IPv6 Administration Guide

Configuring IP in IP Tunnels

This section describes how you manually configure IP in IP tunnels. For information on configuring an automatic 6to4 tunnel, refer to How to Configure a 6to4 Router.

IPv6 supports the following types of tunnel encapsulation:

For conceptual descriptions of tunnels, see Solaris Tunneling Interfaces for IPv6 and Tunneling Mechanism.

Configuring IP in IP Tunnels Task Map

Table 2–3 Configuring IP in IP Tunnels Task Map

Task 

Description 

Instructions 

Manually configuring IPv6 over IPv4 tunnels 

Shows the entries required for the hostname6.ip.tunn file.

How to Configure IPv6 Over IPv4 Tunnels

Automatically configuring IPv6 over IPv4 tunnels (6to4 tunnels) 

Shows entries required for the hostname6.ip.6to4tun file.

How to Configure a 6to4 Router

Configuring IPv6 over IPv6 tunnels 

Shows the entries required for the hostname6.ip.6.tunn file.

How to Configure IPv6 Over IPv6 Tunnels

Configuring IPv4 over IPv6 tunnels 

Shows the entries required for the hostname.ip6.tunn file.

How to Configure IPv4 Over IPv6 Tunnels

Configuring IPv4 over IPv4 tunnels 

Shows the entries required for the hostname.ip.tunn file.

How to Configure IPv4 Over IPv4 Tunnels

Configuring a tunnel between a 6to4 router and a 6to4 relay router 

Describes how to enable a tunnel to a 6to4 relay router by using the 6to4relay command.

How to Configure a 6to4 Tunnel to a 6to4 Relay Router

Configuring your router to advertise over tunneling interfaces 

Shows the entries required for the /etc/inet/ndpd.conf file.

How to Configure Your Router to Advertise Over Tunneling Interfaces

How to Configure IPv6 Over IPv4 Tunnels


Note –

The best way to pass IPv6 packets over an IPv4 network is to use an automatic 6to4 tunnel. For instructions for implementing 6to4 routing at your site, refer to How to Configure a 6to4 Router.


  1. Become superuser.

  2. Create the file /etc/hostname6.ip.tunn. Use the values 0, 1, 2, and so on, for n. Then, add entries by following these steps.

    1. Add the tunnel source addresses. Then, add the tunnel destination addresses.


      tsrc IPv4-source-addr tdst IPv4-destination-addr up
    2. (Optional) Add a logical interface for the source and destination IPv6 addresses.


      addif IPv6-source-address  IPv6-destination-address up

      Omit this step if you want the address autoconfigured for this interface. You do not need to configure link-local addresses for your tunnel. Link-local addresses are configured automatically.

When you finish configuring the tunnels, you must reboot.


Note –

You must perform the same steps at the other end of the tunnel for bidirectional communication to occur.


If your system is to be configured as a router, you must also configure your router to advertise over tunneling interfaces before rebooting. See How to Configure Your Router to Advertise Over Tunneling Interfaces.

Example—Entry for IPv6 Configuration File to Autoconfigure IPv6 Addresses

This example shows a tunnel for which all IPv6 addresses are autoconfigured.


tsrc 129.146.86.138 tdst 192.168.7.19 up

Example—Entry in the IPv6 Configuration File for Manually Configured Addresses

This example shows a tunnel for which global source and global destination addresses are manually configured. The site-local source and site-local destination addresses are also manually configured.


tsrc 120.46.86.138 tdst 190.68.7.19 up
addif fec0::1234:a00:fe12:528 fec0::5678:a00:20ff:fe12:1234 up
addif 2::1234:a00:fe12:528 2::5678:a00:20ff:fe12:1234 up

How to Configure IPv6 Over IPv6 Tunnels

  1. Become Superuser.

  2. Create the file /etc/hostname6.ip6.tunn. Use the values 0, 1, 2, and so on, for n. Then, add entries by following these steps.

    1. Add the tunnel source address. Then, add the tunnel destination address.


      tsrc IPv6-source-address tdst IPv6-destination-address
      IPv6-packet-source-address IPv6-packet-destination-address up
    2. (Optional) Add a logical interface for the source and destination IPv6 addresses.


      addif IPv6-source-address  IPv6-destination-address up

      Omit this step if you want the address autoconfigured for this interface. You do not need to configure link-local addresses for your tunnel. Link-local addresses are configured automatically.

When you finish configuring the tunnels, you must reboot.


Note –

You must perform the same steps at the other end of the tunnel for bidirectional communication to occur.


If your system is to be configured as a router, you must also configure your router to advertise over tunneling interfaces before rebooting. See How to Configure Your Router to Advertise Over Tunneling Interfaces.

Example—Entry in the IPv6 Configuration File to Create an IPv6 over IPv6 Tunnel

This example shows the entry for an IPv6 over IPv6 tunnel.


tsrc 2000::114:a00:20ff:fe72:668c tdst 2000::103:a00:20ff:fe9b:a1c3
fe80::4 fe80::61 up

How to Configure IPv4 Over IPv6 Tunnels

  1. Become Superuser.

  2. Create the file /etc/hostname.ip6.tunn. Use the values 0, 1, 2, and so on, for n. Then, add entries by following these steps.

    1. Add the tunnel source address. Then, add the tunnel destination address.


      tsrc IPv6-source-address tdst IPv6-destination-address
      tunnel-IPv4-source-address tunnel-IPv4-destination-address up
    2. (Optional) Add a logical interface for the source and destination IPv6 addresses.


      addif IPv6-source-address  IPv6-destination-address up

When you finish configuring the tunnels, you must reboot.


Note –

You must perform the same steps at the other end of the tunnel for bidirectional communication to occur.


If your system is to be configured as a router, you must also configure your router to advertise over tunneling interfaces before rebooting. See How to Configure Your Router to Advertise Over Tunneling Interfaces.

Example—Entry in the IPv4 Configuration File to Create an IPv4 Over IPv6 Tunnel

This example shows the entry for an IPv4 over IPv6 tunnel.


tsrc 2000::114:a00:20ff:fe72:668c tdst 2000::103:a00:20ff:fe9b:a1c3
10.0.0.4 10.0.0.61 up

How to Configure IPv4 Over IPv4 Tunnels

  1. Become Superuser.

  2. Create the file /etc/hostname.ip.tunn. Use the values 0, 1, 2, and so on, for n. Then, add entries by following these steps.

    1. Add the tunnel source address. Then, add the tunnel destination address.


      tsrc IPv4-source-address tdst IPv4-destination-address
      tunnel-IPv4-source-address tunnel-IPv4-destination-address up
    2. (Optional) Add a logical interface for the source and destination IPv4 addresses.


      addif IPv4-source-address  IPv4-destination-address up

When you finish configuring the tunnels, you must reboot.


Note –

You must perform the same steps at the other end of the tunnel for bidirectional communication to occur.


If your system is to be configured as a router, you must also configure your router to advertise over tunneling interfaces before rebooting. See How to Configure Your Router to Advertise Over Tunneling Interfaces.

Example—Entry in the IPv4 Configuration File to Create an IPv4 Over IPv4 Tunnel

This example shows the entry for an IPv4 over IPv4 tunnel.


tsrc 120.46.86.158 tdst 120.46.86.122
10.0.0.4 10.0.0.61 up

How to Configure Your Router to Advertise Over Tunneling Interfaces

Following these steps for each tunnel.

  1. Become superuser.

  2. Edit the /etc/inet/ndpd.conf file. Add entries by using the following steps.

    1. Enable router advertisement over the tunneling interface.


      if ip.tunn AdvSendAdvertisements 1
    2. Add prefixes as needed.


      prefix interface-address ip.tunn
      
  3. Reboot.

How to Configure a 6to4 Tunnel to a 6to4 Relay Router


Caution – Caution –

Because of major security issues, by default 6to4 relay router support is disabled in the Solaris operating system. See Considerations for Tunnels to a 6to4 Relay Router and Internet Draft, Security Considerations for 6to4.


Before you enable a tunnel to a 6to4 relay router, you must have completed the following tasks:

  1. Become superuser on the 6to4 router.

  2. Enable a tunnel to the 6to4 relay router by using either of the following formats:

    • Enable a tunnel to an anycast 6to4 relay router.


      # /usr/sbin/6to4relay -e
      

      The -e option sets up a tunnel between the 6to4 router and an anycast 6to4 relay router. Anycast 6to4 relay routers have the well-known IPv4 address 192.88.99.1. The anycast relay router that is physically nearest to your site becomes the endpoint for the 6to4 tunnel. This relay router then handles packet forwarding between your 6to4 site and a native IPv6 site.

      For detailed information about anycast 6to4 relay routers, refer to RFC 3068, "An Anycast Prefix for 6to4 Relay Routers"

    • Enable a tunnel to a specific 6to4 relay router.


      # /usr/sbin/6to4relay -e -a relay-router-address
      

      The -a option indicates that a specific router address is to follow. Replace relay-router-address with the IPv4 address of the specific 6to4 relay router with which you want to enable a tunnel.

    The tunnel to the 6to4 relay router remains active until you remove the 6to4 tunnel pseudo-interface.

  3. Delete the tunnel to the 6to4 relay router, when no longer needed, by typing the following:


    # /usr/sbin/6to4relay -d
    

  4. (Optional) Make the tunnel to the 6to4 relay router persistent across reboots.

    Your site might have a compelling reason to have the tunnel to the 6to4 relay router reinstated each time the 6to4 router reboots. To support this scenario, you must do the following.

    1. Edit the/etc/default/inetinit file.

      The line that you need to modify is at the end of the file.

    2. Change the “NO” value in the line ACCEPT6TO4RELAY=NO to “YES.”

    3. (Optional) Create a tunnel to a specific 6to4 relay router that persists across reboots.

      For the parameter RELAY6TO4ADDR, change the address 192.88.99.1 to the IPv4 address of the 6to4 relay router that you want to use.

Examples—Getting Status Information About 6to4 Relay Router Support

You can use /usr/bin/6to4relay to find out whether support for 6to4 relay routers is enabled. The next example shows the output when support for 6to4 relay routers is disabled, as is the default in the Solaris operating system:


# /usr/sbin/6to4relay
6to4relay: 6to4 Relay Router communication support is disabled.

When support for 6to4 relay routers is enabled, you receive the following output:


# /usr/sbin/6to4relay
6to4relay: 6to4 Relay Router communication support is enabled.
IPv4 destination address of Relay Router=192.88.99.1