The “Hands on Experience with IPv6 Routing and Services” Techtorial will provide attendees an opportunity to configure, troubleshoot, design and implement an IPv6 network using IPv6 technologies and features such as: IPv6 addressing, IPv6 neighbor discovery, HSRPv6, static routing, OSPFv3, EIGRPv6 and BGPv6. You will be provided with a scenario made up of an IPv4 network where you will get the opportunity to configure and implement IPv6 based on the requirements on the network, i.e., where would you deploy dual stack, where it make sense to do funneling and how to deploy IPv6 routing protocols without impacting your existing Network infrastructure.
2. Prerequisites: Session Abstract
This IPv6 basic and advanced lab will provide you an opportunity to configure, troubleshoot,
design and implement IPv6 network using IPv6 technologies and features such as; IPv6
addressing, IPv6 neighbor discovery, HSRPv6, static routing, OSPFv3, EIGRPv6 and
BGPv6. You will be provided with a scenario made up with an IPv4 network where you will
get the opportunity to configure and implement IPv6 based on the requirements and needs
on the network. For e.g where would you deploy dual stack, where it make sense to do
tunneling and how to deploy an IPv6 routing protocols without impacting your existing
Network infrastructure.
Students MUST have a basic understanding of IPv6 Addressing and Routing Protocols.
Familiarity with Cisco IOS.
4. Lab Synopsis
You are a network engineer at ABC Inc. You just attended a cool lab session on IPv6 at
Cisco Connect in Toronto and you are extremely enthusiastic about deploying IPv6 in your
network.
Since this is your first time with IPv6, you want to experiment things at your own before
talking to your ISP about IPv6 connectivity. Your goal is to make your own network IPv6
ready before talking to your ISP about IPv6.
You are challenged with multiple task during this exercise. Each task will be called a Lab.
One thing you learned in the lab session on IPv6 at Cisco Connect Toronto is to go with
dual stack as much as possible. In the event you can not use dual stack you will use
tunneling techniques.
IPv4 piece is already up and running in the network and nothing needs to be done on IPv4
side
R1 is connected to IPv6 Internet. For this purpose we have assigned a loopback 1 with an
ipv6 address of 2004:db8::1/128. So if any router can ping this address, it means it can
access IPv6 internet
7. Lab 1 IPv6 Unique Local Address
The first thing you would like to do is to make sure your devices are capable of
running IPv6. After you have verified that with your vendor, now you are ready
to deploy IPv6 slowly in your Network.
ABC Site 1 is the simplest site so you want to pick that site first
Site 1 is running static routing in IPv4 and you want to continue using static
routing when you move to IPv6
Your task is to enable IPv6 between R4 and H1. You want to make sure you do
not run into any issues in Site 1 before you move on with site 2
Since this is your first site, you are using a private address FD01:DB8::/32 for
this purpose
8. Lab 1 IPv6 Stateless Auto-Configuration (SLAAC)
Your plan is to test the plug and play behaviour of IPv6. So you only assigned
the IPv6 unique local address on R4 interface facing H1 and see if you get an
IPv6 address assigned automatically on H1 from R4 (Refer to Slide 39 for IPv6
addressing example)
You want to see how EUI-64 method works so you are using that on R4 during
the address assignment with /64 mask.
Assign this unique local address on R4 using subnetting as shown in the next
slide
Ping R4’s link local and Unique local IPv6 address from H1
11. R4 H1
R4#sh ipv6 int e0/0
Ethernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:5400
No Virtual link-local address(es):
Global unicast address(es):
FD01:DB8:1:41:A8B8:CCFF:FE00:5400, subnet is FD01:DB8:1:41::/64
[EUI]
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:5400
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.
H1#sh ipv6 int e0/0
Ethernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:5700
No Virtual link-local address(es):
Stateless address autoconfig enabled
Global unicast address(es): FD01:DB8:1:41:A8BB:CCFF:FE00:5700,
subnet is FD01:DB8:1:41::/64 [EUI/CAL/PRE]
valid lifetime 2591861 preferred lifetime 604661
Joined group address(es):
FF02::1
FF02::1:FF00:5700
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
Default router is FE80::A8BB:CCFF:FE00:5400 on Ethernet0/0
Lab 1 IPv6 Unique Local & SLAAC: Verification
12. R# Verification commands
H1 H1#ping FE80::A8BB:CCFF:FE00:5400
Output Interface: Ethernet0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FE80::A8BB:CCFF:FE00:5400, timeout is 2 seconds:
Packet sent with a source address of FE80::A8BB:CCFF:FE00:5700%Ethernet0/0
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/1 ms
H1#
Note: the last 64 bit address may be different from A8BB:CCFF:FE00:5400, verify with show ipv6
interface on R4 E0/0
H1 H1#ping FD01:DB8:1:41:A8B8:CCFF:FE00:5400
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FD01:DB8:1:41:A8B8:CCFF:FE00:5400, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/3/17 ms
