配置IPv4 over IPv6隧道
配置IPv4 over IPv6隧道
前置任务
在配置IPv4 over IPv6隧道之前,需完成以下任务:
-
配置IPv4/IPv6双协议栈
再进行以下步骤:
配置业务环回聚合接口
配置Tunnel接口
配置Tunnel的路由
(可选)优化IPv4 over IPv6隧道的性能
检查IPv4 over IPv6隧道配置结果
配置业务环回聚合接口
背景信息
配置业务环回聚合接口时,请注意以下情况:在整个设备上只需要一个业务环回聚合接口。此处做业务环回聚合的接口必须是空闲的,没有承载业务的接口。
操作步骤
- 执行命令system-view,进入系统视图。
- 执行命令interface eth-trunk trunk-id,进入Eth-Trunk接口视图。
- 执行命令service type tunnel,指定该接口为业务环回聚合接口。
- 执行命令quit,返回系统视图。
- 执行命令interface interface-type interface-number,进入接口视图。
- 执行命令eth-trunk trunk-id,将当前接口加入到指定Eth-Trunk中。
检查配置结果
在Eth-Trunk接口视图下执行命令display this include-default,查看该Eth-Trunk接口是否配置为业务环回聚合接口。
配置Tunnel接口
背景信息
配置Tunnel接口信息包括隧道的协议类型、源地址、目的地址和隧道接口的IP地址,从而建立起一条IPv4 over IPv6隧道。
操作步骤
- 执行命令system-view,进入系统视图。
- 执行命令interface tunnel interface-number,创建Tunnel接口。
- 执行命令tunnel-protocol ipv4-ipv6,将Tunnel类型指定为IPv4 over IPv6隧道。
- 执行命令eth-trunk trunk-id,将当前接口加入到指定Eth-Trunk中。
- 执行命令source { source-ip-address | interface-type interface-number },设置Tunnel接口的源IPv6地址或源接口。
- 执行命令destination dest-ip-address,设置Tunnel接口的目的地址。
- 指定Tunnel接口的IPv4地址,选择如下方法之一:
-
执行命令ip address ip-address { mask | mask-length } [ sub ],配置Tunnel接口的IPv4地址。
-
执行命令ip address unnumbered interface interface-type interface-number,配置Tunnel接口借用IPv4地址。
-
配置Tunnel的路由
背景信息
隧道的源端设备和目的端设备上必须同时存在转发路由,这样才能保证报文的正常转发。请在隧道两端的设备上进行如下配置。
操作步骤
- 执行命令system-view,进入系统视图。
- 执行命令ip route-static ip-address { mask | mask-length } tunnel interface-number,配置静态路由。
配置静态路由时,Tunnel的两端都要配置。
(可选)优化IPv4 over IPv6隧道的性能
背景信息
以下配置用户可以选择一个或多个进行配置,来优化IPv4 over IPv6隧道的性能。
操作步骤
- 执行命令system-view,进入系统视图。
- 执行命令interface tunnel interface-number,进入Tunnel接口视图。
- 执行命令tunnel ipv4-ipv6 encapsulation-limit encapsulation-limit,指定本次IPv6封装后的报文可被再次进行多少次IPv6封装。
缺省情况下,允许IPv4-over-IPv6封装4次。
- 执行命令tunnel ipv4-ipv6 flow-label label-value,设置流量标识值。
缺省情况下,流量标识值为0。
- 执行命令tunnel ipv4-ipv6 hop-limit hop-limit,设置IPv6隧道报文跳数限制值。
缺省情况下,IPv6隧道报文跳数限制值为64。
- 执行命令tunnel ipv4-ipv6 traffic-class { original | class-value },设置流量级别。
缺省情况下,流量级别为0。
检查IPv4 over IPv6隧道配置结果
操作步骤
- 执行命令display interface tunnel [ interface-number ],查看Tunnel接口的工作状态。
- 执行命令display ip routing-table,查看路由表。
监控IPv4 over IPv6隧道运行状况
背景信息
在日常维护工作中,可以在任意视图下选择执行以下命令,了解IPv4 over IPv6隧道的运行情况。
操作步骤
- 在任意视图下执行display interface tunnel [ interface-number ]命令,查看Tunnel接口的工作状态。
配置IPv4 over IPv6隧道示例
组网需求
如图1,两个IPv4网络分别通过SwitchA和SwitchE与IPv6网络连接。IPv6网络的边界设备SwitchB和SwitchD支持IPv4和IPv6双协议栈。要求在SwitchB和SwitchD之间配置IPv4 over IPv6隧道,使这两个物理分离的IPv4网络可以互通。
图1 IPv4 over IPv6隧道组网图
配置思路
本例按如下思路进行配置:
-
配置IPv6网络。配置接口的IPv6地址和路由,使SwitchB、SwitchC和SwitchD三者之间路由互通。
-
配置IPv4网络。配置接口的IPv4地址和路由,使隧道边界设备(SwitchB和SwitchD)可以访问IPv4网络。
-
配置Tunnel接口。配置隧道接口的IPv4地址、协议类型、源接口和目的地址,使IPv4报文可以在IPv6网络中传输。
-
配置IPv4报文指向隧道的静态路由,从而使IPv4报文进入隧道。
操作步骤
配置IPv6网络
# 配置SwitchB。
system-view
[HUAWEI] sysname SwitchB
[SwitchB] ipv6
[SwitchB] vlan batch 100 200
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type hybrid
[SwitchB-GigabitEthernet0/0/2] port hybrid pvid vlan 200
[SwitchB-GigabitEthernet0/0/2] port hybrid untagged vlan 200
