IPv6介绍

一、IPv6编址

1、基础

 IPv6地址有128位，将这128位分成8组，每组16位，中间用:隔开；第一个地址为全0，最后一个地址为全12

每一组都用16进制表示，范围是0000-----FFFF

 2、简写规则

  3、IPv6地址空间分类

整个IPv6地址空间
128位中的第一组(高16位)	16进制表示	备注
0000 0000 xxxx  xxxx	0000-00FF	保留、环回、兼容地址
0000 0001 xxxx  xxxx	0100-01FF	未定义用途
0000 001x xxxx  xxxx	0200-03FF	未定义用途
0000 01xx xxxx  xxxx	0400-07FF	未定义用途
0000 1xxx xxxx  xxxx	0800-0FFF	未定义用途
0001 xxxx xxxx  xxxx	1000-1FFF	未定义用途
001x xxxx xxxx  xxxx	2000-3FFF	全球可聚合单播地址
01xx  xxxx xxxx xxxx	4000-7FFF	未定义用途
10xx  xxxx xxxx xxxx	8000-BFFF	未定义用途
110x xxxx xxxx xxxx	C000-DFFF	未定义用途
1110 xxxx xxxx xxxx	E000-EFFF	未定义用途
1111 0xxx xxxx xxxx	F000-F7FF	未定义用途
1111 10xx xxxx xxxx	F800-FBFF	未定义用途
1111 110x xxxx xxxx	FC00-FDFF	唯一本地地址(私网地址)
1111 1110 0xxx xxxx	FE00-FE7F	未定义用途
1111 1110 10xx xxxx	FE80-FEBF	链路本地地址
1111 1110 11xx xxxx	FEC0-FEFF	站点本地地址(已废止)
1111 1111 xxxx xxxx	FF00-FFFF	组播

最重要三类地址:全球可聚合单播地址(类似IPv4中的公网地址)、链路本地地址以及组播

4、单播地址构成

链路本地地址(Link-local address):用于自动地址配置、邻居发现、路由器发现等。
节点启用IPv6后，会自动生成Link-local address地址: FE80:0:0:0:接口ID或FE80::接口ID

5、组播地址构成

 6、组播MAC地址构成

 

 7、常用组播地址

IPv4定义组播地址	IPv6定义组播地址	备注	组播mac地址
节点本地范围
224.0.0.1	FF01::1	所有节点	33:33:0:0:0:1
224.0.0.2	FF01::2	所有路由器	33:33:0:0:0:2
链路本地范围
224.0.0.1	FF02::1	所有节点	33:33:0:0:0:1
224.0.0.2	FF02::2	所有路由器	33:33:0:0:0:2
224.0.0.5	FF02::5	所有OSPF路由器	33:33:0:0:0:5
224.0.0.6	FF02::6	所有OSPF DR路由器	33:33:0:0:0:6
224.0.0.9	FF02::9	所有RIP路由器	33:33:0:0:0:9
224.0.0.13	FF02::D	所有PIM路由器	33:33:0:0:0:D
站点本地范围
224.0.0.2	FF05::2	所有路由器	33:33:0:0:0:2

8、特殊组播地址-被请求节点组播地址(主要用于重复地址检测（DAD）和替代IPv4中的ARP)

 每一个单播地址都有相对应的被请求节点组播地址。被请求节点组播地址前104为被固定，后24位为单播地址的后24位。被请求节点组播MAC地址前24位固定33:33:FF，24位为单播地址的后24位。

二、IPv6节点

 三、ICMPv6协议

四、IPv6地址配置方法

五、NDP邻居发现协议

 

 1、地址解析-通过邻居请求（NS）和邻居通告（NA）报文来解析三层地址对应的链路层地址。
(IPv6中没有广播，没有ARP)

B、PC_A与PC_B正常通信

C、PC_A与PC_C、PC_B与PC_C之间通信过程与上一致

  2、无状态自动配置-地址前缀公告

PC_A、PC_B、PC_C获取路由前缀途径1: PC_A、PC_B、PC_C分别发送RS报文，，Router回应RA报文

PC_A、PC_B、PC_C获取路由前缀途径2: Router周期性发送RA报文，无需接收到RS报文

 

