思科6RD-從IPv4快速過渡到IPv6部署,從理論到實現講解
6RD簡介
6RD是IPv6快速部署(IPv6 Rapid Deployment)的簡稱,其對應標準為RFC5569,6RD是在6to4基礎上發展起來的一種IPv6網絡過渡技術方案。通過在現有IPv4網絡中增加6RD-BR,向使用IPv6的用戶提供IPv6接入;在IPv6用戶的家庭網關和6RD網關之間建立6in4隧道,從而實現在IPv4網絡提供IPv6服務的能力.
6RD在向IPv6過渡的過程中已經取得了部分成功,因為它容易實施,擴展性強而且可靠,同時它還是無狀態的。
6RD是6to4自動隧道的擴展技術,部署更加靈活。它使得運行商通過已經部署完畢的IPv4網絡提供IPv6服務,當然也是通過最常用的把IPv6封裝在IPv4中實現。
6RD不需要特定的使用2002::/16,它可以使用運行商自己的地址塊,這大大的增加了實施的便利性。
32位的IPv4的目標地址需要在IPv6的有效負荷重承載
圖7-12 6RD示意圖
如圖7-12所示,CE側為客戶的IPv6單播服務,CEs之間可以實現客戶的IPv6互訪,也可以通過BR(邊界中繼設備)訪問BR後的IPv6網絡。數據穿越運營商的現有IPv4網絡。
我們在圖7-14中實施6RD,其中R3和R6為CE,而R5為BR設備。各個設備上的環回口5模擬IPv6主機。
圖7-13為6RD隧道的地址格式,後64位是客戶自己的地址空間,前64位是授權的地址空間,其中前32位是運行商的前綴,緊更著後邊32位是IPv4地址,這32位中分為IPv4通用地址前綴和IPv4通用後綴(本案例通用後綴為0.0.0.0)。
圖7-13 6RD隧道的地址格式
圖7-14 6RD實施拓撲
步驟1.完成IPv4網絡
三臺設備的配置相同,啟用了eigrp作為承載路由的協議
r```
outer eigrp 90
network 172.16.0.0
CE-R3#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(90)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 172.16.123.1 Et0/0 13 00:49:29 10 100 0 6
CE-R3#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
-
- replicated route, % - next hop override
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
D 172.16.0.1/32 [90/409600] via 172.16.123.1, 00:49:38, Ethernet0/0
D 172.16.0.2/32 [90/409600] via 172.16.123.2, 00:49:38, Ethernet0/0
環回口必須數據可達,因為IPv6的通信其實是6RD隧道的源地址之間的通信,而在本案例中,我們6RD隧道的源地址為環回接口
CE-R3#ping 172.16.0.1 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.0.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/6 ms
CE-R3#ping 172.16.0.2 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
Packet sent with a source address of 172.16.0.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/4/6 ms
## 步驟2.實施6RD隧道以及實現IPv6的路由
BR-R5
ipv6 general-prefix 6RD 6rd Tunnel1 //6RD隧道1的前綴通過通用前綴獲得
!
interface Tunnel1
no ip address
no ip redirects
ipv6 address 6RD ::/128 //隧道的地址通過6RD獲得
tunnel source Loopback0 //隧道的源地址為環回口,而在前邊的實施中已經使得環回口數據可達
tunnel mode ipv6ip 6rd //實施隧道的模式為6RD
tunnel 6rd ipv4 prefix-len 16 //定義6RD隧道的通用IPv4前綴長度為16,沒有定義通用IPv4後綴
tunnel 6rd prefix 2003:AABB::/32 //自定義6RD隧道的前32位
!
ipv6 route 2003:AABB::/32 Tunnel1 //定義靜態路由,到達2003:AABB::/32前綴的出接口為隧道1
!
interface Loopback5
no ip address
ipv6 address 2003:8888::1/64 //該接口默認IPv6互聯網地址
CE-R6:
ipv6 general-prefix 6RD 6rd Tunnel1
!
interface Tunnel1
no ip address
no ip redirects
ipv6 address 6RD ::/128
tunnel source Loopback0
tunnel mode ipv6ip 6rd
tunnel 6rd ipv4 prefix-len 16
tunnel 6rd prefix 2003:AABB::/32
tunnel 6rd br 172.16.0.1 //在客戶側的CE設備上定義BR,可以通過BR實現互聯網訪問
!
