Interconnecting IPv6 and IPv4
Dual Stack
Dual Stack means running both IPv4 and IPv6 on the same interface. This doesn’t mean they are actually interconnected, just that they can both run at the same time on an interface.
Tunnels
Manual Tunnels
IPv6 in IP Tunnels
IPv6 can be encapsulated in IPv4 packets and transported across a virtual tunnel interface. To enable a tunnel that encapsulates IPv6 in IPv4, use:
Also, a tunnel source and a destination must be set. These must be IPv4 addresses. For tunnel destination you can also configure an interface running IPv4.
GRE Tunnels
GRE Tunnels work the same, except the encapsulation protocol is GRE which works both with IPv4 and IPv6. The advantage with GRE is that it can encapsulate both IP and IPv6 and it can be transported with both IP and IPv6. GRE over IPv4 is the default encapsulation mode of Cisco Tunnels. You can set the tunnel mode to gre with:
Also, a tunnel source and a destination must be set:
The transported protocol depends on the type of address that is set on the tunnel interface. It can be either an IPv4 address or an IPv6 address,
Automatic Tunnels
Automatic tunnels are inherently multipoint because the destination of the tunnel is dynamic, computed out of the IPv6 destination address of each packet. When an IPv6 packet is routed out the auto-tunnel interface, the router looks at the destination IPv6 which has to follow a certain rule based on the type of the auto tunnel. From the destination IPv6 address, it computes the IPv4 tunnel destination address. Now it know wheat is the tunnel destination for this particular packet. The process is performed again for each packet. Things happen the same on the return path, as well. You also have to make sure the routing table points IPv6 traffic destined for the tunnel on the correct tunnel interface.
The automatic tunnels are all based on ipv6ip encapsulation, so the configuration is similar:
6to4 Tunnels
IANA Reserved the 2002::/16 prefix for 6to4 tunnels. The prefix of the address used should be in the format 2002:HAHB:HCHD:: where HA, HB, HC and HD are the hex values of A, B, C and D in the IPv4 address of the tunnel source: A.B.C.D.
To define the 6to4 automatic tunnel mode, use:
Then, set a tunnel source but do not set a tunnel destination.
Then, set the IPv6 address of the tunnel interface.
Next, a route to the peer(X.Y.Z.T) should be set. This must be done for each potential peer
Automatic 6-to-4 tunnels can only be used for BGP peering, which uses unicast addresses. Other routing protocols use Link Local addresses and can’t work over an automatic 6-to-4 tunnel.
Auto-Tunnels
This feature is deprecated in real life scenarios, but it can be configured in IOS. This is also a point-to-multipoint configuration like 6-to-4 tunnels, so you don’t need to set a tunnel destination. You also don’t have to set an IPv6 address on the tunnel, as it was required in 6-to-4 tunnels. To configure auto-tunnels, just set the mode and the tunnel source:
ISATAP Tunnels
ISATAP(Intra-Site Automatic Tunnel Addressing Protocol) is also a point-to-multipoint configuration, like the other automatic tunnels. You don't need to setup a tunnel destination, but you need to set the IPv6 tunnel address using the ISATAP format. To configure it:
The router will automatically create an ISATAP specific eui-64 Interface ID in the following format: 0000:5EFE:HAHB:HCHD, where A.B.C.D is the source of the tunnel. The IPv6 address of the tunnel, will therefor be PREFIX::0000:5EFE:HAHB:HCHD/64 Next, if you want to reach networks past the next hop router, static routes or BGP can be used. A static route could look like:
The advantage of using ISATAP is that it also has link-local addresses and therefor we should be able to run IGP protocol on such tunnels. Unfortunately the tunnels cannot use the multicast addresses so you will have to manually specify the neighbors. Another advantage is that the prefix is left to the administration's decision and is not fixed as in the other automatic tunnel modes.
NAT-PT
NAT PT has been deprecated but Cisco IOS still supports it. It is similar to IPv4 NAT, but it can also translate the protocol from IPv4 to IPv6 and the other way around. To better understand the configuration, we will use this example:
NAT PT requires a few steps when configuring:
Basic NAT PT config
Enable NAT PT on each interface and define the NAT PT Prefix:
Enabling NAT-PT will enable a virtual interface (NVI) on the router. For this interface we must define a prefix. This prefix must always be /96. (128-32)
The next to steps envolve defining a v6v4 and a v4v6 translation. Each translation can be configured using Static or Dynamic NAT. Dynamic NAT has the inconvenient that it can only be used on one side, and that side must initiate the Session. Static NAT however will be difficult to implement in many-to-many communications
Define a v6v4 translation
The translation can be done using Static NAT or Dynamic NAT.
Static NAT
Translates the IPV6-SRC to an IPV4-ADDR on the IPv4 network or another subnet used only for NAT:
Dynamic NAT
Translates any IPv6 Address matched by an ACL or route-map into an IPv4-Address specified in a pool or used on an interface:
The V4-POOL must be defined using:
Dynamic NAT with overload - PAT
PAT works the same as in IPv4 NAT. Instead of mapping each source to an IP address of the pool, the router will map multiple IPv6 addresses to the same IPv4 address, changing the L4 source Port in the translation.
The V4-POOL must be defined using:
Define a v4v6 translation
The final step in making the communication work end-to-end is to define the translation for the traffic coming in the opposite direction. There are also a few options:
Static NAT
Dynamic NAT
Automatic Mapping
You can configure the router to make automatic mappings between IPv4 and IPv6 addresses by adding the 32 bits of the IPv4 address to the 96 bits IPv6 NAT PT prefix and the other way around. To enable this feature, use:
The ACL is used to filter the traffic that will go through the NAT process.
Last updated