路由器通告路由前缀的前提：

1、接口启用IPv6

2、接口配置了唯一本地地址或者全球可聚合单播地址

路由器通告路由前缀信息：

1、路由前缀长度默认是64位

2、路由前缀的有效期限

preferred lifetime:能主动访问，也能被动接受访问

Valid lifetime： 在preferred lifetime之外，Valid lifetime有效期内只能被动接受访问

 3、提供给节点的网关为路由器接口的本地链路地址，非接口唯一本地地址或者全球可聚合单播地址

   2、无状态自动配置-地址重复检测DAD

 

---

节点启动时：

A、PC_A、PC_B和PC_C节点启动后，自动生成链路本地地址

PC_A:FE80::0323:45FF:FE67:89AA

PC_B:FE80::0323:45FF:FE67:89BB

PC_C:FE80::0323:45FF:FE67:89CC

B、在完成对链路本地地址DAD检测前，链路本地地址不能进行通信

C、DAD检测(三台主机分别发送NS报文)

     PC_A发送NS报文，请求FE80::0323:45FF:FE67:89AA的MAC地址，如果收到NA报文，表明该地址已经被使用了；没有收到任何回应，则表明PC_A可以使用FE80::0323:45FF:FE67:89AA地址，DAD检测通过

D、三台主机分别发送NS报文，均没有收到NA报文后，分别发送NA组播报文，宣告自己的IP地址(组播地址为FF02:1----本链路范围所有节点)

---

节点获取前缀后：

A、PC_A、PC_B和PC_C节点获取前缀2008::/64后，构造可聚合单播地址

B、在完成对可聚合单播地址DAD检测前，可聚合单播地址不能进行通信

C、DAD检测(三台主机分别发送NS报文)

     PC_A发送NS报文，请求2008::0323:45FF:FE67:89AA的MAC地址 ,如果收到NA报文，表明该地址已经被使用了；没有收到任何回应，则表明PC_A可以使用2008::0323:45FF:FE67:89AA地址，DAD检测通过

  D、三台主机分别发送NS报文，均没有收到NA报文后，分别发送NA组播报文，宣告自己的IP地址(组播地址为FF02:1----本链路范围所有节点)

2、无状态自动配置-前缀重新编址

  3、路由重定向

 

A、PC_A上到2012::FFFF/64的路由，设置RouterB为下一跳

B、 RouterB上到2012::FFFF/64的路由，设置RouterA为下一跳

C、 RouterB发送一个ICMPv6 Type=137的重定向报文给PC_A,

去往2012::FFFF/64，应该将数据包发送给RouterA

D、 PC_A收到RouterB发来的重定向报文后，设置RouterA为到目的地址2012::FFFF/64的下一跳

4、邻居状态跟踪

 六、IPv4到IPv6过渡技术

 

  七、实验

实验一、无状态自动配置(地址前缀公告、地址重复检测DAD)

RouterA: ipv6 nd ra suppress //路由器不主动发送RA,只有接收到RS报文时才发送RA

可聚合单播地址：2012::FFFF/64

e0/0接口MAC:ca04.2cd5.0006

linklocal地址：FE80::C804:2CFF:FED5:6

组播地址：FF021   FF02:2

被请求节点组播：FF021:FF00:FFFF

被请求节点组播：FF02::1:FFD5:6

组播MAC：3333:FF00:FFFF  /3333:FFD5:0006

RouterB: ipv6 nd ra suppress //路由器不主动发送RA,只有接收到RS报文时才发送RA

可聚合单播地址：2112::FFFF/64

e0/0接口MAC:ca03.2e25.0006

linklocal地址：FE80:C803:2EFF:FE25:6

组播地址：FF02:1   FF02:2

被请求节点组播：FF02:1:FF00:FFFF

被请求节点组播：FF021:FF25:6

组播MAC：3333:FF00:FFFF               3333:FF25:0006

Client1: ipv6 address autoconfig default

e0/0接口MAC:ca01.7434.0006

linklocal地址:FE80:C801:74FF:FE34:6

组播地址：FF021

被请求节点组播：FF02::1:FF34:6

组播MAC:3333-FF34-0006

Client2: ipv6 address autoconfig default

e0/0接口MAC:ca05.7564.0006

linklocal地址:FE80:C805:75FF:FE64:6

组播地址：FF02:1

被请求节点组播：FF02::1:FF64:6

组播MAC:3333-FF64-0006

---

 client1和client2获取路由器前缀过程：(以client1为例)

