1 00:00:02,241 --> 00:00:08,657 [music] 2 00:00:08,657 --> 00:00:15,985 So let's jump in with just standard GRE tunnels over IPv6. 3 00:00:15,985 --> 00:00:19,422 For this, we're going to be using a different topology. 4 00:00:19,422 --> 00:00:25,434 This is also saved out there under IPv6 VPN topology. 5 00:00:25,434 --> 00:00:28,603 The basic idea here is, we're going 6 00:00:28,603 --> 00:00:32,200 to use this for VPN MPLS, 7 00:00:32,200 --> 00:00:37,943 really for all of our tunneling or VPN technologies here. 8 00:00:37,943 --> 00:00:40,307 We're going to start with GRE, and we're not going to use all 9 00:00:40,307 --> 00:00:42,323 of these devices for all of the sections. 10 00:00:42,323 --> 00:00:44,199 There's really no need. 11 00:00:44,199 --> 00:00:46,480 But this is the topology that's built 12 00:00:46,480 --> 00:00:48,541 that will support everything 13 00:00:48,541 --> 00:00:51,741 we need it to support moving forward. 14 00:00:51,741 --> 00:00:54,283 The important thing to understand here 15 00:00:54,283 --> 00:01:00,944 is that the switches are just acting like any devices. 16 00:01:00,944 --> 00:01:04,546 We have the IPv4 address listed here, 17 00:01:04,546 --> 00:01:07,583 but it corresponds with what 18 00:01:07,583 --> 00:01:12,338 the IPv6 address is going to be on that subnet as well, 19 00:01:12,338 --> 00:01:15,885 and you'll see those as we go. 20 00:01:15,885 --> 00:01:24,076 VLANs 71, 91, 84, 65, 105, these are all IPv6 enabled already. 21 00:01:24,076 --> 00:01:28,538 Now, our PE routers, which again, 22 00:01:28,538 --> 00:01:29,830 it may or may not be provided, 23 00:01:29,830 --> 00:01:32,911 could of course also just be your edge routers. 24 00:01:32,911 --> 00:01:34,410 That's irrelevant. 25 00:01:34,410 --> 00:01:36,775 We're just looking at the technologies here. 26 00:01:36,775 --> 00:01:41,689 But those are also already configured with IPv6 addresses. 27 00:01:41,689 --> 00:01:45,382 But as we move into technologies such as MPLS and such, 28 00:01:45,382 --> 00:01:47,773 we will be redoing. 29 00:01:47,773 --> 00:01:52,047 So we're going to start with just GRE, 30 00:01:52,047 --> 00:01:53,664 and we'll just build one tunnel 31 00:01:53,664 --> 00:01:55,793 between R1 and R4. 32 00:01:55,793 --> 00:02:01,613 So essentially, we're just going to get our IPv6 from switch 1 to 33 00:02:01,613 --> 00:02:07,555 switch 2 across the top there, and tunnel between R1 and R4. 34 00:02:07,555 --> 00:02:09,549 The most important thing to note 35 00:02:09,549 --> 00:02:15,476 about this diagram is that the core 36 00:02:15,476 --> 00:02:17,881 in the middle there, everything inside the cloud 37 00:02:17,881 --> 00:02:21,230 if you will, is IPv4 only. 38 00:02:21,230 --> 00:02:23,880 It's going to remain that way the whole time. 39 00:02:23,880 --> 00:02:28,304 There's no IPv6 in the cloud. 40 00:02:28,304 --> 00:02:35,203 As we move into this, let's hop over here to our command line. 41 00:02:35,203 --> 00:02:36,180 Let's take a look. 42 00:02:36,180 --> 00:02:46,906 On router 1, for example, if I were to say do show ipv6 route, 43 00:02:46,906 --> 00:02:52,193 all he has is literally a route to Null0. 44 00:02:52,193 --> 00:02:55,213 That's it. He has no IPv6 routes. 