Table of Contents
Advertisement
C
47
| IP Interface Commands
HAPTER
IPv6 to IPv4 Tunnels
C
M
OMMAND
ODE
Interface Configuration (IPv6/v4 Tunnel)
C
U
OMMAND
SAGE
This command is only applicable to the "configured" tunnel mode (see
u
the
tunnel mode ipv6ip
When an IPv6 packet is transmitted over a tunnel, the tunnel end-point
u
address configured by this command is used as the destination address
for the encapsulating IPv4 header.
The determination of which packets to tunnel is based on information in
u
the routing table, which directs packets based on their destination
address using the prefix mask and match technique.
IPv6/IPv4 hosts that are connected to data links with no IPv6 routers
u
may use a configured tunnel to reach an IPv6 router. This tunnel
allows the host to communicate with the rest of the IPv6 Internet (i.e.,
nodes with IPv6-native addresses). If the IPv4 address of an IPv6/IPv4
router bordering the IPv6 backbone is known, this can be used as the
tunnel end-point address. This tunnel can be configured into the
routing table as an IPv6 "default route." That is, all IPv6 destination
addresses will match the route and could potentially traverse the
tunnel. Since the "mask length" of such a default route is zero, it will be
used only if there are no other routes with a longer mask that match
the destination. Note that the default configured tunnel can also be
used in conjunction with 6to4 automatic tunneling.
The tunnel end-point address of a default tunnel could be the IPv4
u
address of one IPv6/IPv4 router at the border of the IPv6 backbone.
Alternatively, the tunnel end point could be an IPv4 "anycast address."
Using this approach, multiple IPv6/IPv4 routers at the border advertise
IPv4 reachability to the same IPv4 address. All of these routers accept
packets to this address as their own, and will decapsulate IPv6 packets
tunneled to this address. When an IPv6/IPv4 node sends an
encapsulated packet to this address, it will be delivered to only one of
the border routers, usually the closest one.
Care must be taken when using a default tunnel to prevent different
u
IPv4 fragments from arriving at different routers for reassembly. This
can be prevented by either avoiding fragmentation of the encapsulated
packets (by ensuring an IPv4 MTU of at least 1300 bytes is used) or by
preventing frequent changes to IPv4 routing.
Packets delivered to transport protocols on the decapsulating node
u
should not be subject to ingress filtering. For bidirectionally configured
tunnels this is done by verifying that the source address is the IPv4
address of the other end of the tunnel. For unidirectionally configured
tunnels, the decapsulating node must be configured with a list of source
IPv4 address prefixes that are acceptable. Such a list must default to
not having any entries, i.e. the node has to be explicitly configured to
forward decapsulated packets received over unidirectionally configured
tunnels.
– 1158 –
command).
- Quick Links:
- Configuration Backup and Restore
Hide quick links:
Advertisement
Chapters
Table of Contents