1、client1基本信息

e0/0接口MAC:ca01.7434.0006

linklocal地址:FE80:C801:74FF:FE34:6

组播地址：FF021

被请求节点组播：FF02::1:FF34:6

组播MAC:3333-FF34-0006

2、DAD检测-针对linklocal地址

client1发送NS报文请求linklocal地址FE80:C801:74FF:FE34:6的MAC地址

 

 3、如果链路上有节点使用该地址，会发送NA报文回应；client1没有收到NA报文，然后发送组播报文NA，宣告自己使用该地址FE80:C801:74FF:FE34:6,DAD检测完成

 4、client1发送RS报文请求路由器前缀

目的地址为FF02::2,本链路范围所有路由器组播地址

 5、RouterA收到RS报文后发送RA单播报文回应client1

路由器A分配给的前缀是2012::/64，同时还有两个lifetime-valid和preferred 

 6、client1收到RouterA的RA报文后，做DAD检测(发送NS报文)

 用路由器A给的前缀构造IPv6地址2012:C801:74FF:FE34:6后，也要对该地址做DAD检测.

client1没有收到NA报文，然后发送组播报文NA，宣告自己使用该地址2012::C801:74FF:FE34:6,DAD检测完成。

 7、client1发送RS报文请求路由器前缀

目的地址为FF02::2,本链路范围所有路由器组播地址，除了RouterA收到RS请求然后给cilent1发送RA报文外，RouterB也收到client1发出的RS请求报文

 8、RouterB发送RA单播报文回应client1

9、client1收到RouterB的RA报文后，做DAD检测(发送NS报文) 

10、client1发送NA报文，通告自己使用的单播地址2112::C801:74FF:FE34:6 

 

 

 11、完成DAD检测后，可用单播地址通信

client1获取地址如下:

路由如下：

client2获取地址如下:

路由如下：

---

 实验二、无状态自动配置(前缀重新编址)

修改RouterB的前缀Valid lifetime和preferred lifetime:

int e0/0

ipv6 add 2222::/64

ipv6 nd prefix 2112::/64  30  15

ipv6 nd prefix 2222::/64  43200  43200

ipv6 nd ra suppress

修改前client1：do show ipv int e0/0

 

修改后client1：do show ipv int e0/0

2112前缀地址已经不能发起链接了，只能被动接收请求；等Valid lifetime计时为0，该前缀将彻底失效。

---

实验三、地址解析

client1与client2通信，需要知道client2的MAC地址

client1只有RouterA和RouterB的MAC

现在从client1上ping client2:

ping  FE80::C805:75FF:FE64:6

client1先发送NS组播报文 ，请求FE80::C805:75FF:FE64:6的MAC地址

 client1接收NA报文

 

 

 

 

查看邻居状态

 

---

实验四、邻居状态跟踪

 

debug ipv6 icmp

debug ipv6 nd

Client1#show ipv neighbors

IPv6 Address                              Age Link-layer Addr State Interface

FE80::C803:2EFF:FE25:6                    130 ca03.2e25.0006  STALE Et0/0

FE80::C804:2CFF:FED5:6                    130 ca04.2cd5.0006  STALE Et0/0

Client1#ping 2012::FFFE  repeat   1

Type escape sequence to abort.

Sending 1, 100-byte ICMP Echos to 2012::FFFE, timeout is 2 seconds:

!

Success rate is 100 percent (1/1), round-trip min/avg/max = 88/88/88 ms

Client1#

*Mar 25 21:25:07.361: ICMPv6: Sent echo request, Src=2012::C801:74FF:FE34:6, Dst=2012::FFFE

*Mar 25 21:25:07.361: ICMPv6-ND: DELETE -> INCMP: 2012::FFFE

*Mar 25 21:25:07.365: ICMPv6-ND: Sending NS for 2012::FFFE on Ethernet0/0

*Mar 25 21:25:07.365: ICMPv6-ND: Resolving next hop 2012::FFFE on interface Ethernet0/0

*Mar 25 21:25:07.369: ICMPv6: Sent N-Solicit, Src=2012::C801:74FF:FE34:6, Dst=FF02::1:FF00:FFFE

