Table of contents
If you haven’t seen the lesson IPv4/IPv6 Tunneling Introduction, please consider viewing it before this lesson.
Manual Tunneling, as the name implies, is a tunnel that has all of the elements of the tunnel endpoints configured manually. Everything is “hard-coded” and elements of the configuration don’t change unless it’s done manually...nothing is done automatically. This idea will be easier understood after viewing this lesson and the Automatic Tunneling lessons.
Note that Manual Tunneling is also referred to as Configured Tunneling or Static Tunneling.
Advantages of manual tunneling include:
Configuration is easier than automatic tunneling.
Can offer increased security as there are more forwarding options for IPv6.
Very Poor Scalability - All tunneling links are virtual point-to-point links. This does not scale well. Trying to scale tunnels manually is even worse. All devices must be connected with a mesh topology.
Management – Any changes must be done manually.
There are two methods of Manual Tunneling:
- IP-IP Based
- Simple, fast and has low overhead
- No multicast capability
- GRE (Generic Routing Encapsulation) Based
- Can tunnel everything...including non-IP protocols.
- Multicast capable. Multicast is used for many things in IPv6. Voice and Video often use multicast. Routing protocols in IPv6 use multicast.
Pro Tip: If you want to use a routing protocol between tunnel endpoints, GRE based must be used. There isn't another option.
Other considerations for manual configuration include:
- Ingress Filtering
- Managing ICMP messages
- MTU sizing
- Header Fields
- Neighbor Discovery over the tunnel
Pro Tip: Since Configured Tunneling (Manual Tunneling) scales so poorly, it should only be used in small organizations with not more than a few tunnels.
Configuration and Verification
Manual Tunnel configuration is fairly simple and straightforward. While there are different tunneling methods, we'll use IPv6 over IPv4 for our lab since this is what we're most likely to see in production (other tunnel options are explained in more detail later in this section). Loopback 6 on R-1 and R-2 represent IPv6 networks.
ISP is labeled as the IPv4 island, this could also be an IPv4 island within your own network. Maybe an IPv6 access layer, IPv4 core and an IPv6 data center.
We'll configure R-1, ISP and R-2 for this lab. In the "Real World", however, we may not have control over the tunnel routers or the router at the other end of the tunnel. I'll show you how to verify configurations and connectivity from R-1.
The first thing I want to do is configure loopback interfaces on the tunnel endpoint devices for both IPv4 and IPv6. Using loopback interfaces is better than using physical interfaces because loopback interfaces are more stable...physical interfaces can go down, but loopback interfaces can’t (unless the whole device goes down).
An interface can have both an IPv4 address and IPv6 addresses. If you wanted to, you could configure a loopback interface with both address types.
I’m going to use loopback 4 for IPv4 and loopback 6 for IPv6. By embedding information in my addressing scheme, I can quickly see the device is running Dual Stack:
R-1(config)#interface loopback 4 R-1(config-if)#ip address 18.104.22.168 255.255.255.0 R-1(config-if)#exit R-1(config)#interface loopback 6 R-1(config-if)#ipv6 address 2001::1/128 R-1(config-if)#exit
R2(config)#interface loopback 4 R2(config-if)#ip address 22.214.171.124 255.255.255.0 R2(config-if)#exit R2(config)#interface loopback 6 R2(config-if)#ipv6 address 2001::2/128 R2(config-if)#exit
The physical interfaces for the tunnel end point devices need to be enabled and addressed with IPv4. Notice that the endpoint devices can be in different subnets.
R-1(config)#interface g 0/0 R-1(config-if)#no shutdown R-1(config-if)#ip address 192.168.10.1 255.255.255.0 R-1(config-if)#exit
R2(config)#interface g 0/0 R2(config-if)#no shutdown R2(config-if)#ip address 192.168.20.1 255.255.255.0 R2(config-if)#exit
The ISP’s topology doesn’t matter as long as the tunnel endpoints can reach each other. For this lab, a simple one router setup is fine.
Physical interfaces to R1 and R2 are enabled and addresses with IPv4:
ISP(config)#interface g 0/0 ISP(config-if)#no shutdown ISP(config-if)#ip address 192.168.10.2 255.255.255.0 ISP(config-if)#exit ISP(config)#interface g 0/1 ISP(config-if)#no sh ISP(config-if)#ip address 192.168.20.2 255.255.255.0
To configure the virtual tunnel interfaces we need to configure the tunnel source and tunnel destination for each side of the tunnel. We also need to specify the tunneling method with the tunnel mode command. For our example, we want IPv6 over IPv4: