[afripv6-discuss] Configuring a 6to4 Relay in Cisco
JORDI PALET MARTINEZ
jordi.palet at consulintel.es
Thu Jun 21 14:59:45 SAST 2007
Hi Carlos,
Yes, that's the idea, in both Africa and LAC, we are helping people to
deploy 6to4 and Teredo Relays, so as much traffic as possible is kept local,
as upstream bandwidth there is very expensive compared with other regions.
Regards,
Jordi
> De: Carlos Friacas <cfriacas at fccn.pt>
> Responder a: "IPv6 in Africa <afripv6-discuss at afrinic.net>"
> <afripv6-discuss at afrinic.net>
> Fecha: Thu, 21 Jun 2007 10:30:56 +0100 (WEST)
> Para: "IPv6 in Africa <afripv6-discuss at afrinic.net>"
> <afripv6-discuss at afrinic.net>
> Asunto: RE: [afripv6-discuss] Configuring a 6to4 Relay in Cisco
>
>
> Hi,
>
> Just a small note: The number of available 6to4 relays improves the
> overall performance of this transition mechanism.
>
> Is anybody really planning to deploy a 6to4 Relay in Africa soon? most of
> available relays are in Europe (and also in Asia and North America).
>
> Best Regards,
> Carlos
>
>
>
> On Thu, 21 Jun 2007, Miguel A. Diaz wrote:
>
>> Dear Eddy,
>>
>> I'll try to answer your questions. See below my reply.
>>
>> Regards
>> Miguel
>>
>>> -----Mensaje original-----
>>> De: afripv6-discuss-bounces at afrinic.net
>>> [mailto:afripv6-discuss-bounces at afrinic.net] En nombre de
>>> Kayihura M. Eddy
>>> Enviado el: jueves, 21 de junio de 2007 7:58
>>> Para: jordi.palet at consulintel.es; IPv6 in Africa
>>> Asunto: Re: [afripv6-discuss] Configuring a 6to4 Relay in Cisco
>>>
>>> Dear Jordi,
>>> You mentioned in your mail below:
>>>
>>> "Also, the anycast address for 6to4 is: 192.88.99.1"
>>>
>>> I have two questions on this:
>>> 1. what is the principle to get it?
>>
>> 192.88.99.0/24 is the anycast prefix reserved for the 6to4 relay
>> service. See RFC3068 for more details.
>>
>> The 192.88.99.1 is the anycast address reserved for the 6to4 relay
>> router. It's an IPv4 address used to reach the nearest 6to4 relay
>> router. All the public 6to4 relay routers have configured this IPv4
>> address (in addition to the one configured for the WAN interface). The
>> ISP should be in charge of announcing via BGP the anycast prefix in
>> order to the 6to4 relay router be reachable via the anycast address.
>>
>> The main advantage of using anycast address for this service is that
>> users don't need to know which is the IPv4 address of the nearest 6to4
>> router, just they use the anycast address and the routing
>> infrastructure (i.e. BGP on the Internet) routes the packets to the
>> nearest 6to4 router.
>>
>>
>>> 2. since in this example the IP on the router is
>>> 192.1.2.3,for one to also own 192.88.99.1 the IP space should
>>> be big unless I am missing something.
>>
>>
>> The example below assumes that the public IPv4 address in the WAN
>> interface of the router is 192.1.2.3. You should replace that with the
>> right information for your own case.
>>
>> Your real IPv4 address is not related to the anycast address
>> (192.88.99.1) at all. They both are completely independent. You can
>> configure both of them to the same router. Just be sure that you
>> announce the anycast prefix properly in order to the 6to4 router be
>> reachable via the anycast address.
>>
>>
>>
>>>
>>> Thanks
>>>
>>> Eddy
>>>
>>>
>>>
>>> JORDI PALET MARTINEZ wrote:
>>>> This info provides the steps requires in order to configure
>>> your Cisco
>>>> box as a 6to4 Relay.
>>>>
>>>> In order to proceed, you need to have a public IPv4 address on
>> that
>>>> router, your own IPv6 prefix (provided by AfriNIC in this
>>> case) and IPv6 transit.
>>>>
>>>> And of course, the router need to have an IOS supporting IPv6
>>>> (including
>>>> 6to4 support).
>>>>
>>>> If you need help in order to acquire your IPv6 prefix from
>> AfriNIC,
>>>> let us know and we can help even with the request form.