*Mar 25 21:25:07.413: ICMPv6: Received N-Advert, Src=2012::FFFE, Dst=2012::C801:74FF:FE34:6

*Mar 25 21:25:07.413: ICMPv6-ND: Received NA for 2012::FFFE on Ethernet0/0 from 2012::FFFE

*Mar 25 21:25:07.417: ICMPv6-ND: Neighbour 2012::FFFE on Ethernet0/0 : LLA ca03.2e25.0006

*Mar 25 21:25:07.417: ICMPv6-ND: INCMP -> REACH: 2012::FFFE

*Mar 25 21:25:07.453: ICMPv6: Received echo reply, Src=2012::FFFE, Dst=2012::C801:74FF:FE34:6

*Mar 25 21:25:12.493: ICMPv6-ND: STALE -> DELAY: FE80::C803:2EFF:FE25:6

*Mar 25 21:25:17.537: ICMPv6-ND: DELAY -> PROBE: FE80::C803:2EFF:FE25:6

*Mar 25 21:25:17.537: ICMPv6-ND: Sending NS for FE80::C803:2EFF:FE25:6 on Ethernet0/0

*Mar 25 21:25:17.541: ICMPv6: Sent N-Solicit, Src=FE80::C801:74FF:FE34:6, Dst=FE80::C803:2EFF:FE25:6

*Mar 25 21:25:17.565: ICMPv6: Received N-Advert, Src=FE80::C803:2EFF:FE25:6, Dst=FE80::C801:74FF:FE34:6

*Mar 25 21:25:17.565: ICMPv6-ND: Received NA for FE80::C803:2EFF:FE25:6 on Ethernet0/0 from FE80::C803:2EFF:FE25:6

*Mar 25 21:25:17.565: ICMPv6-ND: PROBE -> REACH: FE80::C803:2EFF:FE25:6

Client1#show ipv neighbors        

IPv6 Address                              Age Link-layer Addr State Interface

FE80::C803:2EFF:FE25:6                      0 ca03.2e25.0006  REACH Et0/0

FE80::C804:2CFF:FED5:6                    131 ca04.2cd5.0006  STALE Et0/0

2012::FFFE                                  0 ca03.2e25.0006  REACH Et0/0

*Mar 25 21:25:37.517: ICMPv6-ND: REACH -> STALE: 2012::FFFE

*Mar 25 21:25:47.629: ICMPv6-ND: REACH -> STALE: FE80::C803:2EFF:FE25:6

Client1#show ipv neighbors

IPv6 Address                              Age Link-layer Addr State Interface

FE80::C803:2EFF:FE25:6                      0 ca03.2e25.0006  STALE Et0/0

FE80::C804:2CFF:FED5:6                    131 ca04.2cd5.0006  STALE Et0/0

2012::FFFE                                  0 ca03.2e25.0006  STALE Et0/0

Client1#ping 2012::FFFE  repeat   1

Type escape sequence to abort.

Sending 1, 100-byte ICMP Echos to 2012::FFFE, timeout is 2 seconds:

!

Success rate is 100 percent (1/1), round-trip min/avg/max = 8/8/8 ms

Client1#

*Mar 25 21:26:02.197: ICMPv6: Sent echo request, Src=2012::C801:74FF:FE34:6, Dst=2012::FFFE

*Mar 25 21:26:02.201: ICMPv6-ND: STALE -> DELAY: 2012::FFFE

*Mar 25 21:26:02.209: ICMPv6: Received echo reply, Src=2012::FFFE, Dst=2012::C801:74FF:FE34:6

*Mar 25 21:26:02.213: ICMPv6-ND: ULP indication 2012::FFFE/Ethernet0/0

*Mar 25 21:26:02.213: ICMPv6-ND: DELAY -> REACH: 2012::FFFE

*Mar 25 21:26:07.245: ICMPv6: Received N-Solicit, Src=FE80::C803:2EFF:FE25:6, Dst=2012::C801:74FF:FE34:6

*Mar 25 21:26:07.249: ICMPv6-ND: Received NS for 2012::C801:74FF:FE34:6 on Ethernet0/0 from FE80::C803:2EFF:FE25:6

*Mar 25 21:26:07.249: ICMPv6-ND: Sending NA for 2012::C801:74FF:FE34:6 on Ethernet0/0