[SwitchB-GigabitEthernet0/0/2] quit
[SwitchB] interface vlanif 200
[SwitchB-Vlanif200] ipv6 enable
[SwitchB-Vlanif200] ipv6 address fc00:1::1 64
[SwitchB-Vlanif200] quit
[SwitchB] isis 1
[SwitchB-isis-1] network-entity 10.0000.0000.0001.00
[SwitchB-isis-1] ipv6 enable topology standard
[SwitchB-isis-1] quit
[SwitchB] interface vlanif 200
[SwitchB-Vlanif200] isis ipv6 enable 1
[SwitchB-Vlanif200] quit # 配置SwitchC。
system-view
[HUAWEI] sysname SwitchC
[SwitchC] ipv6
[SwitchC] vlan batch 100 200
[SwitchC] interface gigabitethernet 0/0/1
[SwitchC-GigabitEthernet0/0/1] port link-type hybrid
[SwitchC-GigabitEthernet0/0/1] port hybrid pvid vlan 200
[SwitchC-GigabitEthernet0/0/1] port hybrid untagged vlan 200
[SwitchC-GigabitEthernet0/0/1] quit
[SwitchC] interface gigabitethernet 0/0/2
[SwitchC-GigabitEthernet0/0/2] port link-type hybrid
[SwitchC-GigabitEthernet0/0/2] port hybrid pvid vlan 100
[SwitchC-GigabitEthernet0/0/2] port hybrid untagged vlan 100
[SwitchC-GigabitEthernet0/0/2] quit
[SwitchC] interface vlanif 200
[SwitchC-Vlanif200] ipv6 enable
[SwitchC-Vlanif200] ipv6 address fc00:1::2 64
[SwitchC-Vlanif200] quit
[SwitchC] interface vlanif 100
[SwitchC-Vlanif100] ipv6 enable
[SwitchC-Vlanif100] ipv6 address fc00:2::1 64
[SwitchC-Vlanif100] quit
[SwitchC] isis 1
[SwitchC-isis-1] network-entity 10.0000.0000.0002.00
[SwitchC-isis-1] ipv6 enable topology standard
[SwitchC-isis-1] quit
[SwitchC] interface vlanif 100
[SwitchC-Vlanif100] isis ipv6 enable 1
[SwitchC-Vlanif100] quit
[SwitchC] interface vlanif 200
[SwitchC-Vlanif200] isis ipv6 enable 1
[SwitchC-Vlanif200] quit # 配置SwitchD。
system-view
[HUAWEI] sysname SwitchD
[SwitchD] ipv6
[SwitchD] vlan batch 100 200
[SwitchD] interface gigabitethernet 0/0/1
[SwitchD-GigabitEthernet0/0/1] port link-type hybrid
[SwitchD-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[SwitchD-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[SwitchD-GigabitEthernet0/0/1] quit
[SwitchD] interface vlanif 100
[SwitchD-Vlanif100] ipv6 enable
[SwitchD-Vlanif100] ipv6 address fc00:2::2 64
[SwitchD-Vlanif100] quit
[SwitchD] isis 1
[SwitchD-isis-1] network-entity 10.0000.0000.0003.00
[SwitchD-isis-1] ipv6 enable topology standard
[SwitchD-isis-1] quit
[SwitchD] interface vlanif 100
[SwitchD-Vlanif100] isis ipv6 enable 1
[SwitchD-Vlanif100] quit 配置IPv4网络
# 配置SwitchA。
system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 100
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type hybrid
[SwitchA-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] ip address 10.1.2.2 30
[SwitchA-Vlanif100] quit
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
[SwitchA] ip route-static 10.1.3.2 255.255.255.252 vlanif 100 10.1.2.1 # 配置SwitchB。
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type hybrid
[SwitchB-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[SwitchB-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] ip address 10.1.2.1 30
