[afripv6-discuss] Configuring a 6to4 Relay in Cisco

Thu Jun 7 18:13:40 SAST 2007

This info provides the steps requires in order to configure your Cisco box
as a 6to4 Relay.

In order to proceed, you need to have a public IPv4 address on that router,
your own IPv6 prefix (provided by AfriNIC in this case) and IPv6 transit.

And of course, the router need to have an IOS supporting IPv6 (including
6to4 support).

If you need help in order to acquire your IPv6 prefix from AfriNIC, let us
know and we can help even with the request form.

Similarly, we are able to help in making sure you have the right IOS version
(and to configure it) and you can get IPv6 transit (native or tunneling)
either from your upstream, or alternatively, if that's not possible, we will
be able to provide free IPv6 transit to third party networks.

Regards,
Jordi

Details of the example configuration
=====================================

The examples below is assuming that the public IPv4 address in the WAN
interface of the router is 192.1.2.3. You should replace that with the right
information for your own case, same with other data used in the examples.

Also, you need to understand how to calculate the 6to4 IPv6 address for your
router. This is done using the IPv4 address and the IPv6 6to4 prefix.

The 6to4 prefix 2002::/16 is taking the first 16 bits. Then the bits 17 to
48 are the nibble notation for your IPv4 address. So in our example it will
be:

192 = c0
1 = 01
2 = 02
3 = 03

So consequently:
2002:c001:0203::/48

We will use the first address of the prefix for the WAN interface, so
2002:c001:0203::1/128

Also, the anycast address for 6to4 is: 192.88.99.1
Following the same example as above, in IPv6 will be:
2002:c058:6301::/128

For our example using a Loopback, we use 192.3.2.3, which in IPv6 will be
2002:0c03:0203::/128

We show below two options for the 6to4 Relay. One basic configuration and
another using the anycast address for 6to4. You just need to configure one
of them (A or B).

A) Example configuration of a basic 6to4 Relay
=================================================

This relay will only be reachable for hosts or routers with a manual
configuration pointing to it.

A1) Enable IPv6 in the router

ipv6 unicast-routing

A2) Ethernet0/0 interface configuration (obviously you can use another
interface)

 interface Ethernet0/0
  description 6to4 Relay Service
  ip address 192.1.2.3 255.255.255.0

A3) ³tunnel 6to4² virtual interface

  interface Tunnel2002
  description 6to4 Relay Interface
  no ip address
  no ip redirects
  ipv6 address 2002:c001:0203::1/128
  tunnel source Ethernet0/0
  tunnel mode ipv6ip 6to4

A4) 6to4 prefix route

  ipv6 route 2002::/16 Tunnel2002

B) Example configuration of a 6to4 Relay with anycast support
===============================================================

B1) Enable IPv6 in the router

ipv6 unicast-routing

B2) We use the loopback (recommended), but you could use an Ethernet
Interface or any other one

  interface Loopback0
   description 6to4 Anycast Relay Service
   ip address 192.88.99.1 255.255.255.0 secondary
   ip address 192.3.2.3 255.255.255.255
   ipv6 address 2002:c003:0203::1/128
   ipv6 mtu 1480
   no ipv6 mfib fast

Note: When using IPv4 anycast addresses is recommended to configure
explicitly the BGP/OSPF ID with a unicast address, otherwise, the router may
take by default the anycast address as the ID.

B3) ³tunel 6to4² virtual interface

  interface Tunnel2002
   description anycast 6to4 Relay Interface
   no ip address
   no ip redirects
   ipv6 address 2002:C058:6301::/128 anycast
   ipv6 unnumbered Loopback0
   no ipv6 mfib fast
   tunnel source Loopback0
   tunnel mode ipv6ip 6to4
   tunnel path-mtu-discovery

C) Configuration for a public Relay
=====================================

If you choose the anycast option (B), then you can also make the relay
public via the following steps.

C1) You need to announce the 2002::/16 prefix usually via BGP. The example
below will help you. You should add this to the normal unicast IPv6
configuration and replace the right information for your own case.

  router bgp myASN
   no bgp default ipv4-unicast
   bgp log-neighbor-changes
   neighbor remotepeer_IPv6_address remote-as remoteASN
   neighbor remotepeer_IPv6_address description Peer to remoteISP

   address-family ipv6
   neighbor remotepeer_IPv6_address activate
   neighbor remotepeer_IPv6_address route-map remoteISP_in in
   neighbor remotepeer_IPv6_address route-map remoteISP_out out
   network my_IPv6_prefix
   network 2002::/16
   exit-address-family

  ipv6 route 2002::/16 Null0

  ipv6 prefix-list 6to4_prefix seq 5 permit 2002::/16

  route-map remoteISP_out permit 10
   match ipv6 address prefix-list 6to4_prefix

Note: Of course, you need to replace some of the parameters with your
specific data, such as myASN, remotepeer_IPv6, my_IPv6_prefix, remoteASN,
remoteISP, remoteISP_in and remoteISP_out.

C2) Additionally you need to configure the announce of the 6to4 anycast
prefix, 192.88.99.0/24, to your neighbor ISPs.

D) Configuration for a Private Relay
=====================================

Alternatively, if you only want to offer the relay to your own customers,
you need to announce the 192.88.99.0/24 prefix only to them. Then you will
need to use example A) and use something adapted to your own network/routing
protocol. 

For example, if you are using OSPF as your IGP, you will add something such
as:

  router ospf 1
   log-adjacency-changes
   auto-cost reference-bandwidth 10000
   network 192.88.99.0 0.0.0.255 area 0

**********************************************
The IPv6 Portal: http://www.ipv6tf.org

Bye 6Bone. Hi, IPv6 !
http://www.ipv6day.org

This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.