*Mar 25 21:26:07.253: ICMPv6: Sent N-Advert, Src=2012::C801:74FF:FE34:6, Dst=FE80::C803:2EFF:FE25:6

*Mar 25 21:26:07.253: ICMPv6-ND: STALE -> DELAY: FE80::C803:2EFF:FE25:6

*Mar 25 21:26:12.325: ICMPv6-ND: DELAY -> PROBE: FE80::C803:2EFF:FE25:6

*Mar 25 21:26:12.325: ICMPv6-ND: Sending NS for FE80::C803:2EFF:FE25:6 on Ethernet0/0

*Mar 25 21:26:12.325: ICMPv6: Sent N-Solicit, Src=FE80::C801:74FF:FE34:6, Dst=FE80::C803:2EFF:FE25:6

*Mar 25 21:26:12.333: ICMPv6: Received N-Advert, Src=FE80::C803:2EFF:FE25:6, Dst=FE80::C801:74FF:FE34:6

*Mar 25 21:26:12.337: ICMPv6-ND: Received NA for FE80::C803:2EFF:FE25:6 on Ethernet0/0 from FE80::C803:2EFF:FE25:6

*Mar 25 21:26:12.341: ICMPv6-ND: PROBE -> REACH: FE80::C803:2EFF:FE25:6

*Mar 25 21:26:17.397: ICMPv6: Received N-Solicit, Src=FE80::C803:2EFF:FE25:6, Dst=FE80::C801:74FF:FE34:6

*Mar 25 21:26:17.397: ICMPv6-ND: Received NS for FE80::C801:74FF:FE34:6 on Ethernet0/0 from FE80::C803:2EFF:FE25:6

*Mar 25 21:26:17.397: ICMPv6-ND: Sending NA for FE80::C801:74FF:FE34:6 on Ethernet0/0

*Mar 25 21:26:17.401: ICMPv6: Sent N-Advert, Src=FE80::C801:74FF:FE34:6, Dst=FE80::C803:2EFF:FE25:6

Client1#show ipv neighbors        

IPv6 Address                              Age Link-layer Addr State Interface

FE80::C803:2EFF:FE25:6                      0 ca03.2e25.0006  REACH Et0/0

FE80::C804:2CFF:FED5:6                    132 ca04.2cd5.0006  STALE Et0/0

2012::FFFE                                  0 ca03.2e25.0006  REACH Et0/0

*Mar 25 21:26:32.225: ICMPv6-ND: REACH -> STALE: 2012::FFFE

*Mar 25 21:26:42.417: ICMPv6-ND: REACH -> STALE: FE80::C803:2EFF:FE25:6

Client1#show ipv neighbors

IPv6 Address                              Age Link-layer Addr State Interface

FE80::C803:2EFF:FE25:6                      0 ca03.2e25.0006  STALE Et0/0

FE80::C804:2CFF:FED5:6                    132 ca04.2cd5.0006  STALE Et0/0

2012::FFFE                                  0 ca03.2e25.0006  STALE Et0/0

Client1#ping 2012::FFFE  repeat   1

Type escape sequence to abort.

Sending 1, 100-byte ICMP Echos to 2012::FFFE, timeout is 2 seconds:

*Mar 25 21:26:54.817: ICMPv6: Sent echo request, Src=2012::C801:74FF:FE34:6, Dst=2012::FFFE

*Mar 25 21:26:54.817: ICMPv6-ND: STALE -> DELAY: 2012::FFFE.

Success rate is 0 percent (0/1)

*Mar 25 21:26:59.893: ICMPv6-ND: DELAY -> PROBE: 2012::FFFE

*Mar 25 21:26:59.893: ICMPv6-ND: Sending NS for 2012::FFFE on Ethernet0/0

*Mar 25 21:26:59.897: ICMPv6: Sent N-Solicit, Src=FE80::C801:74FF:FE34:6, Dst=2012::FFFE

*Mar 25 21:27:00.909: ICMPv6: Received R-Advert, Src=FE80::C804:2CFF:FED5:6, Dst=FF02::1

*Mar 25 21:27:00.989: ICMPv6-ND: Sending NS for 2012::FFFE on Ethernet0/0

*Mar 25 21:27:00.993: ICMPv6: Sent N-Solicit, Src=FE80::C801:74FF:FE34:6, Dst=2012::FFFE

*Mar 25 21:27:02.081: ICMPv6-ND: Sending NS for 2012::FFFE on Ethernet0/0

*Mar 25 21:27:02.081: ICMPv6: Sent N-Solicit, Src=FE80::C801:74FF:FE34:6, Dst=2012::FFFE

*Mar 25 21:27:03.173: ICMPv6-ND: PROBE deleted: 2012::FFFE

*Mar 25 21:27:03.173: ICMPv6-ND: PROBE -> DELETE: 2012::FFFE

Client1#show ipv neighbors        

IPv6 Address                              Age Link-layer Addr State Interface

FE80::C803:2EFF:FE25:6                      1 ca03.2e25.0006  STALE Et0/0

FE80::C804:2CFF:FED5:6                    133 ca04.2cd5.0006  STALE Et0/0

Client1#undebug all

All possible debugging has been turned off

---

实验五、路由重定向

 RouterA:可以主动发送RA

interface Ethernet0/0

 no ip address

 duplex auto

 ipv6 address 2012::FFFF/64

 ipv6 enable

 ipv6 nd ra interval 10

RouterB:不主动发送RA，也不进行前缀通告

interface Ethernet0/0

 no ip address

 duplex auto

 ipv6 address 2012::FFFE/64

 ipv6 enable

 ipv6 nd prefix 2012::/64 no-advertise

 ipv6 nd ra suppress

client1: ipv6 route 3000::/64 e0/0 FE80::C803:2EFF:FE25:6

RouterB: ipv6 route 3000::/64 e0/0 FE80::C804:2CFF:FED5:6

RouterA:

int loopback0

ipv6 enable

ipv6 add 3000::FFFF/64

 Client1#ping ipv6 3000::FFFF source 2012::C801:74FF:FE34:6

 

 

RouterB发送重定向报文给client1 

同时RouterB将原始ping报文转发给RouterA，RouterA收到 ping报文后，RouterA发送NS请求2012::C801:74FF:FE34:6的mac地址，client1发送NA给RouterA告诉其2012::C801:74FF:FE34:6的mac地址，最后RouterA发送回包给client1 

后续Client1#ping ipv6 3000::FFFF source 2012::C801:74FF:FE34:6包，不会再发给RouterB了

即使Client1上有路由ipv6 route 3000::/64 Ethernet0/0 FE80::C803:2EFF:FE25:6指向RouterB

---

实验六、隧道技术

1、手工隧道------IPv6 over IPv4隧道

 

 interface Tunnel0

 no ip address

 ipv6 enable

 tunnel source e0/1

 tunnel mode ipv6ip

 tunnel destination 10.10.23.3

ip route 0.0.0.0 0.0.0.0 10.10.12.2

ipv6 route ::/0 Tunnel0

interface Tunnel0

 no ip address

 ipv6 enable

 tunnel source e0/2

 tunnel mode ipv6ip

 tunnel destination 10.10.12.1

ip route 10.10.12.0 255.255.255.0 10.10.23.2

ipv6 route ::/0 Tunnel0

 

 

 

 

 IPv6整个数据包作为载荷被封装在IPv4包中

2、手工隧道------GRE隧道

interface Tunnel0

 no ip address

 ipv6 enable

 tunnel source e0/1

 tunnel mode gre ip

 tunnel destination 10.10.23.3

ip route 0.0.0.0 0.0.0.0 10.10.12.2

ipv6 route ::/0 Tunnel0

interface Tunnel0

 no ip address

 ipv6 enable

 tunnel source e0/2

 tunnel mode gre ip

 tunnel destination 10.10.12.1

ip route 10.10.12.0 255.255.255.0 10.10.23.2

ipv6 route ::/0 Tunnel0

 

 

 

IPv6包封装在GRE中，GRE包封装在IPv4包中 

 3、自动隧道-----6to4隧道

 IPv6固定格式：2002:公网IPv4:子网::/64

注意：R1和R3上IPv6端不能同时抑制RA:  ipv6 nd ra suppress

interface Tunnel0  no ip address  no ip redirects  ipv6 enable  tunnel source Ethernet0/1  tunnel mode ipv6ip 6to4

interface Tunnel0  no ip address  no ip redirects  ipv6 enable  tunnel source Ethernet0/2  tunnel mode ipv6ip 6to4