H1#
Note: the last 64 bit address may be different from A8BB:CCFF:FE00:5400, verify with show ipv6
interface on R4 E0/0
Lab 1 IPv6 Unique Local & SLAAC: Verification
13. R4 H1
R4#deb ipv6 nd
ICMP Neighbor Discovery events debugging is on
ICMPv6-ND: Request to send RA for FE80::A8BB:CCFF:FE00:5400
ICMPv6-ND: Setup RA from FE80::A8BB:CCFF:FE00:5400 to FF02::1 on
Ethernet0/0
ICMPv6-ND: MTU = 1500
ICMPv6-ND: prefix = FD01:DB8:1:41::/64 onlink autoconfig
ICMPv6-ND: 2592000/604800 (valid/preferred)
ICMPv6-ND: Request to send RA for FE80::A8BB:CCFF:FE00:5400
ICMPv6-ND: Setup RA from FE80::A8BB:CCFF:FE00:5400 to FF02::1 on
Ethernet0/0
ICMPv6-ND: MTU = 1500
ICMPv6-ND: prefix = FD01:DB8:1:41::/64 onlink autoconfig
ICMPv6-ND: 2592000/604800 (valid/preferred)
R4#
H1#deb ipv6 nd
ICMP Neighbor Discovery events debugging is on
ICMPv6-ND: Received RA from FE80::A8BB:CCFF:FE00:5400 on
Ethernet0/0
ICMPv6-ND: Prefix : FD01:DB8:1:1::, Length: 64, Vld Lifetime: 2592000,
Prf Lifetime: 604800, PI Flags: C0
ICMPv6-ND: %Ethernet0/0: OK: IPv6 Address Autoconfig
FD01:DB8:1:41::/64 eui-64, FD01:DB8:1:41:A8BB:CCFF:FE00:5700
FD01:DB8:1:41:A8BB:CCFF:FE00:5700/64 is existing
ICMPv6-ND: Received RA from FE80::A8BB:CCFF:FE00:5400 on
Ethernet0/0
ICMPv6-ND: Prefix : FD01:DB8:1:1::, Length: 64, Vld Lifetime: 2592000,
Prf Lifetime: 604800, PI Flags: C0
ICMPv6-ND: %Ethernet0/0: OK: IPv6 Address Autoconfig
FD01:DB8:1:41::/64 eui-64, FD01:DB8:1:41:A8BB:CCFF:FE00:5700
FD01:DB8:1:41:A8BB:CCFF:FE00:5700/64 is existing
H1#
Lab 1 IPv6 SLAAC: Debugs
14. Lab 1 IPv6 Global Unicast Address
After successfully pilot testing in site 1, you now want to enable IPv6 in site 2
You asked from your ISP about IPv6 and they gave you a /48 address
2001:db8:1::/48 from their block
Instead of removing the unique local address from site 1 you decided to keep it
and configured the new global address in site 1 and site 2
This time you want to use manual assignment of last 64 bit so you will not use
EUI-64 bit method for global addressing. You want to make sure this is the
method you follow from now on
For the manual assignment you will use the router number as the last 4 bits out
of 64, for e,g. R4 will have ::4 as the last 64 bits
You want to test the multiple IPv6 address assignment on a router so you will
configure two additional IPv6 global addresses on R5 and R6
Assign IPv6 global unicast address on site 1 and site 2 by using subnetting as
shown in the next slide
18. R4 Loopback 0 R4 Ethernet0/0
R4#sh ipv6 int lo 0
Loopback0 is up, line protocol is up
IPv6 is enabled, link-local address is
FE80::A8BB:CCFF:FE00:5900
No Virtual link-local address(es):
Global unicast address(es):
2001:DB8:1:1::4, subnet is 2001:DB8:1:1::4/128
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:4
FF02::1:FF00:5900
MTU is 1514 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is not supported
ND reachable time is 30000 milliseconds (using 30000)
ND RAs are suppressed (periodic)
Hosts use stateless autoconfig for addresses.
R4#
R4#sh ipv6 int e0/0
Ethernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:5400
No Virtual link-local address(es):
Global unicast address(es):
2001:DB8:1:41::4, subnet is 2001:DB8:1:41::/64
FD01:DB8:1:41:A8BB:CCFF:FE00:5400, subnet is FD01:DB8:1:41::/64 [EUI]
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:4
FF02::1:FF00:5400
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.
R4#
Lab 1 IPv6 Global Unicast address: Verification
19. R5 Loopback 0 R5 Ethernet0/0
R5#sh ipv6 int lo 0
Loopback0 is up, line protocol is up
IPv6 is enabled, link-local address is
FE80::A8BB:CCFF:FE00:5A00
No Virtual link-local address(es):
Global unicast address(es):
2001:DB8:1:1::5, subnet is 2001:DB8:1:1::5/128
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:5
FF02::1:FF00:5A00
MTU is 1514 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is not supported
ND reachable time is 30000 milliseconds (using 30000)
ND RAs are suppressed (periodic)
Hosts use stateless autoconfig for addresses.
R5#
R5#sh ipv6 int e0/0
Ethernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:5A00
No Virtual link-local address(es):
Global unicast address(es):
2001:DB8:1:56::5, subnet is 2001:DB8:1:56::/64
2001:DB8:1:57::5, subnet is 2001:DB8:1:57::/64
2001:DB8:1:58::5, subnet is 2001:DB8:1:58::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:5
FF02::1:FF00:5A00
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.
Lab 1 IPv6 Global Unicast address: Verification
20. R6 Loopback 0 R6 Ethernet0/0
R6#sh ipv6 int lo 0
Loopback0 is up, line protocol is up
IPv6 is enabled, link-local address is
FE80::A8BB:CCFF:FE00:5B00
No Virtual link-local address(es):
Global unicast address(es):
2001:DB8:1:1::6, subnet is 2001:DB8:1:1::6/128
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:6
FF02::1:FF00:5B00
MTU is 1514 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is not supported
ND reachable time is 30000 milliseconds (using 30000)
ND RAs are suppressed (periodic)
Hosts use stateless autoconfig for addresses.