45 00:02:55,213 --> 00:02:59,327 If I said do show ipv6 interface brief, 46 00:02:59,327 --> 00:03:02,884 he going to have addresses, like I said, 47 00:03:02,884 --> 00:03:07,352 on his 71 and 91 interfaces going out 48 00:03:07,352 --> 00:03:10,090 to the switches, but not anything 49 00:03:10,090 --> 00:03:12,667 on the core. His core interface 50 00:03:12,667 --> 00:03:17,176 is Fa0/0.12 and that is currently unassigned. 51 00:03:17,176 --> 00:03:20,938 Also, if I said do show ip route, 52 00:03:20,938 --> 00:03:26,745 I want you to note that the only IPv4 routes he has is to either 53 00:03:26,745 --> 00:03:32,141 connected interfaces or the other device's loopbacks. 54 00:03:32,141 --> 00:03:35,379 The loopback numeration is on the diagram there. 55 00:03:35,379 --> 00:03:38,199 It's a little bit different than what we did before. 56 00:03:38,199 --> 00:03:42,711 It's just the device numbers all the way out. 57 00:03:42,711 --> 00:03:46,630 Just to jump in, the first thing we're going to do is we need to 58 00:03:46,630 --> 00:03:51,868 fire up-- need to is a bad word, I suppose. 59 00:03:51,868 --> 00:03:53,657 We could alway do static routes, 60 00:03:53,657 --> 00:03:57,252 but we're going to fire up 61 00:03:57,252 --> 00:04:00,786 a routing protocol over all of this. 62 00:04:00,786 --> 00:04:08,291 We're going to say-- in this case, we'll say, Rack1R1. 63 00:04:08,291 --> 00:04:12,952 We're going to say, interface tunnel 0, 64 00:04:12,952 --> 00:04:16,863 and we will say, tunnel-- well, I 65 00:04:16,863 --> 00:04:17,866 just said about the protocol and 66 00:04:17,866 --> 00:04:19,977 I'm jumping into the tunnel. 67 00:04:19,977 --> 00:04:22,032 Let's do our protocols first, 68 00:04:22,032 --> 00:04:23,428 although we could turn it on here as well 69 00:04:23,428 --> 00:04:24,501 since we're already here. 70 00:04:24,501 --> 00:04:29,116 We'll just do EIGRP, just to pick one to start with. 71 00:04:29,116 --> 00:04:37,419 So ipv6 eigrp 100 - easy enough - interface. 72 00:04:37,419 --> 00:04:38,761 And like I said, this is just going 73 00:04:38,761 --> 00:04:40,265 to be the one up at the top. 74 00:04:40,265 --> 00:04:48,578 So this is going to be interface FA0/0.71, 75 00:04:48,578 --> 00:04:51,532 also running EIGRP 100. 76 00:04:51,532 --> 00:04:56,537 And then ipv6 router eigrp 100. 77 00:04:56,537 --> 00:04:58,713 That starts the global process. 78 00:04:58,713 --> 00:05:06,434 Do show ipv6 eigrp interface, and it's 71. 79 00:05:06,434 --> 00:05:07,074 Perfect. 80 00:05:10,007 --> 00:05:16,047 We can do the exact same thing over on router 4 as well. 81 00:05:16,047 --> 00:05:18,031 So if you'll take a look at the diagram here, 82 00:05:18,031 --> 00:05:22,321 remember we're going from router 1 to router 4, 83 00:05:22,321 --> 00:05:26,720 and then of course it will involve VLAN 71 and VLAN 84. 84 00:05:26,720 --> 00:05:29,349 That's all we're going to work on for right now. 85 00:05:29,349 --> 00:05:30,889 So I just want to make sure everyone 86 00:05:30,889 --> 00:05:32,410 understands where we're at. 87 00:05:32,410 --> 00:05:42,552 On router 4, interface tunnel 0, ipv6 eigrp 100, 88 00:05:42,552 --> 00:05:48,063 interface fa0/0.84. 