>>>>
>>>> Similarly, we are able to help in making sure you have the
>>> right IOS
>>>> version (and to configure it) and you can get IPv6 transit
>>> (native or
>>>> tunneling) either from your upstream, or alternatively, if
>>> that's not
>>>> possible, we will be able to provide free IPv6 transit to
>>> third party networks.
>>>>
>>>> Regards,
>>>> Jordi
>>>>
>>>>
>>>> Details of the example configuration
>>>> =====================================
>>>>
>>>> The examples below is assuming that the public IPv4 address
>>> in the WAN
>>>> interface of the router is 192.1.2.3. You should replace
>>> that with the
>>>> right information for your own case, same with other data
>>> used in the examples.
>>>>
>>>> Also, you need to understand how to calculate the 6to4 IPv6
>> address
>>>> for your router. This is done using the IPv4 address and
>>> the IPv6 6to4 prefix.
>>>>
>>>> The 6to4 prefix 2002::/16 is taking the first 16 bits. Then
>>> the bits
>>>> 17 to
>>>> 48 are the nibble notation for your IPv4 address. So in our
>>> example it
>>>> will
>>>> be:
>>>>
>>>> 192 = c0
>>>> 1 = 01
>>>> 2 = 02
>>>> 3 = 03
>>>>
>>>> So consequently:
>>>> 2002:c001:0203::/48
>>>>
>>>> We will use the first address of the prefix for the WAN
>>> interface, so
>>>> 2002:c001:0203::1/128
>>>>
>>>> Also, the anycast address for 6to4 is: 192.88.99.1
>>> Following the same
>>>> example as above, in IPv6 will be:
>>>> 2002:c058:6301::/128
>>>>
>>>> For our example using a Loopback, we use 192.3.2.3, which
>>> in IPv6 will
>>>> be
>>>> 2002:0c03:0203::/128
>>>>
>>>> We show below two options for the 6to4 Relay. One basic
>>> configuration
>>>> and another using the anycast address for 6to4. You just need to
>>>> configure one of them (A or B).
>>>>
>>>>
>>>> A) Example configuration of a basic 6to4 Relay
>>>> =================================================
>>>>
>>>> This relay will only be reachable for hosts or routers with
>>> a manual
>>>> configuration pointing to it.
>>>>
>>>> A1) Enable IPv6 in the router
>>>>
>>>> ipv6 unicast-routing
>>>>
>>>> A2) Ethernet0/0 interface configuration (obviously you can
>>> use another
>>>> interface)
>>>>
>>>> interface Ethernet0/0
>>>> description 6to4 Relay Service
>>>> ip address 192.1.2.3 255.255.255.0
>>>>
>>>> A3) ³tunnel 6to4² virtual interface
>>>>
>>>> interface Tunnel2002
>>>> description 6to4 Relay Interface
>>>> no ip address
>>>> no ip redirects
>>>> ipv6 address 2002:c001:0203::1/128
>>>> tunnel source Ethernet0/0
>>>> tunnel mode ipv6ip 6to4
>>>>
>>>> A4) 6to4 prefix route
>>>>
>>>> ipv6 route 2002::/16 Tunnel2002
>>>>
>>>>
>>>> B) Example configuration of a 6to4 Relay with anycast support
>>>> ===============================================================
>>>>
>>>> B1) Enable IPv6 in the router
>>>>
>>>> ipv6 unicast-routing
>>>>
>>>> B2) We use the loopback (recommended), but you could use an
>>> Ethernet
>>>> Interface or any other one
>>>>
>>>> interface Loopback0
>>>> description 6to4 Anycast Relay Service
>>>> ip address 192.88.99.1 255.255.255.0 secondary
>>>> ip address 192.3.2.3 255.255.255.255
>>>> ipv6 address 2002:c003:0203::1/128
>>>> ipv6 mtu 1480
>>>> no ipv6 mfib fast
>>>>
>>>> Note: When using IPv4 anycast addresses is recommended to
>> configure
>>>> explicitly the BGP/OSPF ID with a unicast address, otherwise, the
>>>> router may take by default the anycast address as the ID.
>>>>
>>>> B3) ³tunel 6to4² virtual interface
>>>>
>>>> interface Tunnel2002
>>>> description anycast 6to4 Relay Interface
>>>> no ip address
>>>> no ip redirects
>>>> ipv6 address 2002:C058:6301::/128 anycast
>>>> ipv6 unnumbered Loopback0
>>>> no ipv6 mfib fast
>>>> tunnel source Loopback0
>>>> tunnel mode ipv6ip 6to4
>>>> tunnel path-mtu-discovery
>>>>
>>>>
>>>> C) Configuration for a public Relay
>>>> =====================================
>>>>
>>>> If you choose the anycast option (B), then you can also
>>> make the relay
>>>> public via the following steps.
