IPv6Tunnels/ExampleConfigs

From initLab
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Example configs

Linux

Tunnel interface on Debian

auto marla-ipv6-spn
iface marla-ipv6-spn inet6 v4tunnel
	mode ipip
	ttl 225
	address 2001:67c:21bc:7fff:0001:2:0:2
	netmask 120
	local USER-IP-ADDRESS
	endpoint 79.98.105.18
	gateway 2001:67c:21bc:7fff:0001:2:0:1

Tunnel interface on OpenWRT

Install the 6in4 package, and add something like this to /etc/config/network (change the addresses): 

config interface 'crock6'
	option proto '6in4'
	option peeraddr '79.98.105.18'
	option ip6addr '2001:67c:21bc:7fff:0001:10:0:2/64'
	option ip6gw '2001:67c:21bc:7fff:0001:10:0:1'
	option ip6prefix '2001:67c:21bc:c::/64'
	option ttl '255'

quagga

In this example, 2001:67c:21bc:7fff:2:1:0:1 and 2001:67c:21bc:7fff:2:1:1:1 are the remote end-points of the tunnels, 2001:67c:21bc:4::/62 is the assigned network, and 65535 is the ASN delegated to this peer.

Basically, this configuration says "connect to the two peers, and filter what I announce to them to be just my own network".

(this is actually the live configuration of initLab)

bgpd.conf: 

!
router bgp 65535
 bgp router-id 192.168.232.1
 no bgp default ipv4-unicast
 neighbor 2001:67c:21bc:7fff:2:1:0:1 remote-as 200533
 neighbor 2001:67c:21bc:7fff:2:1:0:1 interface lab-ipv6-od
 neighbor 2001:67c:21bc:7fff:2:1:0:1 timers 3 10
 neighbor 2001:67c:21bc:7fff:2:1:1:1 remote-as 200533
 neighbor 2001:67c:21bc:7fff:2:1:1:1 interface lab-ipv6-tbc
 neighbor 2001:67c:21bc:7fff:2:1:1:1 timers 3 10
!
 address-family ipv6
 network 2001:67c:21bc:4::/62
 neighbor 2001:67c:21bc:7fff:2:1:0:1 activate
 neighbor 2001:67c:21bc:7fff:2:1:0:1 route-map external-out out
 neighbor 2001:67c:21bc:7fff:2:1:1:1 activate
 neighbor 2001:67c:21bc:7fff:2:1:1:1 route-map external-out out
 exit-address-family
!
ipv6 prefix-list mine seq 5 permit 2001:67c:21bc:4::/62
ipv6 prefix-list mine seq 15 deny any
!
route-map external-out permit 10
 match ipv6 address prefix-list mine
!
route-map external-out deny 20
!

bird

This is /etc/bird/bird6.conf: 


# Configure logging
log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };

# Listen only on IPv6
listen bgp v6only;


# Write your router id here, any ipv4 address that you have will do
router id 46.233.38.1;

# The direct protocol automatically generates device routes to
# all network interfaces. Can exist in as many instances as you wish
# if you want to populate multiple routing tables with device routes.
protocol direct {
	interface "*";
}

# This pseudo-protocol performs synchronization between BIRD's routing
# tables and the kernel. If your kernel supports multiple routing tables
# (as Linux 2.2.x does), you can run multiple instances of the kernel
# protocol and synchronize different kernel tables with different BIRD tables.
protocol kernel {
	export all;

	# Usually, only best routes are exported to the kernel protocol. With
	# path merging enabled, both best routes and equivalent non-best routes
	# are merged during export to generate one ECMP (equal-cost multipath)
	# route for each network. This is useful e.g. for BGP multipath. Note
	# that best routes are still pivotal for route export (responsible for
	# most properties of resulting ECMP routes), while exported non-best
	# routes are responsible just for additional multipath next hops. This
	# option also allows to specify a limit on maximal number of nexthops in
	# one route. By default, multipath merging is disabled. If enabled,
	# default value of the limit is 16. bird 1.6.2+ required.
	#merge paths;
}

# This pseudo-protocol watches all interface up/down events.
protocol device {
	# Time in seconds between two scans of the network interface list. On
	# systems where we are notified about interface status changes
	# asynchronously (such as newer versions of Linux), we need to scan the
	# list only in order to avoid confusion by lost notification messages,
	# so the default time is set to a large value.
	#scan time 10;           # Scan interfaces every 10 seconds
}

protocol static {
	# REPLACE WITH YOUR NET HERE
	route 2001:67c:21bc:4::/64 unreachable; # Sink route
}

filter ext_originate_ip6 {
	# REPLACE WITH YOUR NET HERE
	if (net = 2001:67c:21bc:4::/64 ) then accept;
	else reject;
}

template bgp t_ext_ip6 {
	# replace ASN here!
	local as 65532;
	export filter ext_originate_ip6;
}


# REPLACE NEIGHBOR IPs HERE

# IPv6 bgp link to marla
protocol bgp marla_tbc_ip6 from t_ext_ip6 {
	description "uplink to marla/tbc over ipv6";
	neighbor 2001:67c:21bc:7fff:1:9:0:1 as 200533;
	# preference 110;        # Set higher preference for Marla
}

# IPv6 bgp link to tyler
protocol bgp tyler_tbc_ip6 from t_ext_ip6 {
	description "uplink to tyler/tbc over ipv6";
	neighbor 2001:67c:21bc:7fff:2:9:0:1 as 200533;
}

Mikrotik

TODO: explain config 

/interface 6to4
add comment="initlab ipv6" local-address=46.47.81.47 mtu=1480 name=\
    marla-ipv6-bsc remote-address=79.98.105.18
add comment="initlab ipv6" local-address=46.47.81.47 mtu=1480 name=\
    tyler-ipv6-bst remote-address=78.128.1.18
/routing bgp instance
set default as=65531
/ipv6 address
add address=2001:67c:21bc:7fff:1:4:0:2/120 advertise=no comment=uplink-marla \
    interface=marla-ipv6-bsc
add address=2001:67c:21bc:2:4e5e:cff:feb5:3e93 comment="lan" eui-64=\
    yes interface=bridge-lan
add address=2001:67c:21bc:7fff:2:4:1:2/120 advertise=no comment=uplink-tyler \
    interface=tyler-ipv6-bst
/routing bgp network
add network=2001:67c:21bc:2::/64 synchronize=no
/routing bgp peer
add address-families=ipv6 name=tyler remote-address=\
    2001:67c:21bc:7fff:2:4:1:1 remote-as=200533 ttl=default
add address-families=ipv6 name=marla remote-address=\
    2001:67c:21bc:7fff:1:4:0:1 remote-as=200533 ttl=default

Juniper

Juniper SRX

  • XX.XX.XX.XX is your local ip address

interfaces {
   ip-0/0/0 {
        unit 0 {
            tunnel {
                source XX.XX.XX.XX;
                destination 79.98.105.18;
                ttl 255;
            }
            family inet6 {
                address 2001:67c:21bc:7fff:0001:12:1:2/120;
            }
        }
        unit 1 {
            tunnel {
                source XX.XX.XX.XX;
                destination 78.128.1.18;
                ttl 255;
            }
            family inet6 {
                address 2001:67c:21bc:7fff:0002:12:0:2/120;
            }
        }
    }
}
routing-options {
    graceful-restart;
    rib inet6.0 {
        static {
            route 2001:67c:21bc:e::/64 {
                discard;
                as-path {
                    origin igp;
                }
            }
        }
    }
    router-id XX.XX.XX.XX;
    autonomous-system 65529;
}
protocols {
    bgp {
        group IPv6-BG-Tunnels {
            type external;
            import import-IPv6-ludost-net;
            family inet6 {
                any;
            }
            export export-IPv6-ludost-net;
            neighbor 2001:67c:21bc:7fff:0001:12:1:1 {
                local-address 2001:67c:21bc:7fff:0001:12:1:2;
                peer-as 200533;
                local-as 65529;
            }
            neighbor 2001:67c:21bc:7fff:0002:12:0:1 {
                local-address 2001:67c:21bc:7fff:0002:12:0:2;
                peer-as 200533;
                local-as 65529;
            }
        }
    }
}
policy-options {
    policy-statement export-IPv6-ludost-net {
        term 0 {
            from {
                route-filter 2001:67c:21bc:e::/64 exact;
            }
            then accept;
        }
        term default {
            then reject;
        }
    }
    policy-statement import-IPv6-ludost-net {
        term default {
            then accept;
        }
    }
}
security {
    forwarding-options {
        family {
            inet6 {
                mode packet-based;
            }
        }
    }
}
Retrieved from "https://wiki.initlab.org/index.php?title=IPv6Tunnels/ExampleConfigs&oldid=443"