89 00:05:53,514 --> 00:05:59,508 Also in EIGRP 100 and then router 90 00:05:59,508 --> 00:06:06,362 ipV6 router eigrp 100, and then our switches. 91 00:06:06,362 --> 00:06:15,842 So switch 1, interface loopback 0, 92 00:06:15,842 --> 00:06:19,638 ipv6 eigrp 100. 93 00:06:19,638 --> 00:06:22,247 Loopback 1, by the way, is the one 94 00:06:22,247 --> 00:06:24,810 that has the, we'll call it the 95 00:06:24,810 --> 00:06:26,313 client prefix. 96 00:06:26,313 --> 00:06:28,041 Let me just show you here real quick. 97 00:06:28,041 --> 00:06:33,299 Do show ipv6 interface brief. 98 00:06:33,299 --> 00:06:40,600 If you look at his loopback 1, this is a /64. 99 00:06:40,600 --> 00:06:44,719 This is like the client subnet 100 00:06:44,719 --> 00:06:46,635 that this switch is presenting, 101 00:06:46,635 --> 00:06:49,787 and then this is his normal management loopback, 102 00:06:49,787 --> 00:06:52,521 if you will. I'm going to bring them both in EIGRP. 103 00:06:52,521 --> 00:06:53,996 It doesn't really matter. 104 00:06:53,996 --> 00:06:59,240 I really just want the loopback 1, but we'll bring them all in. 105 00:06:59,240 --> 00:07:04,568 Then of course, router ipv6 eigrp 100. 106 00:07:04,568 --> 00:07:05,843 That's backwards. 107 00:07:17,654 --> 00:07:19,258 Then switch 2. 108 00:07:22,022 --> 00:07:22,965 Here's the good thing we can do. 109 00:07:22,965 --> 00:07:26,169 We can just say-- well, I had typos in there. 110 00:07:26,169 --> 00:07:27,175 It's not even going to help us really. 111 00:07:27,175 --> 00:07:29,650 Switch 2 doesn't really matter. 112 00:07:29,650 --> 00:07:31,478 Interface loopback 0, 113 00:07:31,478 --> 00:07:34,598 ipv6 eigrp 100, 114 00:07:34,598 --> 00:07:36,688 interface loopback 1. 115 00:07:36,688 --> 00:07:43,487 eigrp 100. Interface vlan, and this is 84, 116 00:07:43,487 --> 00:07:50,592 eigrp 100, ipv6 router eigrp 100. 117 00:07:50,592 --> 00:07:53,302 Neighbors should come up. 118 00:07:53,302 --> 00:07:54,726 So 2 and 4 are up, 119 00:07:54,726 --> 00:08:03,777 although I did not see switch 1 and R1 never came up. 120 00:08:03,777 --> 00:08:08,041 Never did the VLAN interface. 121 00:08:08,041 --> 00:08:10,065 Interface vlan 71. 122 00:08:14,339 --> 00:08:17,398 There you go. Neighbors should come up. 123 00:08:17,398 --> 00:08:19,608 So if we've done our job correctly, 124 00:08:19,608 --> 00:08:21,381 we should be able to go to router 1 now 125 00:08:21,381 --> 00:08:25,553 and say do show ipv6 route eigrp, 126 00:08:25,553 --> 00:08:28,974 and he should have router 1's information, which he does. 127 00:08:28,974 --> 00:08:32,262 We should be able to go over to router 4, 128 00:08:32,262 --> 00:08:38,875 do show ipv6 route eigrp, and he 129 00:08:38,875 --> 00:08:45,559 should have switch 2's information, 130 00:08:45,559 --> 00:08:46,834 which he does. 131 00:08:46,834 --> 00:08:47,803 So that's good. 132 00:08:47,803 --> 00:08:51,526 Now we go back to our tunnel. 133 00:08:51,526 --> 00:08:59,229 Interface tunnel 0, and we say ipv6 address. 134 00:08:59,229 --> 00:09:09,142 I don't know 2001 DB8:100:200::, and he's the 4 end of that, /64. 135 00:09:09,142 --> 00:09:12,272 So we put an IPv6 address on the tunnel. 136 00:09:12,272 --> 00:09:13,966 We can do that on both sides. 