【新华三】IPv6 过渡技术 - ISATAP隧道
实验要求
实验环境 : HCL5.7.0
实验需求:
实现双方站点的IPv6网络 可以跨 IPv4 网络进行通信
实现思路
① IPv6网络用OSPFv3来实现互通
② IPv4网络用OSPF来实现互通
③ 使用ISATAP隧道实现Pv6网络 可以跨 IPv4 网络进行通信
隧道可以在原有的IPv6头部,再加上Pv4头部,就可以帮助IPv6跨IPv4网络进行通信了
ISATAP 特点
自动建立隧道,不需要向GRE 或者 IPv6 in IPv4 隧道一样,手动指定隧道目的 !
注意:不支持组播
格式:::0000:5EFE:IPv4 前64没有要求,后64有要求
那这个嵌入的IPv4的地址,就是我出接口的IPv4地址
这个不需要手工换算成十六进制,到时候直接写成IPv4地址即可,它会自己换算
报文结构(基于IPv6 in IPv4 隧道) :IPv4 — IPv6
详情可以去查看该篇IPv6 in IPv4 隧道实验
链接: IPv6 in IPv4 隧道实验
注意点
① OSPFv3 只能通过接口下宣告,不能使用Network!!!
配置
R1
基础配置
<H3C>system-view
[H3C]sysname R1
[R1]undo info-center enable
Information center is disabled.
[R1]int g0/0
[R1-GigabitEthernet0/0]ipv6 address 2001:12::1 64
[R1-GigabitEthernet0/0]quit
[R1]int LoopBack 1
[R1-LoopBack1]ipv6 address 2000:1:1::1 64
[R1-LoopBack1]quit
[R1]int LoopBack 2
[R1-LoopBack2]ipv6 address 2000:1:2::1 64
[R1-LoopBack2]quit
[R1]int LoopBack 3
[R1-LoopBack3]ipv6 address 2000:1:3::1 64
[R1-LoopBack3]quit
=================================== 查看接口IPv6地址 =================================
[R1]dis ipv6 int brief
*down: administratively down
(s): spoofing
Interface Physical Protocol IPv6 Address
GigabitEthernet0/0 up up 2001:12::1
GigabitEthernet0/1 down down Unassigned
GigabitEthernet0/2 down down Unassigned
GigabitEthernet5/0 down down Unassigned
GigabitEthernet5/1 down down Unassigned
GigabitEthernet6/0 down down Unassigned
GigabitEthernet6/1 down down Unassigned
LoopBack1 up up(s) 2000:1:1::1
LoopBack2 up up(s) 2000:1:2::1
LoopBack3 up up(s) 2000:1:3::1
Serial1/0 down down Unassigned
Serial2/0 down down Unassigned
Serial3/0 down down Unassigned
Serial4/0 down down Unassigned
OSPFv3 局域网可达
## 进入OSPFv3 进程,设置RID为 1.1.1.1
[R1]ospfv3 1
[R1-ospfv3-1]router-id 1.1.1.1
[R1-ospfv3-1]quit
## 接口下宣告
[R1]int range g0/0 lo1 lo2 lo3
[R1-if-range]ospfv3 1 area 0
[R1-if-range]quit
R2
基础配置
<H3C>system-view
[H3C]sysname R2
[R2]undo info-center enable
Information center is disabled.
