 Tunnel0
!
!
end


It works...

But i have some disconnection, it seams that i have no connectivity between the client and server ipv6 tunnel.

Is there something else to configure ?


cholzhauer

#5
October 06, 2011, 11:16:56 AM
please re-post without the IPv6 z'd out

poupon

#6
October 06, 2011, 11:29:32 AM Last Edit: October 06, 2011, 11:32:53 AM by poupon
Repost done.

Test :
when i ping from another PC using IPv6 1 can ping 2001:470:1F08:1570::1 (server) but not my 2001:470:1F08:1570::2 (client)

I have change with another BOX but it 's the same...

cholzhauer

#7
October 06, 2011, 11:33:25 AM
You're routing your entire /48 to Ethernet0, but you haven't configured an IPv6 address on there.  I see you have an address on FE0, but I don't know which interface is connected to your LAN.

poupon

#8
October 06, 2011, 11:42:22 AM Last Edit: October 06, 2011, 12:01:39 PM by poupon
Right i've changed the route:
ipv6 route 2001:470:6839::/48 FastEthernet0
But all other traffic is routed to Eth0 = Tunnel0

Topology :

                  |---------|               |----------|                                |--------------|
  ( HE ).....|   WEB     |........... | ISP BOX | ......!Switch!...... | CISCO Router |........ !Switch!.........( PC )  
                   |---------|               |----------|                                |--------------|
                                                                                 ETH0=TUN0           FAST0
IPv6                  IPv4 Public        _NAT_         IPv4 Private                                     IPv6

    <===============TUNNEL===============>

poupon

#9
October 06, 2011, 01:40:27 PM Last Edit: October 06, 2011, 01:44:37 PM by poupon
Well, i decide to recreate the tunnel on my pc (win vista) and this one WORKS !

I don't know why it doesn't work anymore with the CISCO router ??


Is there a mistake in config ??

k1mu

#10
October 07, 2011, 04:57:25 AM
Quote from: poupon on October 06, 2011, 11:29:32 AM
Repost done.

Test :
when i ping from another PC using IPv6 1 can ping 2001:470:1F08:1570::1 (server) but not my 2001:470:1F08:1570::2 (client)

I have change with another BOX but it 's the same...

Your configuration shows tunnel0 as having ipv6 address 2001:470:1F08:1570::2 - that's why you can't reach that client, it needs a different unique address.

poupon

#11
October 07, 2011, 07:07:35 AM Last Edit: October 08, 2011, 07:21:01 AM by poupon
In fact, the tunnel created was always connected to my my PC when i powered-on it  before the router (=> mistake)  :'(

So, i change all the configuration and create new tunnel.
I also decided to configure DUAL STACK.

Now it works since 2hr.  ;D

Here is the configuration of the CISCO :

Quote

Router DUAL STACK + TUNNEL IPv6 Huricane Electric (Ethhernet0 - Tunnel0) + Routed / 48 (FastEthernet0)
-------------------------------------------------------------------------------------------------------------------------

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R6in4
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxx
enable password xxxx
!
no aaa new-model
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.65 192.168.1.69
!
ip dhcp pool LAN2v4
  network 192.168.1.64 255.255.255.192
  dns-server 192.168.1.1
  default-router 192.168.1.65
!
!
ip name-server 2620:0:CCC::2
ip name-server 2620:0:CCD::2
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
ipv6 unicast-routing
ipv6 dhcp pool LAN2
dns-server 2620:0:CCC::2
dns-server 2001:470:20::2
!
username xxxx privilege 15 password xxxxx
!
interface Tunnel0
description HE IPV6 TUNNEL BROKER
no ip address
ipv6 address 2001:470:1F14:FB1::2/64
ipv6 enable
tunnel source 192.168.1.48
tunnel destination 216.66.84.46
tunnel mode ipv6ip
!
interface Ethernet0
description LAN1toBOX IPV4
ip address 192.168.1.48 255.255.255.192
half-duplex
!
interface FastEthernet0
description LAN2 IPV6
ip address 192.168.1.65 255.255.255.192
speed auto
ipv6 address 2001:470:xxxx::1/64
ipv6 enable
ipv6 nd other-config-flag
ipv6 dhcp server LAN2
!
interface Serial0
no ip address
shutdown
no fair-queue
!
interface Serial1
no ip address
shutdown
!
router rip
version 2
network 192.168.1.0
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
ipv6 route 2001:470:xxxx::/48 FastEthernet0
ipv6 route ::/0 Tunnel0
!
!
end

Here is a connectivity test from another tunnel broker, in fact i ping and tracert my FastEthernet IPv6 address :


Quote

C:\>ping 2001:470:xxxx::1

Envoi d'une requête 'Ping'  2001:470:xxxx::1 avec 32 octets de données :
Réponse de 2001:470:xxxx::1 : temps=80 ms
Réponse de 2001:470:xxxx::1 : temps=78 ms
Réponse de 2001:470:xxxx::1 : temps=79 ms
Réponse de 2001:470:xxxx::1 : temps=90 ms

Statistiques Ping pour 2001:470:xxxx::1:
   Paquets : envoyés = 4, reçus = 4, perdus = 0 (perte 0%),
Durée approximative des boucles en millisecondes :
   Minimum = 78ms, Maximum = 90ms, Moyenne = 81ms

C:\>tracert 2001:470:xxxx::1

Détermination de l'itinéraire vers 2001:470:xxxx::1 avec un maximum de 30 sauts.

 1    38 ms    38 ms    37 ms  2001:5c0:1400:b::2
 2    37 ms    37 ms    37 ms  ve8.ipv6.colo-rx4.eweka.nl [2001:4de0:1000:a22::1]
 3    41 ms    37 ms    42 ms  9-1.ipv6.r2.am.hwng.net [2001:4de0:a::1]
 4    61 ms    56 ms    67 ms  20gigabitethernet1-3.core1.ams1.ipv6.he.net [2001:7f8:1::a500:693
:1]
 5    47 ms    44 ms    46 ms  gige-gbge0.tserv11.ams1.ipv6.he.net [2001:470:0:7d::2]
 6    81 ms    87 ms    79 ms  2001:470:xxxx::1

Itinéraire déterminé.




Next step : join a http site on the lab IPv6.


Thank for your answers.




poupon

#12
October 07, 2011, 08:30:57 AM
WEB site done with IIS on the pc client (windows 7).

Very simple to install. Ready for IPv6.

i just have a direct access through 2 differents tunnels broker, NO NEED of NAT and PORT FORWARDING.
Print
Go Up Pages1
User actions