137 00:09:28,690 --> 00:09:37,683 Then tunnel source is going to be loopback 0. 138 00:09:37,683 --> 00:09:41,466 Tunnel destination is 4.4.4.4. 139 00:09:41,466 --> 00:09:45,242 That's router 4's address. 140 00:09:45,242 --> 00:09:46,549 It's going to say that it's up. 141 00:09:46,549 --> 00:09:47,790 We know that's nonsense. 142 00:09:47,790 --> 00:09:49,251 It's a false up. 143 00:09:49,251 --> 00:09:53,519 If you want, you can say like keep 2, 144 00:09:53,519 --> 00:09:55,186 and send keepalives every 2 seconds, 145 00:09:55,186 --> 00:09:56,552 then within six seconds, it should 146 00:09:56,552 --> 00:09:58,832 tell me the tunnel's down because 147 00:09:58,832 --> 00:10:00,510 there are no keepalives on the other side. 148 00:10:00,510 --> 00:10:02,351 These are GRE keepalives. 149 00:10:02,351 --> 00:10:03,221 There we go. 150 00:10:03,221 --> 00:10:04,199 Tunnel goes down. 151 00:10:04,199 --> 00:10:05,986 That's when it realizes, Oh wait, 152 00:10:05,986 --> 00:10:08,647 the other end's not really up. 153 00:10:08,647 --> 00:10:12,779 The only thing this up meant, just like any other GRE, 154 00:10:12,779 --> 00:10:18,548 is that you have a route to get to the tunnel destination. 155 00:10:18,548 --> 00:10:20,913 It's all it really means. 156 00:10:20,913 --> 00:10:26,766 So router 4, tunnel source loopback0, 157 00:10:26,766 --> 00:10:29,060 tunnel destination 1.1.1.1. 158 00:10:33,560 --> 00:10:36,988 That's like IPV geometry or something. 159 00:10:36,988 --> 00:10:38,631 I don't know what that is. 160 00:10:38,631 --> 00:10:43,741 And then of course, keep 2, and the tunnel should come up. 161 00:10:43,741 --> 00:10:49,169 Router 1's side should come up once the keeps kick in. 162 00:10:49,169 --> 00:10:50,566 I'm not going to leave the keeps on there 163 00:10:50,566 --> 00:10:55,759 because as we move forward to other interfaces, 164 00:10:55,759 --> 00:10:57,308 interface types, it's not going to 165 00:10:57,308 --> 00:10:58,891 work because keepalives are only 166 00:10:58,891 --> 00:11:00,494 supported on GRE tunnels. 167 00:11:07,956 --> 00:11:09,063 In fact, it may not work without 168 00:11:09,063 --> 00:11:12,129 an IPv4 address anyway since both 169 00:11:12,129 --> 00:11:15,556 sides just went down. 170 00:11:15,556 --> 00:11:17,460 We're not going to keep them on there anyway. 171 00:11:17,460 --> 00:11:20,661 Just do no keeps. We're about to change this all to GRE anyway. 172 00:11:25,692 --> 00:11:26,676 There you can tell I'm ready. 173 00:11:26,676 --> 00:11:30,054 It's working because EIGRP just came up over the interface. 174 00:11:30,054 --> 00:11:37,106 Now if I said, do show ipv6 route eigrp, 175 00:11:37,106 --> 00:11:39,928 now we have the routes on both sides. 176 00:11:39,928 --> 00:11:42,902 If we were to go back to say, 177 00:11:42,902 --> 00:11:52,638 switch 1, do show ipv6 route eigrp, 178 00:11:52,638 --> 00:11:58,995 and we were to say do trace, and let's trace to-- 179 00:12:02,421 --> 00:12:04,196 let's trace to what would effectively 180 00:12:04,208 --> 00:12:05,854 be the client's subnet over there. 181 00:12:08,149 --> 00:12:13,240 ::8. There you can see that 182 00:12:13,240 --> 00:12:17,101 it hits the tunnel on router 1. 