R6#
R6#sh ipv6 int e0/0
Ethernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:5B00
No Virtual link-local address(es):
Global unicast address(es):
2001:DB8:1:56::6, subnet is 2001:DB8:1:56::/64
2001:DB8:1:57::6, subnet is 2001:DB8:1:57::/64
2001:DB8:1:58::6, subnet is 2001:DB8:1:58::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:6
FF02::1:FF00:5B00
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.
Lab 1 IPv6 Global Unicast address: Verification
21. H1 Ethernet0/0 H2 Ethernet0/0
H1#sh ipv6 int e0/0
Ethernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:5700
No Virtual link-local address(es):
Stateless address autoconfig enabled
Global unicast address(es):
2001:DB8:1:41:A8BB:CCFF:FE00:5700, subnet is 2001:DB8:1:41::/64
[EUI/CAL/PRE]
valid lifetime 2591845 preferred lifetime 604645
FD01:DB8:1:41:A8BB:CCFF:FE00:5700, subnet is FD01:DB8:1:41::/64
[EUI/CAL/PRE]
valid lifetime 2591845 preferred lifetime 604645
Joined group address(es):
FF02::1
FF02::1:FF00:5700
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
Default router is FE80::A8BB:CCFF:FE00:5400 on Ethernet0/0
H1#
H2#sh ipv6 int e0/0
Ethernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:5D00
No Virtual link-local address(es):
Stateless address autoconfig enabled
Global unicast address(es):
2001:DB8:1:56:A8BB:CCFF:FE00:5D00, subnet is 2001:DB8:1:56::/64
[EUI/CAL/PRE]
valid lifetime 2591989 preferred lifetime 604789
2001:DB8:1:57:A8BB:CCFF:FE00:5D00, subnet is 2001:DB8:1:57::/64
[EUI/CAL/PRE]
valid lifetime 2591989 preferred lifetime 604789
2001:DB8:1:58:A8BB:CCFF:FE00:5D00, subnet is 2001:DB8:1:58::/64
[EUI/CAL/PRE]
valid lifetime 2591989 preferred lifetime 604789
Joined group address(es):
FF02::1
FF02::1:FF00:5D00
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
Default router is FE80::A8BB:CCFF:FE00:5A00 on Ethernet0/0
H2#
Lab 1 IPv6 SLAAC: Verification
22. R# Verification commands
H2 H2#ping 2001:db8:1:56::5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:1:56::5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/3/14 ms
H2#ping 2001:db8:1:57::5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:1:57::5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/4/21 ms
H2#ping 2001:db8:1:58::5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:1:58::5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/4/19 ms
H2#ping 2001:db8:1:56::6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:1:56::6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/17 ms
H2#ping 2001:db8:1:57::6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:1:57::6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/3/17 ms
H2#ping 2001:db8:1:58::6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:1:58::6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/3/14 ms
H2#
Lab 1 IPv6 Global Unicast address: Verification
23. R# Verification commands
H1 H1#ping 2001:DB8:1:41::4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:1:41::4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/3/17 ms
H1#
Lab 1 IPv6 SLAAC: Verification
24. R5 & R6
R5#deb ipv6 nd
ICMPv6-ND: Request to send RA for FE80::A8BB:CCFF:FE00:5A00
ICMPv6-ND: Setup RA from FE80::A8BB:CCFF:FE00:5A00 to FF02::1 on
Ethernet0/0
ICMPv6-ND: MTU = 1500
ICMPv6-ND: prefix = 2001:DB8:1:56::/64 onlink autoconfig
ICMPv6-ND: 2592000/604800 (valid/preferred)
ICMPv6-ND: prefix = 2001:DB8:1:57::/64 onlink autoconfig
ICMPv6-ND: 2592000/604800 (valid/preferred)
ICMPv6-ND: prefix = 2001:DB8:1:58::/64 onlink autoconfig
ICMPv6-ND: 2592000/604800 (valid/preferred)
R5#
ICMPv6-ND: Received RA from FE80::A8BB:CCFF:FE00:5B00 on Ethernet0/0
ICMPv6-ND: Prefix : 2001:DB8:1:56::, Length: 64, Vld Lifetime: 2592000, Prf
Lifetime: 604800, PI Flags: C0
ICMPv6-ND: Prefix : 2001:DB8:1:57::, Length: 64, Vld Lifetime: 2592000, Prf
Lifetime: 604800, PI Flags: C0
ICMPv6-ND: Prefix : 2001:DB8:1:58::, Length: 64, Vld Lifetime: 2592000, Prf
Lifetime: 604800, PI Flags: C0
R5#
R6#deb ipv6 nd
ICMPv6-ND: Request to send RA for FE80::A8BB:CCFF:FE00:5B00
ICMPv6-ND: Setup RA from FE80::A8BB:CCFF:FE00:5B00 to FF02::1 on
Ethernet0/0
ICMPv6-ND: MTU = 1500
ICMPv6-ND: prefix = 2001:DB8:1:56::/64 onlink autoconfig
ICMPv6-ND: 2592000/604800 (valid/preferred)