没有指定隧道的目的 根据目的IPv6地址推算出目的IPv4地址，然后和目的IPv4地址建立隧道。

 

 

 

特别情况：

 

两端IPv6网络不用2002:前缀。2002:前缀用到tunnel接口上

interface Tunnel0  no ip address  no ip redirects  ipv6 enable  tunnel source Ethernet0/1  tunnel mode ipv6ip 6to4 ipv add 2002:a0a:c01:1::1/64	interface Tunnel0  no ip address  no ip redirects  ipv6 enable  tunnel source Ethernet0/2  tunnel mode ipv6ip 6to4 ipv dd 2002:a0a:1703:1::1/64	没有指定隧道的目的 根据目的IPv6地址推算出目的IPv4地址，然后和目的IPv4地址建立隧道。 (将隧道接口当成内网IPv6接口，就是上面的案例了)
R1	ipv route 2023::/16 2002:a0a:1703:1::1 ipv route 2002:a0a:1703::/48 tunnel0
R3	ipv route 2022::/16 2002:a0a:c01:1::1 ipv route 2002:a0a:c01::/48 tunnel0

 

 

 

 

 

4、自动隧道-----ISATAP隧道(略)

5、自动隧道-----IPv4兼容IPv6隧道(略)

6、半自动隧道-----6PE(后面实验部分介绍)

---

实验七、NAT--PT技术 (与CEF冲突，需关闭CEF)

A、静态NAT-PT(IPv4->IPv6单向)

interface Ethernet0/0

ipv6 address 2022::FFFF/64

 ipv6 enable

 ipv6 nat

interface Ethernet1/0

 ip address 10.10.10.254 255.255.255.0

ipv6 enable

 ipv6 nat

ipv6 nat v6v4 source 2022::10 10.10.10.1

ipv6 nat prefix 2023::/96

//

10.10.10.10->10.10.10.1        源地址10.10.10.10不会自动用前缀2023::/96构造新的IPv6地址作为源地址  2023::0a0a:0a0a去访问2022::10

必须添加映射：ipv6 nat v4v6 source 10.10.10.10 2023::1

 

B、静态NAT-PT(IPv4<->IPv6双向)

ipv6 nat v6v4 source 2022::10 10.10.10.1

ipv6 nat v4v6 source 10.10.10.10 2023::1

 

 

反向:

 

C、动态NAT-PT(IPv6->IPv4)

ipv6 access-list test

 permit ipv6 2022::/64 any

ipv6 nat v6v4 pool pool1 10.10.10.200 10.10.10.253 prefix-length 24

ipv6 nat v6v4 source list test pool pool1

ipv6 nat v4v6 source 10.10.10.10 2023::1

 

 

 D、动态NAT-PT(IPv4->IPv6)

access-list 1 permit 10.10.10.0 0.0.0.255

ipv6 nat v4v6 pool pool1 2023:: 2023::FFFF prefix-length 96

ipv6 nat v4v6 source list 1 pool pool1

ipv6 nat v6v4 source 2022::10 10.10.10.1

 

 

E、IPv4-Mapped NAT-PT(自动映射-IPv4映射到IPv6)------ IPv6->IPv4 

 手动将IPv4地址映射到IPv6，如果数量不多，还可以承受。如果有大量的IPv4地址映射到IPv6中，则可以使用自动映射。仅限IPv6主动访问IPv4。

ipv6 access-list test

 permit ipv6 2022::/64 any

ipv6 nat v6v4 pool pool1 10.10.10.200 10.10.10.253 prefix-length 24

ipv6 nat v6v4 source list test pool pool1

ipv6 access-list v4map

 permit ipv6 2022::/64 2023::/96

ipv6 nat prefix 2023::/96 v4-mapped v4map

 当2022::/64 访问2023::/96时，目的ipv6地址直接去掉前面的96位前缀变成32位，将32位翻译成IPv4地址，，源地址使用 pool1中未使用的一个IPv4地址

2023::0a0a:0a0a去掉前面的96位，剩下0a0a:0a0a，翻译成IPv4地址就是10.10.10.10

 

