While I was testing and setting up IPv6 enabled 30:30 servers, I needed to get IPv6 to my home. I thought I’d do a quick and dirty IPv6 tunnel from one of our transit routers (BGP Border router) to my Cisco 887. There are a few options with tunnelling using Cisco routers, but if you want a ‘just works’ solution and its only a point to point, then GRE is the way to go. Here’s my setup:
This would have worked with any ISP’s broadband which makes it a very flexible solution, but of course I used a Gconnect DSL account! First I setup the ‘head’ end on the border router. This router has a full IPv6 transit table so I’m right on the internet once my tunnel lands.
interface Tunnel0 description *** TUNNEL TO HOME OFFICE *** no ip address ipv6 address FE80::7 link-local ipv6 address 2A01:570:Y:XXXX::1/64 ipv6 ospf 1 area 0 tunnel source Loopback0 tunnel destination 84.21.X.X
The default tunnel on a Cisco router is GRE, so even if you specify tunnel mode gre ip
it will not show in the resulting config. I chose to add the link /64 to our internal OSPFv3 domain and then add a static route for the /64 on my site.
ipv6 route 2A01:570:Y:XXXY::/64 2A01:570:Y:XXXX::2
OK, so now its time to set up the home router end.
interface Tunnel0 description *** TUNNEL TO BORDER ROUTER *** no ip address zone-member security OUTSIDE ipv6 address 2A01:570:Y:XXXX::2/64 tunnel source Dialer0 tunnel destination 84.21.X.Y
The tunnel should be up provided that you have IPv4 connectivity between the tunnel endpoints. I also added a static default route pointing all IPv6 traffic through the tunnel.
ipv6 route ::/0 Tunnel0
You probably noticed the zone-member security OUTSIDE
on the tunnel interface. You’ll need an IOS past 15.X as far as i can tell for the firewall to actually work with IPv6! Now the test, I’m pinging Google’s ipv6.google.com [2a00:1450:400c:c00::63]
address
#ping 2a00:1450:400c:c00::63 source vlan 20 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2A00:1450:400C:C00::63, timeout is 2 seconds: Packet sent with a source address of 2A01:570:Y:XXXY::1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 48/50/52 ms
Its all good, I can now browse to IPv6 enabled websites.