[SwitchB-Vlanif100] quit
[SwitchB] ospf 1
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit# 配置SwitchD。
[SwitchD] interface gigabitethernet 0/0/2
[SwitchD-GigabitEthernet0/0/2] port link-type hybrid
[SwitchD-GigabitEthernet0/0/2] port hybrid pvid vlan 200
[SwitchD-GigabitEthernet0/0/2] port hybrid untagged vlan 200
[SwitchD-GigabitEthernet0/0/2] quit
[SwitchD] interface vlanif 200
[SwitchD-Vlanif200] ip address 10.1.3.1 30
[SwitchD-Vlanif200] quit
[SwitchD] ospf 1
[SwitchD-ospf-1] area 0
[SwitchD-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.3
[SwitchD-ospf-1-area-0.0.0.0] quit
[SwitchD-ospf-1] quit# 配置SwitchE。
system-view
[HUAWEI] sysname SwitchE
[SwitchE] vlan batch 200
[SwitchE] interface gigabitethernet 0/0/1
[SwitchE-GigabitEthernet0/0/1] port link-type hybrid
[SwitchE-GigabitEthernet0/0/1] port hybrid pvid vlan 200
[SwitchE-GigabitEthernet0/0/1] port hybrid untagged vlan 200
[SwitchE-GigabitEthernet0/0/1] quit
[SwitchE] interface vlanif 200
[SwitchE-Vlanif200] ip address 10.1.3.2 30
[SwitchE-Vlanif200] quit
[SwitchE] ospf 1
[SwitchE-ospf-1] area 0
[SwitchE-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.3
[SwitchE-ospf-1-area-0.0.0.0] quit
[SwitchE-ospf-1] quit
[SwitchE] ip route-static 10.1.2.2 255.255.255.252 vlanif 200 10.1.3.1 配置业务环回聚合接口
此处做业务环回聚合的接口必须是空闲的,没有承载业务的接口。
在Eth-Trunk接口上使能业务环回功能后,加入Eth-Trunk中的物理接口必须处于UP状态,否则Tunnel接口的链路层协议将无法正常运行。
# 配置SwitchB。
[SwitchB] interface eth-trunk 1
[SwitchB-Eth-Trunk1] service type tunnel
[SwitchB-Eth-Trunk1] quit
[SwitchB] interface gigabitethernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] eth-trunk 1
[SwitchB-GigabitEthernet0/0/3] quit# 配置SwitchD。
[SwitchD] interface eth-trunk 1
[SwitchD-Eth-Trunk1] service type tunnel
[SwitchD-Eth-Trunk1] quit
[SwitchD] interface gigabitethernet 0/0/3
[SwitchD-GigabitEthernet0/0/3] eth-trunk 1
[SwitchD-GigabitEthernet0/0/3] quit配置Tunnel接口
# 配置SwitchB。
[SwitchB] interface tunnel 2
[SwitchB-Tunnel2] tunnel-protocol ipv4-ipv6
[SwitchB-Tunnel2] ip address 10.1.1.1 30
[SwitchB-Tunnel2] eth-trunk 1
[SwitchB-Tunnel2] source vlanif 200
[SwitchB-Tunnel2] destination fc00:2::2
[SwitchB-Tunnel2] quit# 配置SwitchD。
[SwitchD] interface tunnel 1
[SwitchD-Tunnel1] tunnel-protocol ipv4-ipv6
[SwitchD-Tunnel1] ip address 10.1.1.2 30
[SwitchD-Tunnel1] eth-trunk 1
[SwitchD-Tunnel1] source vlanif 100
[SwitchD-Tunnel1] destination fc00:1::1
[SwitchD-Tunnel1] quit配置IPv4报文指向隧道的静态路由
# 配置SwitchB。
[SwitchB] ip route-static 10.1.3.2 255.255.255.252 tunnel 2# 配置SwitchD。
[SwitchD] ip route-static 10.1.2.2 255.255.255.252 tunnel 1检查配置结果。
完成上述配置后,在SwitchB和SwitchD上查看隧道接口,可看到隧道接口的协议状态为UP。
[SwitchB] display interface tunnel 2
Tunnel2 current state : UP
Line protocol current state : UP
Last line protocol up time : 2014-12-24 17:03:42
Description:
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 10.1.1.1/30
Encapsulation is TUNNEL6, loopback not set
Tunnel protocol/transport (IPv6 or IPv4) over IPv6
Tunnel Source FC00:1::1 (Vlanif200)