---

 实验八、6PE技术

 前面介绍的隧道技术，其实是将IPv6包封装在其他协议中(GRE或者IPv4)，然后通过承载网路由到目的网络。

6PE技术，在两个PE之间建立IPv4 BGP对等体，但是传递的是IPv6路由。

IPv6数据包在承载网中传输时，会在包前打上两层标签。

PE1: router bgp 234  bgp router-id 2.2.2.2  bgp log-neighbor-changes  no bgp default ipv4-unicast  neighbor 4.4.4.4 remote-as 234  neighbor 4.4.4.4 update-source Loopback0  !  address-family ipv4  exit-address-family  !  address-family ipv6   redistribute connected   redistribute ospf 1   neighbor 4.4.4.4 activate   neighbor 4.4.4.4 send-label  exit-address-family

PE2: router bgp 234  bgp router-id 4.4.4.4  bgp log-neighbor-changes  no bgp default ipv4-unicast  neighbor 2.2.2.2 remote-as 234  neighbor 2.2.2.2 update-source Loopback0  !  address-family ipv4  exit-address-family  !  address-family ipv6   redistribute connected   redistribute ospf 1   neighbor 2.2.2.2 activate   neighbor 2.2.2.2 send-label  exit-address-family

 

CE1和CE2都学到了对方的路由

 

 

IPv6包前面加了两层标签，外层标签300由P设备产生，通过LDP协议传递过来；内层标签403由PE2的MP-BGP产生，通过MP-BGP传递过来(默认是不产生标签的，需要通过命令 neighbor 4.4.4.4 send-label 和neighbor 2.2.2.2 send-label来产生标签).

为什么要两层标签？

MPLS标签协议中有一个倒数第二跳标签弹出机制。如果只有一层标签，那么在P设备（倒数第二跳）上弹出标签后，只剩下IPv6数据包了，P设备上没有启用IPv6，不可能路由，只能丢弃数据包了。

---

 实验九、6VPE技术 

 6PE技术，在两个PE之间建立IPv4 BGP对等体，但是传递的是IPv6路由。

6VPE技术，在两个PE之间建立VPNv4 BGP对等体，但是传递的是VPNv6路由。

PE1	PE2
vrf definition cisco  rd 1:1  !  address-family ipv6   route-target export 234:2   route-target import 234:4  exit-address-family	vrf definition cisco  rd 2:2  !  address-family ipv6   route-target export 234:4   route-target import 234:2  exit-address-family
interface Ethernet0/0  vrf forwarding cisco  no ip address  duplex auto  ipv6 address 2001:12::2/64  ipv6 enable	interface Ethernet0/0  vrf forwarding cisco  no ip address  duplex auto  ipv6 address 2001:45::4/64  ipv6 enable
router bgp 234  bgp router-id 2.2.2.2  bgp log-neighbor-changes  no bgp default ipv4-unicast  neighbor 4.4.4.4 remote-as 234  neighbor 4.4.4.4 update-source Loopback0  !  address-family ipv4  exit-address-family  !  address-family v6   neighbor 4.4.4.4 activate   neighbor 4.4.4.4 send-community extended  exit-address-family  !  address-family ipv6 vrf cisco   redistribute connected   neighbor 2001:12::1 remote-as 100   neighbor 2001:12::1 activate   neighbor 2001:12::1 as-override  exit-address-family	router bgp 234  bgp router-id 4.4.4.4  bgp log-neighbor-changes  no bgp default ipv4-unicast  neighbor 2.2.2.2 remote-as 234  neighbor 2.2.2.2 update-source Loopback0  !  address-family ipv4  exit-address-family  !  address-family v6   neighbor 2.2.2.2 activate   neighbor 2.2.2.2 send-community extended  exit-address-family  !  address-family ipv6 vrf cisco   redistribute connected   neighbor 2001:45::5 remote-as 100   neighbor 2001:45::5 activate   neighbor 2001:45::5 as-override  exit-address-family

 PE和CE之间使用BGP协议，因为两端都是AS100，因此需要as-override

 

 CE1和CE2都能学到路由。

 

 IPv6包前面加了两层标签，外层标签301由P设备产生，通过LDP协议传递过来；内层标签403由PE2的MP-BGP自动产生，通过MP-BGP传递过来.

​​​​​​​注：有几张图片是用的别人的。