ICMPv6-ND: prefix = 2001:DB8:1:57::/64 onlink autoconfig
ICMPv6-ND: 2592000/604800 (valid/preferred)
ICMPv6-ND: prefix = 2001:DB8:1:58::/64 onlink autoconfig
ICMPv6-ND: 2592000/604800 (valid/preferred)
R6#
ICMPv6-ND: Received RA from FE80::A8BB:CCFF:FE00:5A00 on Ethernet0/0
ICMPv6-ND: Prefix : 2001:DB8:1:56::, Length: 64, Vld Lifetime: 2592000, Prf
Lifetime: 604800, PI Flags: C0
ICMPv6-ND: Prefix : 2001:DB8:1:57::, Length: 64, Vld Lifetime: 2592000, Prf
Lifetime: 604800, PI Flags: C0
ICMPv6-ND: Prefix : 2001:DB8:1:58::, Length: 64, Vld Lifetime: 2592000, Prf
Lifetime: 604800, PI Flags: C0
H2#
Lab 1 IPv6 SLAAC: Debugs
25. H2 & H1
H2#deb ipv6 nd
ICMPv6-ND: Received RA from FE80::A8BB:CCFF:FE00:5B00 on Ethernet0/0
ICMPv6-ND: Prefix : 2001:DB8:1:56::, Length: 64, Vld Lifetime: 2592000, Prf Lifetime: 604800, PI Flags: C0
ICMPv6-ND: %Ethernet0/0: OK: IPv6 Address Autoconfig 2001:DB8:1:56::/64 eui-64, 2001:DB8:1:56:A8BB:CCFF:FE00:5D00
2001:DB8:1:56:A8BB:CCFF:FE00:5D00/64 is existing
ICMPv6-ND: Prefix : 2001:DB8:1:57::, Length: 64, Vld Lifetime: 2592000, Prf Lifetime: 604800, PI Flags: C0
ICMPv6-ND: %Ethernet0/0: OK: IPv6 Address Autoconfig 2001:DB8:1:57::/64 eui-64, 2001:DB8:1:57:A8BB:CCFF:FE00:5D00
2001:DB8:1:57:A8BB:CCFF:FE00:5D00/64 is existing
H2#
ICMPv6-ND: Prefix : 2001:DB8:1:58::, Length: 64, Vld Lifetime: 2592000, Prf Lifetime: 604800, PI Flags: C0
ICMPv6-ND: %Ethernet0/0: OK: IPv6 Address Autoconfig 2001:DB8:1:58::/64 eui-64, 2001:DB8:1:58:A8BB:CCFF:FE00:5D00
2001:DB8:1:58:A8BB:CCFF:FE00:5D00/64 is existing
H2#
H1#deb ipv6 nd
ICMPv6-ND: Received RA from FE80::A8BB:CCFF:FE00:5900 on Ethernet0/0
ICMPv6-ND: Prefix : 2001:DB8:1:41::, Length: 64, Vld Lifetime: 2592000, Prf Lifetime: 604800, PI Flags: C0
ICMPv6-ND: %Ethernet0/0: OK: IPv6 Address Autoconfig 2001:DB8:1:41::/64 eui-64, 2001:DB8:1:41:A8BB:CCFF:FE00:5C00
2001:DB8:1:41:A8BB:CCFF:FE00:5C00/64 is existing
ICMPv6-ND: Prefix : FD01:DB8:1:41::, Length: 64, Vld Lifetime: 2592000, Prf Lifetime: 604800, PI Flags: C0
ICMPv6-ND: %Ethernet0/0: OK: IPv6 Address Autoconfig FD01:DB8:1:41::/64 eui-64, FD01:DB8:1:41:A8BB:CCFF:FE00:5C00
FD01:DB8:1:41:A8BB:CCFF:FE00:5C00/64 is existing
H1#
Lab 1 IPv6 SLAAC: Debugs
27. Lab 2 Neighbor Discovery: RS & RA
You already tested plug and play behaviour of IPv6 in Site 1. Now you want to
play with some of the key elements of Neighbor discovery
In site 1, you want to study RS and RA msgs.
You want to change the RA interval from 200 to 30 seconds on R4
You disable the autoconfigs on H1 E0/0 interface and turn on the ipv6 nd
debugs and enable autoconfigs again to see the RA/RS.
Turn on debug ipv6 nd on R4 and H1
29. R4
R4#sh ipv6 int e0/0
Ethernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:5900
No Virtual link-local address(es):
Global unicast address(es):
2001:DB8:1:41::4, subnet is 2001:DB8:1:41::/64
FD01:DB8:1:41:A8BB:CCFF:FE00:5900, subnet is FD01:DB8:1:41::/64 [EUI]
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:4
FF02::1:FF00:5900
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 30 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.
R4#
Lab 2 IPv6 Neighbor discovery: Verification
30. H1
H1(config-if)#ipv6 enable
*Jan 30 21:25:07.269: ICMPv6-ND: ND Module startup.
*Jan 30 21:25:07.270: ICMPv6-ND: Initialise OL prefix database
*Jan 30 21:25:07.270: ICMPv6-ND: IPv6 Opr Enabled on Null0
*Jan 30 21:25:07.270: ICMPv6-ND: Allocate ND subblock on Null0 [1]
*Jan 30 21:25:07.271: ICMPv6-ND: L2 came up on Null0
*Jan 30 21:25:07.271: IPv6-Addrmgr-ND: DAD request for FE80::1 on Null0
*Jan 30 21:25:07.271: IPv6-Addrmgr-ND: DAD: FE80::1 is unique.
*Jan 30 21:25:07.271: ICMPv6-ND: L3 came up on Null0
*Jan 30 21:25:07.271: ICMPv6-ND: Linklocal FE80::1 on Null0, Up
*Jan 30 21:25:07.271: ICMPv6-ND: IPv6 Opr Enabled on Ethernet0/0
*Jan 30 21:25:07.271: ICMPv6-ND: Allocate ND subblock on Ethernet0/0 [2]
*Jan 30 21:25:07.271: ICMPv6-ND: L2 came up on Ethernet0/0
*Jan 30 21:25:07.271: IPv6-Addrmgr-ND: DAD request for FE80::A8BB:CCFF:FE00:5C00 on Ethernet0/0
*Jan 30 21:25:07.272: ICMPv6-ND: Sending NS for FE80::A8BB:CCFF:FE00:5C00 on Ethernet0/0
*Jan 30 21:25:08.272: IPv6-Addrmgr-ND: DAD: FE80::A8BB:CCFF:FE00:5C00 is unique.