>>>>
>>>> C1) You need to announce the 2002::/16 prefix usually via BGP. The
>>
>>>> example below will help you. You should add this to the
>>> normal unicast
>>>> IPv6 configuration and replace the right information for
>>> your own case.
>>>>
>>>> router bgp myASN
>>>> no bgp default ipv4-unicast
>>>> bgp log-neighbor-changes
>>>> neighbor remotepeer_IPv6_address remote-as remoteASN
>>>> neighbor remotepeer_IPv6_address description Peer to remoteISP
>>>>
>>>> address-family ipv6
>>>> neighbor remotepeer_IPv6_address activate
>>>> neighbor remotepeer_IPv6_address route-map remoteISP_in in
>>>> neighbor remotepeer_IPv6_address route-map remoteISP_out out
>>>> network my_IPv6_prefix
>>>> network 2002::/16
>>>> exit-address-family
>>>>
>>>> ipv6 route 2002::/16 Null0
>>>>
>>>> ipv6 prefix-list 6to4_prefix seq 5 permit 2002::/16
>>>>
>>>> route-map remoteISP_out permit 10
>>>> match ipv6 address prefix-list 6to4_prefix
>>>>
>>>> Note: Of course, you need to replace some of the parameters
>>> with your
>>>> specific data, such as myASN, remotepeer_IPv6, my_IPv6_prefix,
>>>> remoteASN, remoteISP, remoteISP_in and remoteISP_out.
>>>>
>>>> C2) Additionally you need to configure the announce of the 6to4
>>>> anycast prefix, 192.88.99.0/24, to your neighbor ISPs.
>>>>
>>>>
>>>> D) Configuration for a Private Relay
>>>> =====================================
>>>>
>>>> Alternatively, if you only want to offer the relay to your own
>>>> customers, you need to announce the 192.88.99.0/24 prefix only to
>>>> them. Then you will need to use example A) and use
>>> something adapted
>>>> to your own network/routing protocol.
>>>>
>>>> For example, if you are using OSPF as your IGP, you will
>>> add something
>>>> such
>>>> as:
>>>>
>>>> router ospf 1
>>>> log-adjacency-changes
>>>> auto-cost reference-bandwidth 10000
>>>> network 192.88.99.0 0.0.0.255 area 0
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> **********************************************
>>>> The IPv6 Portal: http://www.ipv6tf.org
>>>>
>>>> Bye 6Bone. Hi, IPv6 !
>>>> http://www.ipv6day.org
>>>>
>>>> This electronic message contains information which may be
>>> privileged or confidential. The information is intended to be
>>> for the use of the individual(s) named above. If you are not
>>> the intended recipient be aware that any disclosure, copying,
>>> distribution or use of the contents of this information,
>>> including attached files, is prohibited.
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> afripv6-discuss mailing list
>>>> afripv6-discuss at afrinic.net
>>>> https://lists.afrinic.net/mailman/listinfo.cgi/afripv6-discuss
>>>>
>>>>
>>>
>>> _______________________________________________
>>> afripv6-discuss mailing list
>>> afripv6-discuss at afrinic.net
>>> https://lists.afrinic.net/mailman/listinfo.cgi/afripv6-discuss
>>>
>>
>>
>>
>>
>> **********************************************
>> The IPv6 Portal: http://www.ipv6tf.org
>>
>> Bye 6Bone. Hi, IPv6 !
>> http://www.ipv6day.org
>>
>> This electronic message contains information which may be privileged or
>> confidential. The information is intended to be for the use of the
>> individual(s) named above. If you are not the intended recipient be aware
>> that any disclosure, copying, distribution or use of the contents of this
>> information, including attached files, is prohibited.
>>
>>
>>
>>
>>
>> _______________________________________________
>> afripv6-discuss mailing list
>> afripv6-discuss at afrinic.net
>> https://lists.afrinic.net/mailman/listinfo.cgi/afripv6-discuss
> _______________________________________________
> afripv6-discuss mailing list
> afripv6-discuss at afrinic.net
> https://lists.afrinic.net/mailman/listinfo.cgi/afripv6-discuss
**********************************************
The IPv6 Portal: http://www.ipv6tf.org
Bye 6Bone. Hi, IPv6 !
http://www.ipv6day.org
This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
More information about the afripv6-discuss
mailing list