IPv4 and IPv6 tunneling

Tunneling is a widespread technique used in networking, to resolve many problems: IPv4 / IPv6 migration, Virtual Private Networks, routing. It consists in encapsulating a packet into a new layer 3 packet, by appending an IP header. 6WIND Turbo IPsec provides several techniques to tunnel IP packets into new IP packets (the inner and outer IP versions may differ).

Tunneling techniques create a virtual layer 2 link (called a tunnel) between the source and destination of the encapsulating packets, and hide the network topology between these two endpoints, as if the two endpoints where directly connected. Therefore, 6WIND Turbo IPsec creates a logical point-to-point interface, that appears in the list of interfaces and that can be used by other functions, notably routing.

There are 4 different types of tunnel:

  • 4in4. IPv4 in IPv4 Configured Tunnels encapsulates IPv4 traffic in an explicit IPv4 tunnel.

  • 6in4. An IPv6 in IPv4 configured tunnel encapsulates IPv6 traffic in an explicit IPv4 tunnel.

  • 4in6. IPv4 in IPv6 Configured Tunnels encapsulates IPv4 traffic in an explicit IPv6 tunnel. That could be useful to simulate VLANs. That could be useful for the interconnection of IPv4 clouds on an IPv6 native service

  • 6in6. IPv6 in IPv6 Configured Tunnels encapsulates IPv6 traffic in an explicit IPv6 tunnel.

Here is an example of a 4in6 tunnel named tun4in6 in VRF main, linked to underlying interface named eth0.

vrouter running vrf main# interface ipip tun4in6
vrouter running ipip tun4in6#! local fd00:125::1 remote fd00:125::2 link-interface eth0
vrouter running ipip tun4in6# ipv4 address 192.168.0.1 peer 192.168.0.2
vrouter running ipip tun4in6# commit

The tunnel interface is configured as soon as the provided eth0 is configured in VRF main.

Let’s fetch the state afer committing this configuration:

vrouter running vrf main# interface ipip tun4in6
running ipip tun4in6# show state
ipip tun4in6
    mtu 1452
    enabled true
    ipv4
        address 192.168.0.1 peer 192.168.0.2
        ..
    ipv6
        address fe80::7cb3:5fff:feb7:e3af/64
        ..
    local fd00:125::1
    remote fd00:125::2
    link-interface eth0
    oper-status UNKNOWN
    counters
        in-octets 0
        in-unicast-pkts 0
        in-discards 0
        in-errors 0
        out-octets 0
        out-unicast-pkts 0
        out-discards 0
        out-errors 0
        ..
    ..

The same configuration can be made using this NETCONF XML configuration:

vrouter running config# show config xml absolute vrf main interface ipip tun4in6
<config xmlns="urn:6wind:vrouter">
  <ha xmlns="urn:6wind:vrouter/ha"/>
  <vrf>
    <name>main</name>
    <interface xmlns="urn:6wind:vrouter/interface">
      <ipip xmlns="urn:6wind:vrouter/ipip">
        <name>tun4in6</name>
        <enabled>true</enabled>
        <ethernet/>
        <ipv4>
          <enabled>true</enabled>
          <address>
            <ip>192.168.0.1</ip>
            <peer>192.168.0.2</peer>
          </address>
        </ipv4>
        <ipv6>
          <enabled>true</enabled>
        </ipv6>
        <local>fd00:125::1</local>
        <remote>fd00:125::2</remote>
        <link-interface>eth0</link-interface>
      </ipip>
    </interface>
  </vrf>
</config>

See also

The command reference for details.