Tunnel Destination FC00:2::2
Tunnel Encapsulation limit 4
Tunnel Traffic class not set
Tunnel Flow label not set
Tunnel Hop limit 64
Current system time: 2014-12-24 17:04:18
Input bandwidth utilization : 0%
Output bandwidth utilization : 0%SwitchA上ping SwitchE的VLANIF200接口,可以收到返回的报文。
[SwitchA] ping 10.1.3.2
PING 10.1.3.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.3.2: bytes=56 Sequence=1 ttl=254 time=20 ms
Reply from 10.1.3.2: bytes=56 Sequence=2 ttl=254 time=1 ms
Reply from 10.1.3.2: bytes=56 Sequence=3 ttl=254 time=1 ms
Reply from 10.1.3.2: bytes=56 Sequence=4 ttl=254 time=1 ms
Reply from 10.1.3.2: bytes=56 Sequence=5 ttl=254 time=1 ms
--- 10.1.3.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/4/20 ms配置文件
-
SwitchA的配置文件
#
sysname SwitchA
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.2.2 255.255.255.252
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ospf 1
area 0.0.0.0
network 10.1.2.0 0.0.0.3
#
ip route-static 10.1.3.0 255.255.255.252 Vlanif100 10.1.2.1
#
return-
SwitchB的配置文件
#
sysname SwitchB
#
ipv6
#
vlan batch 100 200
#
isis 1
network-entity 10.0000.0000.0001.00
#
ipv6 enable topology standard
#
#
interface Vlanif100
ip address 10.1.2.1 255.255.255.252
#
interface Vlanif200
ipv6 enable
ipv6 address FC00:1::1/64
isis ipv6 enable 1
#
interface Eth-Trunk1
service type tunnel
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface Tunnel2
ip address 10.1.1.1 255.255.255.252
tunnel-protocol ipv4-ipv6
source Vlanif200
destination FC00:2::2
eth-trunk 1
#
ospf 1
area 0.0.0.0
network 10.1.2.0 0.0.0.3
#
ip route-static 10.1.3.0 255.255.255.252 Tunnel2
#
return-
SwitchC的配置文件
#
sysname SwitchC
#
ipv6
#
vlan batch 100 200
#
isis 1
network-entity 10.0000.0000.0002.00
#
ipv6 enable topology standard
#
#
interface Vlanif100
ipv6 enable
ipv6 address FC00:2::1/64
isis ipv6 enable 1
#
interface Vlanif200
ipv6 enable
ipv6 address FC00:1::2/64
isis ipv6 enable 1
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
return-
SwitchD的配置文件
#
sysname SwitchD
#
ipv6
#
vlan batch 100 200
#
isis 1
network-entity 10.0000.0000.0003.00
#
ipv6 enable topology standard
#
#
interface Vlanif100
ipv6 enable
ipv6 address FC00:2::2/64
isis ipv6 enable 1
#
interface Vlanif200
ip address 10.1.3.1 255.255.255.252
#
interface Eth-Trunk1
service type tunnel
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/2
port link-type hybrid
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/3
eth-trunk 1
#
interface Tunnel1
ip address 10.1.1.2 255.255.255.252
tunnel-protocol ipv4-ipv6
source Vlanif100
destination FC00:1::1
eth-trunk 1
#
ospf 1
area 0.0.0.0
network 10.1.3.0 0.0.0.3
#
ip route-static 10.1.2.0 255.255.255.252 Tunnel1
#
return-
SwitchE的配置文件
#
sysname SwitchE
#
vlan batch 200
#
interface Vlanif200
ip address 10.1.3.2 255.255.255.252
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
ospf 1
area 0.0.0.0
network 10.1.3.0 0.0.0.3
#
ip route-static 10.1.2.0 255.255.255.252 Vlanif200 10.1.3.1
#
return