*Jan 30 21:25:08.272: ICMPv6-ND: Sending NA for FE80::A8BB:CCFF:FE00:5C00 on Ethernet0/0
*Jan 30 21:25:08.272: ICMPv6-ND: L3 came up on Ethernet0/0
*Jan 30 21:25:08.272: ICMPv6-ND: Linklocal FE80::A8BB:CCFF:FE00:5C00 on Ethernet0/0, Up
H1(config-if)#ipv6 address autoconfig
*Jan 30 21:25:20.231: ICMPv6-ND: Sending RS on Ethernet0/0
*Jan 30 21:25:20.251: ICMPv6-ND: Received RA from FE80::A8BB:CCFF:FE00:5900 on Ethernet0/0
Lab 2 IPv6 Neighbor discovery: Debugs
31. Lab 2 Neighbor Discovery: DAD, NS & NA
You want to test the DAD, NS & NA mechanism of IPv6. For that you turned on
IPv6 neighbor discovery debug on R5 & R6
Assign a new address 2001:db8:1:59::5/64 on both R5 and R6 Ethernet
interface
The debug will show the algorithm performed for DAD procedure. This DAD is
the first thing that occurs when any IPv6 address is assigned on an interface
After testing the DAD procedure, remove the IPv6 address of
2001:db8:1:59::5/64 from R5 & R6 Ethernet
Ping R6’s Ethernet address of 2001:db8:1:56::6 from R5 to see how NS and NA
takes place between them
33. R4
R6#sh ipv6 int
Ethernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:5B00
No Virtual link-local address(es):
Global unicast address(es):
2001:DB8:1:56::6, subnet is 2001:DB8:1:56::/64
2001:DB8:1:57::6, subnet is 2001:DB8:1:57::/64
2001:DB8:1:58::6, subnet is 2001:DB8:1:58::/64
2001:DB8:1:59::5, subnet is 2001:DB8:1:59::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:5
FF02::1:FF00:6
FF02::1:FF00:5B00
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
…
R5#sh ipv6 int e0/0 | i DUP
2001:DB8:1:59::5, subnet is 2001:DB8:1:59::/64 [DUP]
Lab 2 IPv6 Neighbor discovery: Verification
34. R6
R6(config-if)#ipv6 address 2001:db8:1:59::5/64
*Jan 30 21:42:17.678: IPv6-Addrmgr-ND: Received prefix PI-flag change notification: prefix 2001:DB8:1:59::/64 onlink (was not-onlink)
*Jan 30 21:42:17.678: IPv6-Addrmgr-ND: DAD request for 2001:DB8:1:59::5 on Ethernet0/0
*Jan 30 21:42:17.679: ICMPv6-ND: Sending NS for 2001:DB8:1:59::5 on Ethernet0/0
*Jan 30 21:42:18.684: IPv6-Addrmgr-ND: DAD: 2001:DB8:1:59::5 is unique.
*Jan 30 21:42:18.684: ICMPv6-ND: Sending NA for 2001:DB8:1:59::5 on Ethernet0/0
*Jan 30 21:43:11.922: ICMPv6-ND: Received RA from FE80::A8BB:CCFF:FE00:5A00 on Ethernet0/0
R5(config-if)#ipv6 address 2001:db8:1:59::5/64
*Jan 30 21:48:57.826: ICMPv6-ND: 2592000/604800 (valid/preferred)
*Jan 30 21:49:39.078: IPv6-Addrmgr-ND: Received prefix PI-flag change notification: prefix 2001:DB8:1:59::/64 onlink (was not-onlink)
*Jan 30 21:49:39.078: IPv6-Addrmgr-ND: DAD request for 2001:DB8:1:59::5 on Ethernet0/0
*Jan 30 21:49:39.079: ICMPv6-ND: Sending NS for 2001:DB8:1:59::5 on Ethernet0/0
*Jan 30 21:49:39.094: ICMPv6-ND: Received NA for 2001:DB8:1:59::5 on Ethernet0/0 from 2001:DB8:1:59::5
*Jan 30 21:49:39.095: %IPV6_ND-4-DUPLICATE: Duplicate address 2001:DB8:1:59::5 on Ethernet0/0
Lab 2 IPv6 Neighbor discovery: Debugs
36. R5
R5#ping 2001:db8:1:56::6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:1:56::6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/1/5 ms
R5#
*Jan 30 22:15:24.668: ICMPv6-ND: DELETE -> INCMP: 2001:DB8:1:56::6
*Jan 30 22:15:24.668: ICMPv6-ND: Sending NS for 2001:DB8:1:56::6 on Ethernet0/0
*Jan 30 22:15:24.669: ICMPv6-ND: Resolving next hop 2001:DB8:1:56::6 on interface Ethernet0/0
*Jan 30 22:15:24.673: ICMPv6-ND: Received NA for 2001:DB8:1:56::6 on Ethernet0/0 from 2001:DB8:1:56::6