ipv6 route 2003:AABB::/32 Tunnel1 //到達IPv6的通用前綴出接口為隧道1
ipv6 route ::/0 Tunnel1 2003:AABB:1:: //實施到達IPv6的默認路由出接口為隧道1,下一跳中繼到BR的6RD隧道的48位通用前綴。
!
interface Loopback5
no ip address
ipv6 address 2003:AABB:3:1::1/64
CE-R3
ipv6 general-prefix 6RD 6rd Tunnel1
!
interface Tunnel1
no ip address
no ip redirects
ipv6 address 6RD ::/128
tunnel source Loopback0
tunnel mode ipv6ip 6rd
tunnel 6rd ipv4 prefix-len 16
tunnel 6rd prefix 2003:AABB::/32
tunnel 6rd br 172.16.0.1
!
ipv6 route 2003:AABB::/32 Tunnel1
ipv6 route ::/0 Tunnel1 2003:AABB:1::
!
interface Loopback5
no ip address
ipv6 address 2003:AABB:2:1::1/64
驗證6RD隧道和IPv6路由
CE-R2#show tunnel 6rd
Interface Tunnel1:
Tunnel Source: 172.16.0.2
6RD: Operational, V6 Prefix: 2003:AABB::/32
V4 Prefix, Length: 16, Value: 172.16.0.0
V4 Suffix, Length: 0, Value: 0.0.0.0
Border Relay address: 172.16.0.1
General Prefix: 2003:AABB:2::/48
CE-R3#show tunnel 6rd
Interface Tunnel1:
Tunnel Source: 172.16.0.3
6RD: Operational, V6 Prefix: 2003:AABB::/32
V4 Prefix, Length: 16, Value: 172.16.0.0
V4 Suffix, Length: 0, Value: 0.0.0.0
Border Relay address: 172.16.0.1
General Prefix: 2003:AABB:3::/48
BR-R1#show tunnel 6rd
Interface Tunnel1:
Tunnel Source: 172.16.0.1
6RD: Operational, V6 Prefix: 2003:AABB::/32
V4 Prefix, Length: 16, Value: 172.16.0.0
V4 Suffix, Length: 0, Value: 0.0.0.0
General Prefix: 2003:AABB:1::/48 //BR設備得到的通用路由前綴
CE-R3#show ipv6 route
IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, ls - LISP site
ld - LISP dyn-EID, a - Application
S ::/0 [1/0]
via 2003:AABB:1::, Tunnel1
S 2003:AABB::/32 [1/0]
via Tunnel1, directly connected
LC 2003:AABB:3::/128 [0/0]
via Tunnel1, receive
C 2003:AABB:3:1::/64 [0/0]
via Loopback5, directly connected
L 2003:AABB:3:1::1/128 [0/0]
via Loopback5, receive
L FF00::/8 [0/0]
via Null0, receive
CE-R2#show ipv6 route
IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, ls - LISP site
ld - LISP dyn-EID, a - Application
S ::/0 [1/0]
via 2003:AABB:1::, Tunnel1
S 2003:AABB::/32 [1/0]
via Tunnel1, directly connected
LC 2003:AABB:2::/128 [0/0]
via Tunnel1, receive
C 2003:AABB:2:1::/64 [0/0]
via Loopback5, directly connected
L 2003:AABB:2:1::1/128 [0/0]
via Loopback5, receive
L FF00::/8 [0/0]
via Null0, receive
CE-R3#ping 2003:8888::1 source lo5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2003:8888::1, timeout is 2 seconds:
Packet sent with a source address of 2003:AABB:3:1::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/6 ms
!
CE-R2#ping 2003:8888::1 source lo5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2003:8888::1, timeout is 2 seconds:
Packet sent with a source address of 2003:AABB:2:1::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
IPv6主機已經可以通信,那麽報文又是如何封裝的呢,讀者可以通過圖7-15查看
圖7-15 6RD隧道的封裝解析
![](https://s1.51cto.com/images/blog/201903/22/94e2ff752d2e689be931ea1d3e7f1b77.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
思科6RD-從IPv4快速過渡到IPv6部署,從理論到實現講解