one of the interesting and rarely seen configuration options, is ability to have redundant IPv6 tunnel established from source address tracked by HSRP.
if you’re limited by other side of communication - in this example Hurricane Electric - to have only one endpoint of tunnel on your side that’s right tool for task. the way this configuration would work, is that router active in HSRP pair will be the one on which tunnel will be active and forwarding. we’ll be demonstrating this on IPv6 over IPv4 example, but tunnel type doesn’t really matter.
configuration contains reserved IPv4 address space from RFC 6890 to be used as ‘public’ addressing on internal interfaces - carved out from 198.51.100.0/24 network; you’ll need public addressing space on internal interfaces, as HE headend needs to have a way to reach your IP address
configuration contains reserved IPv6 address space from RFC 6890 as /64 segment for tunnel IPv6 addressing. by configuring tunnel with HE, you’ll receive single /64 subnet for tunnel, with HE tunnel headend ending with
::1and your router with::2. if you then ask HE for allocating another /48 to assign it to your local host, they’ll route it over your end, so::2- that’s why its useful to have redundant tunnel with the same IPv6 address configured on both routers
so the topology of this example network can be presented in this way (i highly recommend ASCIIflow for quick & dirty ASCII art):
example configuration on your edge routers would look like this:
HSRP-1#sh run int gi1
!
interface GigabitEthernet1
ip address 198.51.100.1 255.255.255.0
standby 0 ip 198.51.100.3
standby 0 priority 105 ! we'll directly select which router is active
! in our own network - YMMV
end
HSRP-2#sh run int gi1
!
interface GigabitEthernet1
ip address 198.51.100.2 255.255.255.0
standby 0 ip 198.51.100.3
end
HSRP should show HSRP-1 as active:
HSRP-1#sh standby
GigabitEthernet1 - Group 0
State is Active
2 state changes, last state change 00:00:31
Virtual IP address is 198.51.100.3
Active virtual MAC address is 0000.0c07.ac00 (MAC In Use)
Local virtual MAC address is 0000.0c07.ac00 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.528 secs
Preemption disabled
Active router is local
Standby router is 198.51.100.2, priority 100 (expires in 9.120 sec)
Priority 105 (configured 105)
Group name is "hsrp-Gi1-0" (default)
HSRP-2#sh standby
GigabitEthernet1 - Group 0
State is Standby
4 state changes, last state change 00:00:15
Virtual IP address is 198.51.100.3
Active virtual MAC address is 0000.0c07.ac00 (MAC Not In Use)
Local virtual MAC address is 0000.0c07.ac00 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.040 secs
Preemption disabled
Active router is 198.51.100.1, priority 105 (expires in 9.792 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Gi1-0" (default)
now, let’s define tunnel. after creating account and tunnel on HE TunnelBroker page, you configure your own end:
HSRP-1#sh run int tu0
!
interface Tunnel0
no ip address
ipv6 address 2001:DB8::2/64
tunnel source 198.51.100.3
tunnel mode ipv6ip
tunnel destination 216.66.80.162 ! public IP address of HE headend
! in Warsaw - you'll be given proper address depending on headend
! selected during tunnel creation
end
HSRP-2#sh run int tu0
!
interface Tunnel0
no ip address
ipv6 address 2001:DB8::2/64
tunnel source 198.51.100.3
tunnel mode ipv6ip
tunnel destination 216.66.80.162 ! public IP address of HE headend
! in Warsaw - you'll be given proper address depending on headend
! selected during tunnel creation
end
last configuration piece is turning on IPv6 routing and then pointing default IPv6 route over freshly created Tunnel0:
HSRP-1#sh running-config | i ipv6
ipv6 unicast-routing
ipv6 route ::/0 Tunnel0
HSRP-2#sh running-config | i ipv6
ipv6 unicast-routing
ipv6 route ::/0 Tunnel0
if everything went correctly, on active router you should see Tunnel in up state, and on the standby - in down state:
HSRP-1#sh int tu0
Tunnel0 is up, line protocol is up
[...]
!
HSRP-1#sh standby
GigabitEthernet1 - Group 0
State is Active
[...]
Active router is local
Standby router is 198.51.100.2, priority 100 (expires in 10.432 sec)
Priority 105 (configured 105)
HSRP-2#sh int tu0
Tunnel0 is up, line protocol is down
[...]
!
HSRP-2#sh standby
GigabitEthernet1 - Group 0
State is Standby
[...]
Active router is 198.51.100.1, priority 105 (expires in 9.872 sec)
Standby router is local
Priority 100 (default 100)
finally, short test from active HSRP edge router:
HSRP-1#ping 2001:DB8::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms