IPv6 Tunnel on your Cisco Router!

Heya, it’s me again. I thought I’d throw out a quick and dirty post since it’s been a while. Plus, I have a topic that’s more network-related, which is nice for this site since I know it’s trying to stay mainly networking related.

ISPs are still slow to adopt IPv6. Very few of us can say that we have globally-accessible IPv6 addresses. That’s annoying since it’s 2011 and all, but if you have a Cisco router, I can show you how to create an IPv6 tunnel that will you have dual-stacked and on the IPv6 Internet in no time! This article assumes that you cannot use native IPv6 out to the Internet, and that you already have the router properly set up and in use in an IPv4 network.

My router is a 2621XM, I bought it for $150 on eBay. It has two FastEthernet ports. It was manufactured in 1999. So any model at least as recent as that should be able to handle this just fine. I do IPv4 NATing between the two FE ports so that the rest of my home network served by my AT&T U-Verse Residential Gateway stays separate from my lab network, but the lab still has to go through the U-Verse gateway to reach the Internet.

For this to work for me, I needed to configure my U-Verse Gateway to put my Cisco router in “DMZ+” mode, and allow the outside interface of my Cisco router to receive a DHCP address. This allows my U-Verse gateway to assign my router the same public IPv4 address as itself.

We’re going to utilize the free service at Hurricane Electric for this. Follow that link and sign up. It’s their “Tunnel Broker” service that you’re after. After a short quiz, they will give you your very own IPv6 tunnel and your very own IPv6 address space!

All you need to do now is configure your router. If you’re reading this site this is probably elementary to you, so you know what these shorthand commands mean:

Router#conf t
Router(config)#ipv6 unicast-routing
Router#copy run start

At this point you have enabled ipv6 routing globally. Next, create a tunnel on your router like this:

Router#conf t
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 enable
ipv6 address 2001:470:1f0e:5a4::2/64 (Use your side of the endpoint that Hurricane electric gave you!)
tunnel source (Your public IPv4 address)
tunnel destination (Hurricane Electric’s IPv4 endpoint for this tunnel)
tunnel mode ipv6ip
ipv6 route ::/0 Tunnel0

And you’re pretty much done! Configure your clients with an IPv6 address in that space, and you now have IPv6 connectivity all the way to the Internet. Google has a public DNS server at 2001:4860:4860::8888. Test out your tunnel by trying to ping that address. Remember that IPv6 and IPv4 are quite different. There is no NAT in IPv6. Internet communication is the way it was truly meant to be – end to end. That also means the need to protect yourself with firewalls will become more important than ever, since you can’t hide behind a NAT anymore!

Now you can surf the web with a “dual-stack,” meaning that you’re runnnig both IPv4 and IPv6 — and your IPv4 packets will take their normal route, while your IPv6 packets will be diverted through your new tunnel. Seamlessly. Pretty neat huh? Try to ping ipv6.google.com and see what happens! I guess that’ll have to do until ISPs catch up with IPv6 technology.

From here I could go on into configuring your own Windows-based DHCPv6 server, configuring your DNS server for IPv6 clients, etc… but that’s for another post. 🙂