[R2]int g0/1
[R2-GigabitEthernet0/1]ipv6 address 2001:12::2 64
[R2-GigabitEthernet0/1]quit
[R2]int g0/0
[R2-GigabitEthernet0/0]ip address 172.16.23.2 24
[R2-GigabitEthernet0/0]quit
局域网环境(OSPFv3):IPv6 网络
## 进入OSPFv3 进程中,设置RID为 2.2.2.2
[R2]ospfv3 1
[R2-ospfv3-1]router-id 2.2.2.2
[R2-ospfv3-1]quit
## 接口下宣告
[R2]int g0/1
[R2-GigabitEthernet0/1]ospfv3 1 area 0
[R2-GigabitEthernet0/1]quit
===================== 查看 R2 与R1建立的OSPFv3的邻居关系 ============================
[R2]dispaly ospfv3 peer
OSPFv3 Process 1 with Router ID 2.2.2.2
Area: 0.0.0.0
-------------------------------------------------------------------------
Router ID Pri State Dead-Time InstID Interface
1.1.1.1 1 Full/DR 00:00:40 0 GE0/1
============================== 查看 R2 学到IPv6 路由条目 ============================
[R2]display ipv6 routing-table
Destinations : 8 Routes : 8
Destination: ::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 2000:1:1::1/128 Protocol : O_INTRA
NextHop : FE80::5C94:E5FF:FEB2:105 Preference: 10
Interface : GE0/1 Cost : 1
Destination: 2000:1:2::1/128 Protocol : O_INTRA
NextHop : FE80::5C94:E5FF:FEB2:105 Preference: 10
Interface : GE0/1 Cost : 1
Destination: 2000:1:3::1/128 Protocol : O_INTRA
NextHop : FE80::5C94:E5FF:FEB2:105 Preference: 10
Interface : GE0/1 Cost : 1
Destination: 2001:12::/64 Protocol : Direct
NextHop : :: Preference: 0
Interface : GE0/1 Cost : 0
Destination: 2001:12::2/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: FE80::/10 Protocol : Direct
NextHop : :: Preference: 0
Interface : InLoop0 Cost : 0
Destination: FF00::/8 Protocol : Direct
NextHop : :: Preference: 0
Interface : NULL0 Cost : 0
isatap隧道
## 目的:IPv4网络内部互通
[R2]ospf 110 router-id 2.2.2.2
[R2-ospf-110]area 0
[R2-ospf-110-area-0.0.0.0]network 172.16.23.0 0.0.0.255
[R2-ospf-110-area-0.0.0.0]quit
[R2-ospf-110]quit
## isatap 隧道,因为是自动建立
## 目的是为了和所有有需要的设备建立隧道通信
## 所以就不用指定隧道的目的了
## 建立 isatap 隧道
[R2]int tunnel 24 mode ipv6-ipv4 isatap ## tunnel模式改为isatap
[R2-Tunnel24]source g0/0 ## tunnel隧道源
[R2-Tunnel24]ipv6 address 2001:24::0000:5efe:172.16.23.2/64 ## IPv6地址需要按照格式来
[R2-Tunnel24]quit
## 像这个格式的话,2001:24::0000:5efe:172.16.23.2/64,会被转换成2001:24::5EFE:AC10:1702
## 2001:24::0000:5efe → 会被缩写为2001:24::5EFE,因为0000可以被:: 这个给省略,可以去看IPv6 地址简化规则
## IPv4地址172.16.23.2 就会被转换成 AC10:1702 的格式!
## 因为isatap隧道不支持组播
## 所以我们就写一条静态路由,去往R5的路由
## 而此时的下一跳,我们可以用链路本地地址
## 自动分配的都会产生链路本地地址。
## 我们通常都是用链路本地地址作为静态路由下一跳的地址
## FE80::5EFE:AC10:2200 → R4的tunnel24 链路本地地址
[R2] ipv6 route-static 2000:5:: 32 Tunnel24 FE80::5EFE:AC10:2200
## 需要重分发进OSPFv3中,让R1学到R5的网络
[R2]ospfv3 1
[R2-ospfv3-1]import-route static ## 将R5的IPv6路由条目引入R1中
[R2-ospfv3-1]quit
=============================== 查看到链路本地地址 ===============================
[R4] dis ipv6 int tun 24
Tunnel24 current state: UP
Line protocol current state: UP
IPv6 is enabled, ** link-local address is FE80::5EFE:AC10:2200 **
Global unicast address(es):
2001:24::5EFE:AC10:2204, subnet is 2001:24::/64
================================== 查看到接口状态 ====================================
[R2]display ipv6 int brief
*down: administratively down
(s): spoofing
Interface Physical Protocol IPv6 Address
GigabitEthernet0/0 up up Unassigned
GigabitEthernet0/1 up up 2001:12::2
GigabitEthernet0/2 down down Unassigned
GigabitEthernet5/0 down down Unassigned
GigabitEthernet5/1 down down Unassigned
GigabitEthernet6/0 down down Unassigned
GigabitEthernet6/1 down down Unassigned
Serial1/0 down down Unassigned
Serial2/0 down down Unassigned
Serial3/0 down down Unassigned
Serial4/0 down down Unassigned
