Heartbeat for Cisco IOS

From SixXS Wiki
Jump to: navigation, search

This script allows a Cisco IOS router to establish a heartbeat tunnel of SixXS IPv6 tunnel broker. It generates a heartbeat containing your tunnel IP address the current unix time and the hashed tunnel passphrase (not your SixXS website password).

Please note that you need an IOS image with "TCL UDP" and "IPv6 Tunneling" feature which is currently supported in 15.1T ADVANCED IP SERVICES.


  • Download the tar archive to your router
Router#copy http://pfeiffer.ws/ipv6/heartbeat6.tar flash:
  • Extract archive to flash
Router#archive tar /xtract flash:heartbeat6.tar flash:
  • Fill in your tunnel parameters. E.g. use copy again to edit heartbeat6.tcl on your workstation.
  • Configure the md5 package on the router. Replace the flash:tcllib1.12/md5/ path with the path to the source files.
Router(config)#scripting tcl init flash:tcllib1.12/md5/pkgIndex.tcl
  • Configure 6in4 tunnel interface see SixXS FAQ
  • Configure a new EEM applet to start the script every minute.
event manager applet RunHeartbeat6
 event timer cron name RunHeartbeat6 cron-entry "* * * * *"
 action 1.0 cli command "enable"
 action 2.0 cli command "tclsh flash:heartbeat6.tcl"


  • Event manager needs two tty lines to execute the script. Use "exec-timeout".
  • Test IPv6 connection.
Router#ping ipv6.google.com
  • Debug heartbeat6
Router#debug event manager action cli
Router#show logging | include %HA_EM-6-LOG: RunHeartbeat6

Sourcecode (without md5)

# Written by Jakob Pfeiffer <code@pfeiffer.ws>
# Version 0.2 (2010-06-10)
# Version 0.3 (2011-12-01) - updated to force lowercaseing of $localv6 and note to use the compressed form of IPv6 addresses by Jeroen Massar <jeroen@sixxs.net>

# Note: Use the lowercase compressed form of IPv6 addresses as presented on the SixXS pages
#          These messages are case sensitive due to the MD5 sum calculated over them.

package require md5

set localv6 "";         # Your IPv6 (e.g. 2001:db8:ffff:1a2b::2)
set password "";        # Tunnel passphrase (see below)
set remotev4 "";        # PoP IPv4 (e.g.
set remotev6 "";        # PoP IPv6 (e.g. 2001:db8:ffff:1a2b::1)

# Sending heartbeat and IPv6 ping every 60 seconds.
set hb "HEARTBEAT TUNNEL [string tolower $localv6] sender [clock second]"
set hbhash "$hb [string tolower [md5::md5 -hex "$hb $password"]]"

puts $hbhash;           # Write to std out (debug only).

# Open new udp socket.
set sock1 [udp_open]
fconfigure $sock1 -remote [list $remotev4 3740]
puts $sock1 $hbhash;    # Write to udp socket.
close $sock1

ping ipv6 $remotev6 repeat 1 source $localv6

NOTE: All md5 code is part of the Tcllib. Read the tcllib.sourceforge.net for licensing information

Download archive

Download complete script (0.2 2010-06-10)

Version: GnuPG v1.4.10 (GNU/Linux)


PGP Key ID C238F739

Download complete script (0.1 2010-06-08)

Find out tunnel passphrase

The tunnel passphrase is send to the aiccu client during negotiation. To receive it in clear text you can look in the debug output of AICCU:

  • Edit the AICCU configuration file (/etc/aiccu.conf), set 'verbose true' and 'daemonize false', also fill in your user name, password and tunnel.
  • Run '/usr/sbin/aiccu autotest'
  • The output will now show your password.

(paths depend on where your distro installs it)

You can also find the tunnel passphrase from Sixxs Tunnel info page.

  • Log in
  • Go User Home
  • Click "Tunnel ID (Txxxxx)" from table
  • Click "Live Tunnel Status on the PoP"
  • You should see the Heartbeat Password on the Heartbeat Information table

Note: If you change the Tunnel type from AICCU to Heartbeat, tunnel password will change. It probably will change after some other changes...