*Jan 30 22:15:24.673: ICMPv6-ND: Neighbour 2001:DB8:1:56::6 on Ethernet0/0 : LLA aabb.cc00.5b00
*Jan 30 22:15:24.673: ICMPv6-ND: INCMP -> REACH: 2001:DB8:1:56::6
R5#
*Jan 30 22:15:29.722: ICMPv6-ND: Received NS for 2001:DB8:1:56::5 on Ethernet0/0 from FE80::A8BB:CCFF:FE00:5B00
*Jan 30 22:15:29.722: ICMPv6-ND: Sending NA for 2001:DB8:1:56::5 on Ethernet0/0
*Jan 30 22:15:29.723: ICMPv6-ND: STALE -> DELAY: FE80::A8BB:CCFF:FE00:5B00
Lab 2 IPv6 Neighbor discovery: Debugs
37. Lab 2 Neighbor Discovery: Renumbering
To test the renumbering behavior of IPv6, you want to change the IPv6 address on R5 &
R6 to 2001:db8:1:88::/64 from 2001:db8:1:58::/64
First you configure the new IPv6 address of 2001:db8:1:88::/64 on both R5 & R6 Ethernet
interface
You also want to set the RA interval to 40 seconds
To deprecate the old address you want to configure preferred lifetime of 2001:db8:1:58::/64
to 0 and valid lifetime to 50 on both R5 & R6. (Note, may have to shut no shut E0/0 on H2
to rewrite the old valid & prefer lifetime)
You noticed that the old prefix of 2001:db8:1:58::/64 is showing as deprecated on H2. Note
DEP may or may not show up during show command
To get rid of the address completely, you configure the valid lifetime of 2001:db8:1:58::/64
to 0 on both R5 & R6
You noticed on H2 that the old prefix 2001:db8:1:58::/64 disappeared from the cache
To clean up the configs, remove the old IPv6 prefix of 2001:db8:1:58::/64 as well as IPv6
nd prefix command from the Ethernet interfaces of both R5 and R6
39. H2
H2#sh ipv6 int e0/0
Ethernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:5D00
No Virtual link-local address(es):
Stateless address autoconfig enabled
Global unicast address(es):
2001:DB8:1:56:A8BB:CCFF:FE00:5D00, subnet is 2001:DB8:1:56::/64 [EUI/CAL/PRE]
valid lifetime 2591994 preferred lifetime 604794
2001:DB8:1:57:A8BB:CCFF:FE00:5D00, subnet is 2001:DB8:1:57::/64 [EUI/CAL/PRE]
valid lifetime 2591994 preferred lifetime 604794
2001:DB8:1:58:A8BB:CCFF:FE00:5D00, subnet is 2001:DB8:1:58::/64 [EUI/CAL]
valid lifetime 47 preferred lifetime 0
2001:DB8:1:88:A8BB:CCFF:FE00:5D00, subnet is 2001:DB8:1:88::/64 [EUI/CAL/PRE]
valid lifetime 2591994 preferred lifetime 604794
Joined group address(es):
FF02::1
FF02::1:FF00:5D00
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
Lab 2 IPv6 Neighbor discovery: Verification
42. H2
H2#sh ipv6 int e0/0
Ethernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:5D00
No Virtual link-local address(es):
Stateless address autoconfig enabled
Global unicast address(es):
2001:DB8:1:56:A8BB:CCFF:FE00:5D00, subnet is 2001:DB8:1:56::/64 [EUI/CAL/PRE]
valid lifetime 2591986 preferred lifetime 604786
2001:DB8:1:57:A8BB:CCFF:FE00:5D00, subnet is 2001:DB8:1:57::/64 [EUI/CAL/PRE]
valid lifetime 2591986 preferred lifetime 604786
2001:DB8:1:88:A8BB:CCFF:FE00:5D00, subnet is 2001:DB8:1:88::/64 [EUI/CAL/PRE]
valid lifetime 2591986 preferred lifetime 604786
Joined group address(es):
FF02::1
FF02::1:FF00:5D00
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
Default router is FE80::A8BB:CCFF:FE00:5B00 on Ethernet0/0
H2#
Lab 2 IPv6 Neighbor discovery: Verification
45. Lab 2 Neighbor Discovery: Default Router
Selection
In site 2, you want to see how the default router selection behaves in IPv6
You noticed that as soon as you enable IPv6 on H2, it starts sending RS on the
wire, looking for a router.