Tunnel24 up up 2001:24::5EFE:AC10:1702
[R2]
R3
[R3]int g0/0
[R3-GigabitEthernet0/0]ip address 172.16.23.3 24
[R3-GigabitEthernet0/0]quit
[R3]int g0/1
[R3-GigabitEthernet0/1]ip address 172.16.34.3 24
[R3-GigabitEthernet0/1]quit
[R3]ospf 110 router-id 3.3.3.3
[R3-ospf-110]area 0
[R3-ospf-110-area-0.0.0.0]network 172.16.23.0 0.0.0.255
[R3-ospf-110-area-0.0.0.0]network 172.16.34.0 0.0.0.255
[R3-ospf-110-area-0.0.0.0]quit
[R3-ospf-110]quit
R4
基础配置
[R4]int g0/0
[R4-GigabitEthernet0/0]ip address 172.16.34.4 24
[R4-GigabitEthernet0/0]quit
[R4]int g0/1
[R4-GigabitEthernet0/1]ipv6 address 2001:45::4 64
[R4-GigabitEthernet0/1]quit
局域网环境(OSPFv3):IPv6 网络
## 进入OSPFv3进程中,设置RID为 4.4.4.4
[R4]ospfv3 1
[R4-ospfv3-1]router-id 4.4.4.4
[R4-ospfv3-1]quit
## 接口下宣告
[R4]int g0/1
[R4-GigabitEthernet0/1]ospfv3 1 area 0
[R4-GigabitEthernet0/1]quit
=================== 查看 R4与R5建立的OSPFv3的邻居关系 ============================
[R4]display ospfv3 peer
OSPFv3 Process 1 with Router ID 4.4.4.4
Area: 0.0.0.0
-------------------------------------------------------------------------
Router ID Pri State Dead-Time InstID Interface
5.5.5.5 1 Full/DR 00:00:34 0 GE0/1
[R4]
isatap 隧道
## 目的:IPv4网络内部互通
[R4]ospf 110 router-id 4.4.4.4
[R4-ospf-110]area 0
[R4-ospf-110-area-0.0.0.0]network 172.16.34.0 0.0.0.255
[R4-ospf-110-area-0.0.0.0]quit
[R4-ospf-110]quit
## 建立isatap 隧道
[R4]int tunnel 24 mode ipv6-ipv4 isatap ## tunnel模式改为isatap
[R4-Tunnel24]source g0/0 ## tunnel隧道源
[R4-Tunnel24]ipv6 address 2001:24::0000:5efe:172.16.34.4 64 ## IPv6地址需要按照格式来
[R4-Tunnel24]quit
## 因为isatap隧道不支持组播
## 所以我们就写一条静态路由,去往R1的路由
## 而此时的下一跳,我们可以用链路本地地址
## 自动分配的都会产生链路本地地址。
##我们通常都是用链路本地地址作为静态路由下一跳的地址
## FE80::5EFE:AC10:1702 → R2的tunnel24 链路本地地址
[R4]ipv6 route-static 2000:1:: 32 Tunnel24 FE80::5EFE:AC10:1702
## 进入OSPFv3 将通往R1的路由让R5也能学到
[R4]ospfv3 1
[R4-ospfv3-1]import-route static
[R4-ospfv3-1]quit
## 查看R2的tunnel24 链路本地地址
[R2]dis ipv6 int tun 24
Tunnel24 current state: UP
Line protocol current state: UP
IPv6 is enabled, link-local address is FE80::5EFE:AC10:1702
Global unicast address(es):
2001:24::5EFE:AC10:1702, subnet is 2001:24::/64
R5
基础配置
[R5]int g0/0
[R5-GigabitEthernet0/0]ipv6 address 2001:45::5 64
[R5-GigabitEthernet0/0]quit
[R5]int LoopBack 1
[R5-LoopBack1]ipv6 address 2000:5:1::5 64
[R5-LoopBack1]quit
[R5]int LoopBack 2
[R5-LoopBack2]ipv6 address 2000:5:2::5 64
[R5-LoopBack2]quit
[R5]int LoopBack 3
[R5-LoopBack3]ipv6 address 2000:5:3::5 64
[R5-LoopBack3]quit
=================================== 查看接口IPv6地址 =================================
[R5]display ipv6 int brief
*down: administratively down
(s): spoofing
Interface Physical Protocol IPv6 Address
GigabitEthernet0/0 up up 2001:45::5
GigabitEthernet0/1 down down Unassigned
GigabitEthernet0/2 down down Unassigned
GigabitEthernet5/0 down down Unassigned
GigabitEthernet5/1 down down Unassigned
GigabitEthernet6/0 down down Unassigned
GigabitEthernet6/1 down down Unassigned
LoopBack1 up up(s) 2000:5:1::5
LoopBack2 up up(s) 2000:5:2::5
LoopBack3 up up(s) 2000:5:3::5
Serial1/0 down down Unassigned
Serial2/0 down down Unassigned
Serial3/0 down down Unassigned
Serial4/0 down down Unassigned
[R5]
OSPFv3 局域网可达
## 进入OSPFv3 进程中,设置RID为 5.5.5.5
[R5]ospfv3 1
[R5-ospfv3-1]router-id 5.5.5.5
[R5-ospfv3-1]quit
## 接口下宣告
[R5]int range g0/0 lo1 lo2 lo3
[R5-if-range]ospfv3 1 area 0
[R5-if-range]quit
检查
R2的tunnel 接口状态
R4的tunnel 接口状态
R1 的路由表
R5 的路由表
R1 Ping R5
[R1]ping ipv6 -a 2000:1:1::1 2000:5:1::5
抓包分析
抓的是 R2的g0/0口
其实这个时候就可以看到,数据包发送的时候
此时就只新增了IPv4报文头这样子就比GRE少了一个封装字段,提高了传输效率
isatap 是如何自动建立隧道?