183 00:12:17,101 --> 00:12:19,401 Comes out the tunnel on the other end on router 4, 184 00:12:19,401 --> 00:12:21,962 and gets delivered to switch 2. 185 00:12:21,962 --> 00:12:23,629 So very, very simple. 186 00:12:23,629 --> 00:12:25,599 Of course, the glory of 187 00:12:25,599 --> 00:12:26,860 this whole thing is you go to say 188 00:12:26,860 --> 00:12:29,739 router 2, which is a device in the core, 189 00:12:29,739 --> 00:12:34,192 and you say, do show ipv6 interface brief, 190 00:12:34,192 --> 00:12:36,771 and he has nothing. 191 00:12:36,771 --> 00:12:38,741 Unassigned, unassigned, unassigned. 192 00:12:38,741 --> 00:12:40,958 Everything's unassigned. 193 00:12:40,958 --> 00:12:43,693 Do show ipv6 route. 194 00:12:43,693 --> 00:12:46,887 He's not even running IPv6 routing. 195 00:12:46,887 --> 00:12:52,443 So again, this is just standard GRE tunnel. 196 00:12:52,443 --> 00:12:54,144 Now, if we take a look at this 197 00:12:54,144 --> 00:12:56,304 and we go over to-- let's go 198 00:12:56,304 --> 00:12:57,836 back to switch 1. 199 00:13:00,114 --> 00:13:03,546 And let's say, do ping. 200 00:13:03,546 --> 00:13:06,364 Protocol is IPv6. 201 00:13:08,864 --> 00:13:15,848 Target, we'll just ping his loopback just to make it easy. 202 00:13:15,848 --> 00:13:18,202 Repeat count 1. 203 00:13:18,202 --> 00:13:19,982 Datagram size, I don't care. 204 00:13:19,982 --> 00:13:21,941 Time out, 1. 205 00:13:21,941 --> 00:13:23,559 This is all FastEthernet. 206 00:13:23,559 --> 00:13:25,545 It shouldn't take long. 207 00:13:25,545 --> 00:13:27,932 Extended commands, yes. 208 00:13:27,932 --> 00:13:30,033 Source interface, I don't care. 209 00:13:30,033 --> 00:13:31,995 UDP protocol is no. 210 00:13:31,995 --> 00:13:34,458 Verbos is no. I don't care about 211 00:13:34,458 --> 00:13:38,514 changing the precedence or the DSCP value. 212 00:13:38,514 --> 00:13:40,902 I don't necessarily need to see hop by hop. 213 00:13:40,902 --> 00:13:42,515 We did that with the trace. 214 00:13:42,515 --> 00:13:44,243 Destination, no. 215 00:13:44,243 --> 00:13:47,222 Sweep range of sizes, yes. 216 00:13:47,222 --> 00:13:51,780 Minimum sweep size, I'm going to do 1401 bytes. 217 00:13:51,780 --> 00:13:54,354 I'm going to say the max size, I don't care because I'm going to 218 00:13:54,354 --> 00:13:57,386 stop as soon as it starts failing anyway. 219 00:13:57,386 --> 00:13:59,096 The sweep interval is 1. 220 00:13:59,096 --> 00:14:00,939 That's how much it's going jump by. 221 00:14:00,939 --> 00:14:02,996 What this means, by the way, if you've never done this, 222 00:14:02,996 --> 00:14:04,375 this means it's going to start with 223 00:14:04,375 --> 00:14:06,995 a ping of 1401 and then it will 224 00:14:06,995 --> 00:14:11,135 do 1402, 1403, 1404, and so on. 225 00:14:11,135 --> 00:14:15,391 If I said sweep interval 2, it would do 1401, 226 00:14:15,391 --> 00:14:18,963 1403, 1405. It would jump by 2. 227 00:14:18,963 --> 00:14:21,152 That's how much it's going to jump each time. 228 00:14:21,152 --> 00:14:23,076 I'm going to start the ping and as 229 00:14:33,920 --> 00:14:33,933 soon as it hits-- Let's stop that. 230 00:14:33,933 --> 00:14:39,958 There we go. The problem is this isn't really going to do what I 231 00:14:39,958 --> 00:14:42,670 want it to do, unfortunately. 