If I delete "tunnel 6rd ipv4 prefix-len 16" from configuration and use
my /48 6rd prefix, 6rd delegated prefix will be 80 bit length.
I am not sure whether this configuration is supported.
So, I going second way, change IPv4 address of BR to178.140.5.241 and
change all other thingth related to the hack )
Ping working!
I forgot about octets not visible to BR due to prefix-length command and
fully stateless technique.
If ASR will track this octets it will be statefull, therefore this right
behaviour.
Thank you!
Harold Ritter пишет:
Ruslan,
OK, I think we have found the issue. You use a 16 bit prefix length
("tunnel 6rd ipv4 prefix-len 16") which means that only the last 16 bits
of the ipv4 address will be inserted in the 6RD ipv6 address. The gateway
assumes the prefix is the same as the local (192.88/16) and tries to send
the reply back to 192.88.5.250. You just need to either use the same
prefix (/16) on both the client and BR or remove the following command;
"tunnel 6rd ipv4 prefix-len 16". If you do that make sure you insert the
full 32 bits ipv4 address on the workstation (manual procedure be cause of
your 6to4 hack).
Regards
Le 11-11-01 09:22, « Ruslan Pustovoytov » <ru...@inbox.ru> a écrit :
I use 178.140.5.250 IPv4 address on workstation.
It is not changed.
What is the reason to change it?
Ruslan,
I meant the IPv4 address you use on the workstation. Could you please
let
us know what it is.
Regards
Le 11-11-01 02:53, « Ruslan Pustovoytov » <ru...@inbox.ru> a écrit :
Did you mean IPv4 6RD relay address ?
Yes, I changed it from 192.88.99.127 to 192.88.98.127
Did you also change the IPv4 prefix you use on the workstation?
Le 11-10-31 09:19, « Ruslan Pustovoytov » <ru...@inbox.ru> a écrit :
I change 6rd relay IPv4 address 192.88.99.127 to 192.88.98.127 in BR
config (loopback10) and windiws 6to4 relay.
The picture is the same, ICMPv6 packet successfully going through the
network and egressing from the last iface directly connected to ASR.
But
I don't see this packets in debug output.
Harold Ritter (hritter) пишет:
Could you try using a prefix other than 192.88.99.0/24 and see if it
makes a diffrence.
Envoyé de mon iPhone
Le 2011-10-31 à 02:15, "Ruslan Pustovoytov" <ru...@inbox.ru> a
écrit :
1. Ok.
2. Exactly.
Harold Ritter пишет:
Hi Ruslan,
Two things:
1. It would be safer not to use the 192.88.99/24 prefix for this
purpose, as this prefix has been reserved for the 6to4 relay
anycast address (RFC3068).
2. According to the information below, the BR will try to
forward
the return traffic to 192.88.5.250 (prefix 192.88 + suffix =
0x5fa = 5.250). Is this the address assigned to the Windows7
Ethernet interface?
Regards
*Ruslan Pustovoytov <ru...@inbox.ru <mailto:ru...@inbox.ru>>*
Envoyé par : cisco-nsp-boun...@puck.nether.net
<mailto:cisco-nsp-boun...@puck.nether.net>
27/10/2011 09:42 AM
A
Harold Ritter <hrit...@cisco.com <mailto:hrit...@cisco.com>>
cc
cisco-nsp@puck.nether.net <mailto:cisco-nsp@puck.nether.net>
Objet
Re: [c-nsp] 6rd on ASR1k
Excuse me for a long delay.
I check all of my configuration on client and BR.
In my lab I have no native 6RD client so I use Windows machine
with
some
hack.
My client is Windows7 and I use it's 6to4 adapter to emulate 6RD
functionality.
When I assign "real" IPv4 address to Local Area network adapter,
6to4
adapter became functional.
Then delete automatic 6to4 IPv6 address (2002:....) and add new
IPv6
address accordingly to 6RD rules.
Also change default 6to4 relay to my 6RD relay IPv4 address
(192.88.99.127)
Tunnel 6TO4 Adapter:
IPv6-address. . . . . . . . . . . . : 2XXX:YYYY:206:5fa::abca
Default gateway. . . . . . . . . : 2002:c058:637f::1
My prefix-length for 6RD config in BR is 16 bit.
So, only left two octets of IPv4 address coded into 6RD IPv6
address.
