ipv6-tunnel-update

Jason Pfeifer · ‎10-27-2011

Posted By:	glangenh
Posted Date:	Apr 01, 2009
Category:	Routing
Version:	1.0
License:	Cisco-Style BSD
Summary:	automates ipv6 tunnel update with dynamic ipv4 tunnel endpoint
Script Modified Date:	Apr 01, 2009
Cisco IOS Version tested:	12.4(24)T
Cisco Products Tested:	ISR
Environment Variables used:	none
Rating Count:	0
Average Rating:	0
File Size:	1.8 KB
Script Info URL:

The script automates ipv6 tunnel endpoint (ipv4) update if dynamic ipv4 address is given by service provider. This example uses HE Tunnel Broker service but might be used for others too.

andrew.butterworth · ‎06-27-2012

I have been attempting to get this working but I am struggling... The URL syntax for this update at HE has changed:

Usage: https://ipv4.tunnelbroker.net/ipv4_end.php?ip=IPV4ADDR&pass=MD5PASS&apikey=USERID&tid=TUNNELID

-or-: https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID PASSWORD@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID (auto-detect IP)

https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID&ip=IPV4ADDR PASSWORD@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID&ip=IPV4ADDR

IPV4ADDR: Your IPv4 endpoint. Set to AUTO to determine your IP based on the IP you requested this page from. Previously passed as ipv4b.

MD5PASS : The MD5 hash of your password. You may be able to 'echo -n YOURPASSWORD | md5sum' to produce the MD5 hash of your password.

USERID : The UserID shown on the main page of tunnelbroker.net when you log in. Previously referred to as user_id.

TUNNELID: The ID of the tunnel you're updating the endpoint on. This can be found on the tunnel information page. Previously referred to as the Global Tunnel ID / tunnel_id.

The following parameters are only usable when accessing this script over https.

USERNAME: Your tunnelbroker.net username.

PASSWORD: Your tunnelbroker.net password.

The legacy parameter names will continue to work for the forseable future. Naming of them changed to be more in line with industry convention and their roles.

I have therefore modified the script as follows:

::cisco::eem::event_register_none maxrun 300 queue_priority low nice 0
namespace import ::cisco::eem::*
namespace import ::cisco::lib::*

set url "http://ipv4.tunnelbroker.net"
set php "ipv4_end.php"
set ip "ip=AUTO"
set user "xxxxxxxxxxxxxxxx.xxxxxxxx"
set md5pass "xxxxxxxxxxxxxxxxxxxxxxxxxx"
set tid "111111"

append url "/$php?$ip&pass=$md5pass&apikey=$user&tid=$tid"

if {[catch {http::geturl $url -queryblocksize 50 -type "text/plain" } token]} {
action_syslog priority info msg "http request failed"
} else {
action_syslog priority info msg "Response: [http::data $token]"
}
exit 0

If I attempt to manually run the script I get "http request failed". I have wireshark on the egress interface and the router never sends a http request. I have removed the 'append...' line and the behaviour is still the same. I have done some debugging but I am struggling to understand the output - I see the router resolve the name 'Translating "ipv4.tunnelbroker.net"...domain server...' and then after that the failure '%HA_EM-6-LOG: ipv6-tunnel-update1.tcl: http request failed'. I think I am missing something fundamental here?

Andy

Joe Clarke · ‎06-27-2012

What version of IOS? There was a bug in which IPv4 TCP sockets were broken in Tcl. You can test for this by doing:

tclsh

set fd [socket 64.62.200.2 80]

close $fd

If it works, you shouldn't get any errors. If not, then you'll get an invalid argument error.

andrew.butterworth · ‎06-27-2012

Hi Joseph, thanks for the quick reply. I have tried it on a Catalyst 3560G running 15.0(1)SE3 and a 877 running 15.1(4)M4 - I can't sniff the egress interface on the 877 as its ADSL so I have been testing more on the 3560G. The tclsh set fd... command returns an invalid argument on the 3560G, I have tried on the 877 and it works so I'll continue my testing/debugging here...

Andy

Joe Clarke · ‎06-27-2012

All Cat 3560s running code after 12.2(55)SE are affected. The fix won't come until 15.0(2) this August. I'm not sure about 15.1(4)M4 off the top of my head. I think it's fine, but you can test with that tclsh trick.

andrew.butterworth · ‎06-27-2012

OK, got it working on the 877 . Script now looks like this:

::cisco::eem::event_register_syslog pattern "%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access4, changed state to up" maxrun 300 queue_priority low nice 0
namespace import ::cisco::eem::*
namespace import ::cisco::lib::*

set url "http://ipv4.tunnelbroker.net"
set php "ipv4_end.php"
set ip "ip=AUTO"
set user "xxxxxxxxxxxxxx.xxxxxxxx"
set md5pass "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
set tid "999999"

append url "/$php?$ip&pass=$md5pass&apikey=$user&tid=$tid"

if {[catch {http::geturl $url -queryblocksize 50 -type "text/plain" } token]} {
action_syslog priority info msg "http request failed"
} else {
action_syslog priority info msg "Response: [http::data $token]"
}
exit 0

Since World IPv6 day I dropped my MS ISA Proxy server for a Squid proxy server running on Ubuntu as it handles both IPv4 & IPv6 (a hole in MS's product set here....). As I only have a consumer ADSL2+ service with a dynamic IP address it was getting a bit annoying having to manually update the IPv4 endpoint on HE's website each time the ADSL line retrained.

Anyway all working now

Andy