Subject: Re: kern/29150
To: None <is@netbsd.org>
From: Gert Doering <gert@greenie.muc.de>
List: netbsd-bugs
Date: 03/29/2005 21:41:51
Hi,
On Tue, Mar 29, 2005 at 12:13:53PM +0000, is@netbsd.org wrote:
> Responsible-Changed-Why:
> Somebody has to do it.
Thanks :-)
While you're at it: here's a documentation patch to gre(4) with an
example how to setup a NetBSD-Cisco IPv6-over-GRE tunnel.
Comments welcome, of course.
gert
------------ snip -----------
Index: gre.4
===================================================================
RCS file: /cvsroot/src/share/man/man4/gre.4,v
retrieving revision 1.29
diff -u -r1.29 gre.4
--- gre.4 7 Feb 2004 18:34:57 -0000 1.29
+++ gre.4 29 Mar 2005 19:26:36 -0000
@@ -210,6 +210,48 @@
Note that this is a safe situation where the link1 flag (as discussed in the
.Sx BUGS
section below) may (and probably should) be set.
+.Pp
+Along these lines, you can use GRE tunnels to interconnect two IPv6
+networks over an IPv4 infrastructure, or to hook up to the IPv6 internet
+via an IPv4 tunnel to a Cisco router.
+.Bd -literal
+2001:db8:1::/64 -- NetBSD A -----tunnel----- Cisco B --- IPv6 Internet
+ \\ /
+ \\ /
+ +----- the Internet ------+
+
+.Ed
+The example will use the following addressing: NetBSD A has the
+IPv4 address A and the IPv6 address 2001:db8:1::1 (connects to internal
+network 2001:db8:1::/64). Cisco B has external IPv4 address B. All
+the IPv6 internet world is behind B, so A wants to route 0::0/0 (the IPv6
+default route) into the tunnel. The GRE tunnel will use a transit
+network: 2001:db8:ffff::1/64 on the NetBSD side, and ::2/64 on the Cisco
+side.
+Then the following commands will configure the tunnel:
+.Pp
+On router A (NetBSD):
+.Bd -literal
+ # ifconfig greN create
+ # ifconfig greN inet6 2001:db8:ffff::1/64
+ # ifconfig greN tunnel A B
+ # route add -inet6 2001:db8:ffff::/64 2001:db8:ffff::2 -ifp greN
+ # route add -inet6 0::0/0 2001:db8:ffff::2 -ifp greN
+.Ed
+.Pp
+On router B (Cisco):
+.Bd -literal
+ Interface TunnelX
+ tunnel mode gre ip
+ ipv6 address 2001:db8:ffff::2/64 ! transfer network
+ tunnel source B ! e.g. address from LAN interface
+ tunnel destination A ! where the tunnel is connected to
+ ipv6 route 2001:db8::/64 TunnelX ! route this network through tunnel
+.Ed
+.Pp
+Note that this is a safe situation where the link1 flag (as discussed in the
+.Sx BUGS
+section below) may (and probably should) be set.
.Sh NOTES
The MTU of
.Sy gre Ns Ar X
@@ -223,7 +265,8 @@
device needs a route to the destination that is less specific than the
one over the tunnel.
(Basically, there needs to be a route to the decapsulating host that
-does not run over the tunnel, as this would be a loop.)
+does not run over the tunnel, as this would be a loop. This is not
+relevant for IPv6-over-IPv4 tunnels, of course.)
If the addresses are ambiguous, doing the
.Xr ifconfig 8
.Li tunnel
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert@greenie.muc.de
fax: +49-89-35655025 gert@net.informatik.tu-muenchen.de