I add default route for IPv6 family via command:
netsh interface ipv6>add route ::/0 6to4 2002:0c58:637f::1
Route table looks like this:
IPv6 таблица маршрута
===================================================================
==
==
====
Ðктивные маршруты:
Метрика Сетевой Ð°Ð´Ñ€ÐµÑ Ð¨Ð»ÑŽÐ·
13 281 ::/0 2002:c058:637f::1
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:5ef5:79fd:8f5:2c30:4d73:fa05/128
On-link
13 1025 2002::/16 On-link
13 281 2a02:2168:206:5fa::/64 On-link
13 281 2a02:2168:206:5fa::abca/128
On-link
12 306 fe80::/64 On-link
12 306 fe80::8f5:2c30:4d73:fa05/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
===================================================================
==
==
====
ПоÑтоÑнные маршруты:
Метрика Сетевой Ð°Ð´Ñ€ÐµÑ Ð¨Ð»ÑŽÐ·
0 4294967295 ::/0 2002:c058:637f::1
===================================================================
==
==
====
Then I ping 2XXX:YYYY:200:800::2 address.
When I did command "deb ipv6 icmp" on ASR I see some ICMP but its
did
not relevant for me.
Wireshark on Windows 6RD client show me that all ICMP packet
envelop
with right IPv4 header and successfully leaving the host.
Also last interface in my network directly attached to ASR show
increments on egress direction in packet filter with protocol 41
in
payload as mask value when I pinging.
Harold Ritter пишет:
Ruslan,
Just to make sure, do you have a default route on the 6rd client
pointing
at the 6rd BR? Since you are pinging the ASR1k itself, could you
please
run a "deb ipv6 icmp" on the ASR to see if the ICMP packets are
received.
Regards
Le 11-10-14 01:57, « Ruslan Pustovoitov » <ru...@mostelekom.net
<mailto:ru...@mostelekom.net>> a écrit :
>> Hi Harold !
This is my config relevant to 6rd.
Also, I don't know how to debug packets with protocol 41 in IP
payload
in ASR.
Debug in form "debug ip packet #access-list" do not working for
non
software routers.
interface Loopback10
description 6RD_Relay
ip address 192.88.99.127 255.255.255.255
!
interface Tunnel0
no ip address
no ip redirects
ipv6 address 2XXX:YYYY:206::/128 anycast
tunnel source Loopback10
tunnel mode ipv6ip 6rd
tunnel 6rd ipv4 prefix-len 16
tunnel 6rd prefix 2XXX:YYYY:206::/48
!
! Incoming interface for IPv6 encapsulated in IPv4 packets
interface GigabitEthernet0/0/1.531
encapsulation dot1Q 531
ip address ZZZ.ZZZ.255.210 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface GigabitEthernet0/0/0.550
encapsulation dot1Q 550
ipv6 address 2XXX:YYYY:200:800::2/126
ipv6 nd ra suppress
!
ipv6 route 2XXX:YYYY:206::/48 Tunnel0
I try to ping 2XXX:YYYY:200:800::2
This is the local IPv6 address for ASR.
Harold Ritter пишет:
>>> Ruslan,
Can you provide the BR config and the address you are trying to
ping.
Regards
Le 11-10-07 04:40, « Ruslan Pustovoitov »
<ru...@mostelekom.net
<mailto:ru...@mostelekom.net>> a
écrit :
>>> >>>> Hi all
I try to setup 6rd on asr1k accordingly to
http://docwiki.cisco.com/wiki/6rd_Configuration_Example
Then I ping6 IPv6 host from client and see that IPv6 packet
envelops in
IPv4 with right IPv4 destination (6rd relay IPv4 address).
This IPv4 packet seccessfully reach asr1k and nothing else.
Packets
silently disappear.
The output of "show tunnel 6rd tunnel 0Interface Tunnel0"
dont
show
any
counters info:
Tunnel Source: 192.88.99.127
6RD: Operational, V6 Prefix: 2YYY:ZZZZ:206::/48
V4 Prefix, Length: 16, Value: 192.88.0.0
V4 Suffix, Length: 0, Value: 0.0.0.0
General Prefix: 2YYY:ZZZZ:206:637F::/64
Also, I don't see any IPv6 packet going from asr1k to IPv6
directly
connected host where I run tcpdump.
Client seccessfully pinging 6rd relay 192.88.99.127
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
<mailto:cisco-nsp@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>> >>>
>>> >
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
<mailto:cisco-nsp@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
<mailto:cisco-nsp@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