232 00:14:42,670 --> 00:14:45,607 This has to do with that whole packet too big thing. 233 00:14:45,607 --> 00:14:49,291 We could count those packets right there 234 00:14:49,291 --> 00:14:50,587 to figure out what the actual 235 00:14:50,587 --> 00:14:55,552 MTU is, but, do show interface tunnel 0. 236 00:14:59,143 --> 00:15:02,170 Unfortunately, because we 237 00:15:02,170 --> 00:15:04,986 don't have the fragmentation built 238 00:15:04,986 --> 00:15:10,932 in to IPv6 like we talked about back in the introduction part, 239 00:15:10,932 --> 00:15:12,870 unfortunately, sweeping the range 240 00:15:12,870 --> 00:15:15,352 of sizes isn't quite as nice as 241 00:15:15,352 --> 00:15:20,043 it is on IPv4 because you don't have a don't fragment bit. 242 00:15:20,043 --> 00:15:23,486 The devices in the middle can't fragment anyway. 243 00:15:23,486 --> 00:15:27,126 Basically what it means is that at 244 00:15:27,126 --> 00:15:32,670 1478 should be what we managed 245 00:15:32,670 --> 00:15:36,983 to get through here from a payload size, 246 00:15:36,983 --> 00:15:40,769 but that's not entirely correct either. 247 00:15:40,769 --> 00:15:42,240 Again, it's not going to be a really 248 00:15:42,240 --> 00:15:44,352 good indicator here as to what 249 00:15:44,352 --> 00:15:45,877 our actual MTU is. 250 00:15:48,863 --> 00:15:51,611 Why did that not show me that? 251 00:15:51,611 --> 00:15:52,933 All on the switch. 252 00:16:02,120 --> 00:16:02,771 You can see 253 00:16:02,771 --> 00:16:05,559 that the way IPv6 handles the MTU, 254 00:16:05,559 --> 00:16:07,196 is completely different anyway because 255 00:16:07,196 --> 00:16:10,690 it uses the path MTU discovery. 256 00:16:10,690 --> 00:16:12,292 But basically, at the end of the day, 257 00:16:12,292 --> 00:16:15,463 what we're saying here is that right now, 258 00:16:15,463 --> 00:16:18,006 our tunnel and protocol transport 259 00:16:18,006 --> 00:16:21,723 is GRE over IP, which means we're 260 00:16:21,723 --> 00:16:26,643 getting an extra header of GRE right now. 261 00:16:26,643 --> 00:16:27,664 The only thing we're running 262 00:16:27,664 --> 00:16:30,647 over this tunnel is IPv6. 263 00:16:30,647 --> 00:16:36,287 So there's actually no need whatsoever to have a GRE header. 264 00:16:36,287 --> 00:16:37,455 But that's the default. 265 00:16:37,455 --> 00:16:39,730 That's it. It's very simple. 266 00:16:39,730 --> 00:16:41,746 The advantage to this, of course, 267 00:16:41,746 --> 00:16:48,123 is that we could actually run IPv4 268 00:16:48,123 --> 00:16:52,063 over this if we wanted to and so on. 269 00:16:52,063 --> 00:16:53,612 We're going to change that in a minute. 270 00:16:53,612 --> 00:16:54,966 But I just wanted you to know right now 271 00:16:54,966 --> 00:16:56,082 that the tunnel transport 272 00:16:56,082 --> 00:17:00,230 MTU is 1476. So we'll come back and 273 00:17:00,230 --> 00:17:02,282 take a look at this tunnel again 274 00:17:02,282 --> 00:17:04,335 in our next section. 275 00:17:04,335 --> 00:17:06,137 What we'll do in the next section is 276 00:17:06,137 --> 00:17:09,942 we will get rid of the GRE header 277 00:17:09,942 --> 00:17:13,550 and start moving into other tunnel types. 278 00:17:13,550 --> 00:17:18,971 [music]