You also noticed in the debugs that both R5 and R6 are sending RA messages
towards H2. H2 looks at RA and configures the addresses on its interface
facing R5 & R6
After getting the address on H2, you want to make sure that H2 prefers R5 for
sending all the IPv6 traffic outbound
(Refer to slide 34-35 for default router selection example)
47. H2
H2#sh ipv6 router
Router FE80::A8BB:CCFF:FE00:5B00 on Ethernet0/0, last update 0 min
Hops 64, Lifetime 1800 sec, AddrFlag=0, OtherFlag=0, MTU=1500
HomeAgentFlag=0, Preference=Medium
Reachable time 0 (unspecified), Retransmit time 0 (unspecified)
Prefix 2001:DB8:1:56::/64 onlink autoconfig
Valid lifetime 2592000, preferred lifetime 604800
Router FE80::A8BB:CCFF:FE00:5A00 on Ethernet0/0, last update 0 min
Hops 64, Lifetime 1800 sec, AddrFlag=0, OtherFlag=0, MTU=1500
HomeAgentFlag=0, Preference=High
Reachable time 0 (unspecified), Retransmit time 0 (unspecified)
Prefix 2001:DB8:1:56::/64 onlink autoconfig
Valid lifetime 2592000, preferred lifetime 604800
H2#sh ipv6 route ::/0
Routing entry for ::/0
Known via "static", distance 2, metric 0
Route count is 1/1, share count 0
Routing paths:
FE80::A8BB:CCFF:FE00:5A00, Ethernet0/0
Last updated 00:04:52 ago
Note, if you do not see a default route, type the following command and make sure you have the entry from R5
H2#sho ipv6 router
Lab 2 IPv6 Neighbor discovery: Verification
50. Lab 3 HSRPv6
Site 2 is running HSRP for IPv4 between R5 and R6
You decided to follow the same scheme for IPv6 also and enabled HSRPv6
between R5 and R6
You noticed on H2 that the default route received from the HSRP active router
is a link local address
You turned on the IPv6 neighbor discovery debug on H2 to see if you are
receiving any RA msgs from R5 or R6
Your primary router for HSRP in IPv4 was R5. You want to make sure R6 is a
primary router for IPv6 and when it goes down and comes back up, it should
become primary again
Configure HSRPv6 in autoconfig mode so it selects a virtual link local address
and advertise it as a virtual IPv6 address to hosts
Configure HSRP priority & preempt command on R6 so R6 becomes the
primary router even when it goes down and comes back up (See slide 32 for
details)
Turn on deb ipv6 nd on H2 to see what link local is being advertised as a
default
52. R5 & R6
R5#sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Et0/0 0 105 P Active local 10.1.56.6 10.1.56.1
Et0/0 1 100 Standby FE80::A8BB:CCFF:FE00:5B00
local FE80::5:73FF:FEA0:1
R5#
R6#sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Et0/0 0 100 Standby 10.1.56.5 local 10.1.56.1
Et0/0 1 105 P Active local FE80::A8BB:CCFF:FE00:5A00
FE80::5:73FF:FEA0:1
R6#
Lab 3 HSRPv6: Verification
53. R5 & R6
R5#sh standby ethernet 0/0 1
Ethernet0/0 - Group 1 (version 2)
State is Standby
4 state changes, last state change 00:08:17
Virtual IP address is FE80::5:73FF:FEA0:1
Active virtual MAC address is 0005.73a0.0001
Local virtual MAC address is 0005.73a0.0001 (v2 IPv6 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.624 secs
Preemption disabled
Active router is FE80::A8BB:CCFF:FE00:5B00, priority 105 (expires in 11.328 sec)
MAC address is aabb.cc00.5b00
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Et0/0-1" (default)
R6#sh standby ethernet 0/0 1
Ethernet0/0 - Group 1 (version 2)
State is Active
2 state changes, last state change 00:07:58
Virtual IP address is FE80::5:73FF:FEA0:1
Active virtual MAC address is 0005.73a0.0001
Local virtual MAC address is 0005.73a0.0001 (v2 IPv6 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.768 secs
Preemption enabled
Active router is local
Standby router is FE80::A8BB:CCFF:FE00:5A00, priority 100 (expires in 9.216 sec)
Priority 105 (configured 105)
Group name is "hsrp-Et0/0-1" (default)
Lab 3 HSRPv6: Verification
54. R5 & R6
H2#sh ipv6 route ::/0
Routing entry for ::/0
Known via "static", distance 2, metric 0
Route count is 1/1, share count 0
Routing paths:
FE80::5:73FF:FEA0:1, Ethernet0/0
Last updated 00:14:23 ago
H2#
Lab 3 HSRPv6: Verification
58. Lab 4 EIGRPv6
Site 2 is running EIGRP for IPv4 between R5 and R6
You decided to follow the same scheme for IPv6 also and enabled EIGRPv6
between R5 and R6
You noticed that in order to advertise the secondary address on the same
interface in EIGRPv4 you had to turn off split horizon but in EIGRPv6 you do
not have to do anything. This is because split horizon is turned off by default in
EIGRP for IPv6
You also noticed that all the control packets of EIGRP for e.g. hellos are
sourced from link local address
All other functionalities are very much the same as EIGRP for IPv4
The router ID is picked up as the highest loopback address in IPv4
65. Lab 5 IPv6 Static Routing: IPv6 Static Default
Route
After planning and configuring all the addressing scheme for your Site 1 and
Site 2, you talked with the ISP and request for IPv6 Service.
