• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

IPv6 design question for LAB environment

Started by keamas, October 17, 2014, 01:48:24 AM

Previous topic - Next topic

keamas

Hi,
I have a design question to my IPv6 lab.
I have multiple VLANs in my environment (see this picture).



VLAN 100 = Server
VLAN 200 = DMZ
VLAN 300 = Clients
VLAN 400 = WLAN
VLAN 600 = IPv6 Internet
VLAN 700 = IPv4 Internet

if VLAN 100 has the IPv4 192.168.1.0/24 would than the IPv6 for it be 2001:470:1b0a:7a1:1111::/64
and VLAN 300 has the IPv4 192.168.3.0/24 would than the IPv6 be 2001:470:1b0a:7a1:3333::/64
and VLAN 600 has the IPv4 192.168.6.0/24 would than the IPv6 be = 2001:470:1b0a:7a1:6666::/64

????


I got this prefix from tunnelbroker 2001:470:1b0a:7a1::/64
How do I separate this correctly for my VLANS?

Can anyone please give me please an example how to subnet this for 3 VLANs for example.
Or what is the best practice for this?

A other question is:
I get every 24 hours a new IPv4 address from my provider.
Will the tunnel automatically re-established after I got a new ipv4 address from my provider ??

My Config on the Cisco Router lookes like this:

#show running-config interface tunnel0
Building configuration...

Current configuration : 226 bytes
!
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address 2001:470:1B0A:7A1::2/64
ipv6 enable
tunnel source FastEthernet0/1
tunnel mode ipv6ip
tunnel destination 216.66.80.30
end



broquea

#1
1) every time your IPv4 address changes, you MUST UPDATE the broker with this new IP, or your tunnel stops working. There are many ways of doing this, from manual, to scripting against the broker's URL API. read the forums for answers.

2) 2001:470:1b0a:7a1::/64 as you've presented, is your tunnel interface's /64 allocation. AKA your WAN interface/allocation. You want to use your ROUTED allocations for your vlans, which by default is a single /64. You can get 65k /64s by clicking the button in the broker's webUI for a /48. That will get statically routed to your side of the tunnel, and you can carve up /64s from that. Re-read the broker interface and locate the ROUTED prefix portion of your tunnel information. You'll notice in BOLD that your default routed /64 is from a different /48 than your tunnel's PtP allocation.

3) 2001:470:1b0a:7a1:1111::/64 and 2001:470:1b0a:7a1:2222::/64 etc are all in a single /64, not different /64s themselves. The first 4 'quads' are what constitute the "network" portion of a /64, and the last 4 'quads' are the "host" portion.

keamas

Hi,
2001:470:71b1::/48 Routed prefix.

When I subnet this it will look like this:
I will get multiple 64 networks. For example the first 20 networks:




s0> 2001:0470:71b1:0000::/64
s1> 2001:0470:71b1:0001::/64
s2> 2001:0470:71b1:0002::/64
s3> 2001:0470:71b1:0003::/64
s4> 2001:0470:71b1:0004::/64
s5> 2001:0470:71b1:0005::/64
s6> 2001:0470:71b1:0006::/64
s7> 2001:0470:71b1:0007::/64
s8> 2001:0470:71b1:0008::/64
s9> 2001:0470:71b1:0009::/64
s10> 2001:0470:71b1:000a::/64
s11> 2001:0470:71b1:000b::/64
s12> 2001:0470:71b1:000c::/64
s13> 2001:0470:71b1:000d::/64
s14> 2001:0470:71b1:000e::/64
s15> 2001:0470:71b1:000f::/64
s16> 2001:0470:71b1:0010::/64
s17> 2001:0470:71b1:0011::/64
s18> 2001:0470:71b1:0012::/64
s19> 2001:0470:71b1:0013::/64
s20> 2001:0470:71b1:0014::/64


Is this correct ?

broquea


keamas

hi,
one more question.

What is the best way to assign IP Addresses to all the hosts in the different VLANs.

I have a
Windows 2008 Server in VLAN 100 and the Cisco IOS Router 1841.

I would like to give the hosts
IPv6 Address, Prefix, Standard Gateway and DNS Server.

What would be the best all in one solution?

I created a DHCPv6 Scope on the Windows Server but the Clients don't get the gateway.
But I couldn't find how to create a Route Advertisment with the Windows Server for the default gateway.

What would you use in this environment?

broquea

If you want DNS information pushed out, it has to be DHCPv6 (unless you can get RDNSS working on your server and all clients). I've used routers/switches + vlan interfaces to handle the RA with M+O flags set and the bit to disable things from configuring SLAAC IPs, and then pairing it with a Win2k8r2 in that vlan acting as the DHCPv6 server (since it was providing IPv4 DHCP already). Gateway was provided as the link-local of the device providing RA which was the dedicated networking hardware.