Earlier this week, we looked at using 6to4 tunnels to establish IPv6 connectivity among sites separated by an IPv4-only transit network. This article extends that concept a bit further to show how you can take advantage of 6to4 tunneling to achieve IPv6 (albeit non-native) access to the public Internet, even from home.
This article discusses configuration of the 6to4 tunnel on an IOS-based access router, however this concept applies to any router or end host which supports 6to4 tunneling and has a global IPv4 address.
Like any tunnel, our 6to4 tunnel must have two endpoints. One end will obviously be our local site, but the other must be some point with both IPv4 and IPv6 Internet access. A number of carriers and service providers operate public 6to4 relays for this purpose. In the past, one would have to search for a relay manually. Fortunately, RFC 3068 introduced a well-known anycast address by which to automatically reach the nearest (as determined by BGP) public 6to4 relay.
The 6to4 relay anycast addresses are:
A simple traceroute will determine the nearest 6to4 relay:
$ traceroute 192.88.99.1 traceroute to 192.88.99.1 (192.88.99.1), 30 hops max, 40 byte packets 1 192.168.10.1 (192.168.10.1) 0.373 ms 2.951 ms 2.794 ms 2 10.4.16.1 (10.4.16.1) 7.020 ms 12.463 ms 12.596 ms 3 ip72-219-223-217.dc.dc.cox.net (72.219.223.217) 12.097 ms 13.054 ms 13.248 ms 4 mrfddsrj02-ge110.rd.dc.cox.net (68.100.0.149) 12.657 ms 12.770 ms 12.878 ms 5 ashbbrj02-as0.0.r2.as.cox.net (68.1.1.232) 29.782 ms 13.392 ms 29.871 ms 6 192.88.99.1 (192.88.99.1) 13.611 ms 9.034 ms 10.151 ms
I'm lucky enough to have access to a relay just ~11 msec away (round-trip)!
Your IPv6 packets won't go far without this:
Router(config)# ipv6 unicast-routing
Before we can configure the tunnel, we must know the public IPv4 address we'll be using to access the IPv4 Internet. Note that for reliable persistent operation, this must be a static address (versus one assigned via DHCP). In this example we'll be using the IPv4 address 70.174.182.38.
To calculate the 6to4 prefix for the tunnel interface, we convert the 32-bit IPv4 address into hexadecimal and append it to the 2002::/16 IPv6 prefix to get 2002:46AE:B626::/48. The actual address we use for our tunnel interface can be any address within this prefix; for our example, we'll use 2002:46AE:B626::/128.
Now we can configure our tunnel interface:
interface Tunnel0 description 6to4 ipv6 address 2002:46AE:B626::/128 tunnel source 70.174.182.38 tunnel mode ipv6ip 6to4
Two IPv6 routes are needed to make this work. First, we need a route for 2002::/16 pointing out our 6to4 tunnel. Second, we need a default route pointing to the 6to4 relay IPv6 anycast address (2002:C058:6301::):
ipv6 route 2002::/16 Tunnel0 ipv6 route ::/0 2002:C058:6301::
The entire 2002:46AE:B626::/48 prefix (minus the subnet used for the tunnel interface) is available to number the internal IPv6 networks. For example, if we have a collection of internal hosts on VLAN 10, we can assign our VLAN 10 interface the address 2002:46AE:B626:1::1/64. IPv6-enabled hosts on this VLAN should automatically detect the presence of an IPv6 router and assign themselves an IPv6 address from this subnet using address autoconfiguration.
$ ip -6 address list eth0 5: eth0: mtu 1500 qlen 1000 inet6 2002:46ae:b626:1:21d:60ff:feb3:184/64 scope global dynamic valid_lft 2591870sec preferred_lft 604670sec inet6 fe80::21d:60ff:feb3:184/64 scope link valid_lft forever preferred_lft forever
If desired, one also has the option to manually assign IPv6 addresses to internal hosts, or using DHCPv6.
You may also configure one or two public IPv6 DNS servers on your hosts, but IPv6 DNS information (e.g. AAAA records) can be carried over IPv4 DNS just as well.
At this point you should have IPv6 connectivity to the world. Some sites to test include:
Also try using Wireshark to sniff the traffic to these sites. Locally, it will appear as native IPv6 traffic. Outside the router, it will appear as IPv6-in-IPv4.
原帖地址:http://packetlife.net/blog/2010/mar/17/using-6to4-ipv6-home/