① 报文的目的地址
当R1的内部想要去Ping R5的内部时
流量到达R2身上,这个时候是需要有目的IP地址的
但是他查看到了我是用6to4隧道,那么就没有去设置隧道目的,那这个时候是怎么传递的呢?
查看R2的路由表,看到我们写的那条静态路由
该条静态路由的下一跳是FE80::5EFE:AC10:2204 ,这下一条里面藏着一个IPv4地址,就是172.16.34.4
接上面的问题
那设备发现这是个isatap隧道,那么就会去路由表找静态路由,然后去提取该IPv4地址,作为我报文的目的地址。
② 那怎么自动建立呢?
其实就是提取我每一条静态路由的IPv4地址,作为我的隧道目的地址,这样子就OK啦
主要就是静态路由中,有下一跳有包含 IPv4 地址,这个就是我的目的地址,所以就可以自动去建立
当需要建立很多条隧道的时候,就不用那么麻烦的一条一条的去建立啦
配置文档
R1
#
sysname R1
#
ospfv3 1
router-id 1.1.1.1
#
#
interface LoopBack1
ospfv3 1 area 0.0.0.0
ipv6 address 2000:1:1::1/64
#
interface LoopBack2
ospfv3 1 area 0.0.0.0
ipv6 address 2000:1:2::1/64
#
interface LoopBack3
ospfv3 1 area 0.0.0.0
ipv6 address 2000:1:3::1/64
#
interface GigabitEthernet0/0
ospfv3 1 area 0.0.0.0
ipv6 address 2001:12::1/64
#
R2
#
sysname R2
#
ospf 110 router-id 2.2.2.2
area 0.0.0.0
network 172.16.23.0 0.0.0.255
#
ospfv3 1
router-id 2.2.2.2
import-route static
#
interface GigabitEthernet0/0
ip address 172.16.23.2 255.255.255.0
#
interface GigabitEthernet0/1
ospfv3 1 area 0.0.0.0
ipv6 address 2001:12::2/64
#
#
interface Tunnel24 mode ipv6-ipv4 isatap
source GigabitEthernet0/0
ipv6 address 2001:24::5EFE:AC10:1702/64
#
#
ipv6 route-static 2000:5:: 32 Tunnel24 FE80::5EFE:AC10:2200
#
R3
#
sysname R3
#
ospf 110 router-id 3.3.3.3
area 0.0.0.0
network 172.16.23.0 0.0.0.255
network 172.16.34.0 0.0.0.255
#
interface GigabitEthernet0/0
ip address 172.16.23.3 255.255.255.0
#
interface GigabitEthernet0/1
ip address 172.16.34.3 255.255.255.0
#
R4
#
sysname R4
#
ospf 110 router-id 4.4.4.4
area 0.0.0.0
network 172.16.34.0 0.0.0.255
#
ospfv3 1
router-id 4.4.4.4
import-route static
#
interface GigabitEthernet0/0
ip address 172.16.34.4 255.255.255.0
#
interface GigabitEthernet0/1
ospfv3 1 area 0.0.0.0
ipv6 address 2001:45::4/64
#
interface Tunnel24 mode ipv6-ipv4 isatap
source GigabitEthernet0/0
ipv6 address 2001:24::5EFE:AC10:2204/64
#
ipv6 route-static 2000:1:: 32 Tunnel24 FE80::5EFE:AC10:1702
#
R5
#
sysname R5
#
ospfv3 1
router-id 5.5.5.5
#
interface LoopBack1
ospfv3 1 area 0.0.0.0
ipv6 address 2000:5:1::5/64
#
interface LoopBack2
ospfv3 1 area 0.0.0.0
ipv6 address 2000:5:2::5/64
#
interface LoopBack3
ospfv3 1 area 0.0.0.0
ipv6 address 2000:5:3::5/64
#
interface GigabitEthernet0/0
ospfv3 1 area 0.0.0.0
ipv6 address 2001:45::5/64
#
需要注意的就是,静态路由的链路本地地址,它是会发生改变的,如果用配置文档的话,后面需要大家自己去修改一下自己的链路本地地址哦!!!