利用6to4隧道穿越ipv4,实现对ipv6资源的访问_ipv6

6to4隧道
采用2002::/16的ipv6 地址,将ipv6数据包封装在ipv4数据包中进行传输
自动隧道,
用于网络边缘,链接两个站点(或主机)
不支持nat。

6to4地址的基本格式:开头2002::/16,接下来的32位采用源ipv4地址
实验配置:

R1
hostname R1                                     

ipv6 unicast-routing
!

interface Loopback0
no ip address
ipv6 address 2001::1/128
ipv6 ospf 1 area 0
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
ipv6 address 2002:202:202::1/64  
ipv6 ospf 1 area 0
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!

ipv6 router ospf 1
router-id 1.1.1.1

R2
hostname R2


ipv6 unicast-routing
!

interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Tunnel0
no ip address
no ip redirects
ipv6 unnumbered FastEthernet0/0   借用了f0/0的地址
tunnel source Loopback0                  以lo0做源
tunnel mode ipv6ip 6to4                   tunnel模式为6to4
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
ipv6 address 2002:202:202::2/64(tunnel借用了f0/0的地址,所以f0/0的地址前缀必须嵌入源lo0的地址 
ipv6 ospf 1 area 0
!
interface FastEthernet1/0
ip address 23.1.1.2 255.255.255.0
duplex auto
speed auto
!
router ospf 2
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 23.1.1.0 0.0.0.255 area 0
!

ipv6 route 2002::/16 Tunnel0
ipv6 route ::/0 2002:303::303::3 注解(1)
ipv6 router ospf 1
router-id 2.2.2.2
log-adjacency-changes
default-information originate
redistribute static


R3

hostname R3

ipv6 unicast-routing
!

interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Tunnel0
no ip address
no ip redirects
ipv6 unnumbered FastEthernet0/0
tunnel source Loopback0
tunnel mode ipv6ip 6to4
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
ipv6 address 2002:303:303::3/64
ipv6 ospf 1 area 0
!
interface FastEthernet1/0
ip address 23.1.1.3 255.255.255.0
duplex auto
speed auto
!
router ospf 2
log-adjacency-changes
network 3.3.3.3 0.0.0.0 area 0
network 23.1.1.0 0.0.0.255 area 0
!

ipv6 route 2002::/16 Tunnel0
ipv6 router ospf 1
router-id 3.3.3.3
log-adjacency-changes
redistribute static
!

R4
ipv6 unicast-routing

interface Loopback0
no ip address
ipv6 address 2001::4/128
!
interface FastEthernet0/0o ip address
duplex auto
speed auto
ipv6 address 2002:303:303::4/64
ipv6 ospf 1 area 0
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto

ipv6 router ospf 1
router-id 4.4.4.4

注解(1):为了让R1主机能够通过6to4隧道让问对端的ipv6公网资源,必须将非6to4数据包传给对端6to4路由器(6to4代理)
                  所以加入了静态路由ipv6 route ::/0 2002:303:303::3 指向对端的6to4路由器的地址。这里要尤其注意一点:如果将下一跳改为出口tunnel 0,则路由器认为必须将目的地址为2001:4(其他ipv6资源网络)的数据包进行6to4封装,根据该隧道的封装原理,路由器将从2001::4中提取出ipv4地址0.0.0.0 作为目的地址封装报文,可是R2没有去往0.0.0.0 的路由,所以封装失败,若给R2加上0.0.0.0的路由,则数据包将进行封装,对端R3收到该报文后发现目的地址和自己建立隧道时建立的源地址不相同,丢弃该报文。所以通信失败。如果用对端的隧道地址作为下一跳,则路由器R2将进行路由递归查询,发现前往2002:303;303::3需进行6to4封装,于是用3.3.3.3封装该报文,对端发现目的地址和隧道源地址相同,于是接受该报文,并解封装,丢给ipv6网络,通信就正常了。


联想:如果我们在ipv4以太网中指定静态路由时用以太口作为下一跳出口,则路由器将直接对该报文目的地址进行arp解析(路由器认为该静态路由是直连的),所以要是对端路由器没有开启arp-pro功能,则报文将被对端丢弃;相反若是指定ip地址作为下一跳,则路由器会对下一跳地址进行arp解析,无关arp-pro,路由转发也就正常了