You found out that your ISP has IPv6 internet connectivity only but they have
not enabled IPv6 internally in their network so no Site to Site is possible at this
moment but they can enable static routing for Site 1 and advertise Site 1 prefix
over the IPv6 Internet
The ISP has also asked you to enable IPv6 static default routing on R4 pointing
towards the ISP router (R1)
Configure the IPv6 interface addresses on the link between ISP and R4 as
shown on the next slide (::14 is the ISP router and ::15 is R4)
Configure a static default route on R4 using a link local address as a next hop
pointing towards R1
68. R4
R4#sh ipv6 route ::/0
Routing entry for ::/0
Known via "static", distance 1, metric 0
Route count is 1/1, share count 0
Routing paths:
FE80::4AFF:FEA2:851, Serial1/0
Last updated 00:02:15 ago
Lab 5 IPv6 Static routing: Verification
69. Lab 5 IPv6 Static Routing: IPv6 Static Route
The ISP has configured an IPv6 static routing for the LAN address of
2001:db8:1:41::/64 pointing towards R4
Since ISP is connected to IPv6 Internet, Site 1 should be able to reach any
IPv6 address on the internet
ISP shared their configs and you noticed that they are using global unicast
address as a next hop for the static route 2001:db8:1:41::/64
Configure a static route 2001:db8:1:41::/64 on R1 with next-hop of R4’s global
address on Ethernet interface
Due to the limited lab environment, we will ping 2004:db8::1 from H1 and upon
success we will assume that we are connected to IPv6 Internet
Ping 2004:db8::1 from H1 and see if its successful
70. R# Configs
R1 R1(config)#ipv6 route 2001:db8:1:41::/64 2001:db8:14:1::15
R1(config)#end
Lab 5 IPv6 Static routing: Configs
Note, no interface needs to be specified when the next hop is global unicast
address
71. R# Verification
R1 R1#sh ipv6 route 2001:db8:1:41::/64
Routing entry for 2001:DB8:1:41::/64
Known via "static", distance 1, metric 0
Route count is 1/1, share count 0
Routing paths:
2001:DB8:14:1::15
Last updated 00:11:42 ago
R1#
H1 H1>ping 2004:db8::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2004:DB8::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 38/39/44 ms
H1>
Lab 5 IPv6 Static routing: Verification
73. Lab 6 IPv6 Manual Tunnels: IPv6oIP4
Site 2 has two connection to the ISP. You talked to the ISP about providing IPv6
connectivity to Site 2 but you came to know that due to some limitation, the ISP
can not do dual stack on those two connections
ISP gave you the option of a manual tunnel called IPv6 over IPv4 on the link
between ISP and R5
For the tunnel to work, both sides needs to have an IPv4 route of each other
(Note, IPv4 routing is already established so no need to worry about that”
Since there is a directly connected interface between R3 and R5, the tunnel
source and destinations can easily be chosen as the outgoing interface
A new IPv6 address needs to be configured on both side over the tunnel
between R3 and R5 in the range 2001:db8:35:1::16/127 as shown in the next
slide (::16 on R3 side and ::17 on R5 side)
Ping R5 IPv6 tunnel address from R3 and make sure it is successful to
determine that the tunnel is up and running
76. R3 Tunnel 0 R5 Tunnel 0
R3#sh ipv6 int tun 0
Tunnel0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::A01:2300
No Virtual link-local address(es):
Global unicast address(es):
2001:DB8:35:1::16, subnet is 2001:DB8:35:1::16/127
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:16
FF02::1:FF01:2300
MTU is 1480 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND RAs are suppressed (periodic)
Hosts use stateless autoconfig for addresses.
R3#
R5#sh ipv6 int tun 0
Tunnel0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::A01:2301
No Virtual link-local address(es):
Global unicast address(es):
2001:DB8:35:1::17, subnet is 2001:DB8:35:1::16/127
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:17
FF02::1:FF01:2301
MTU is 1480 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND RAs are suppressed (periodic)
Hosts use stateless autoconfig for addresses.
R5#
Lab 6 IPv6 Manual Tunnels: Verification
77. R3
R3#ping 2001:db8:35:1::17
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:35:1::17, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 39/39/39 ms
R3#
Lab 6 IPv6 Manual Tunnels: Verification
78. Lab 6 IPv6 Manual Tunnels: GRE
The link between R3 and R6 has another issue. It can not pass protocol 41 for
some reason
Due to this limitation, IPv6oIPv4 tunnel can not be established between R3 and
R6
ISP provided you an option of using GRE tunnel instead between R3 and R6
Since there is a directly connected interface between R3 and R6, the tunnel
source and destinations can easily be chosen as the outgoing interface
A new IPv6 address needs to configured on both side over the tunnel between
R3 and R6 in the range 2001:db8:36:1::16/127 as shown in the previous slide
Ping R6 IPv6 tunnel address from R3 and make sure it is successful to
determine that the tunnel is up and running
79. R# Configs
R6 R6(config-if)#int tun 0
R6(config-if)#tun source s1/0
R6(config-if)#tun destination 10.1.36.0
R6(config-if)#tun mode gre ip
R6(config-if)#ipv6 address 2001:db8:36:1::17/127
R6(config-if)#end
R3 R3(config-if)#int tun 1
R3(config-if)#tun source s2/0
R3(config-if)#tun destination 10.1.36.1
R3(config-if)#tun mode gre ip
R3(config-if)#ipv6 address 2001:db8:36:1::16/127
R3(config-if)#end
Lab 6 IPv6 Manual Tunnels: Configs
80. R3 Tunnel 1 R6 Tunnel 0
R3#sh ipv6 int tun 1
Tunnel1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::4AFF:FEA2:853
No Virtual link-local address(es):
Global unicast address(es):
2001:DB8:36:1::16, subnet is 2001:DB8:36:1::16/127
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:16
FF02::1:FFA2:853
MTU is 1476 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND RAs are suppressed (periodic)
Hosts use stateless autoconfig for addresses.
R3#
R6#sh ipv6 int tun 0
Tunnel0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:5600
No Virtual link-local address(es):
Global unicast address(es):
2001:DB8:36:1::17, subnet is 2001:DB8:36:1::16/127
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:17
FF02::1:FF00:5600
MTU is 1476 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND RAs are suppressed (periodic)
Hosts use stateless autoconfig for addresses.
R6#
Lab 6 IPv6 Manual Tunnels: Verification
81. R3
R3#ping 2001:db8:36:1::17
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:36:1::17, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 37/38/40 ms
R3#
Lab 6 IPv6 Manual Tunnels: Verification
83. Lab 7 OSPFv3
ISP has received a request from ABC Inc that they want IPv6 connectivity
between Site 1 and Site 2. ISP are also making an effort to make their own
network dual stack and enabling IPv6 in their core network
ISP has been running OSPFv2 internally in their core. They have decided to
run OSPFv3 for IPv6
Assign IPv6 address 2001:db8:172:17::2/127 between R2 & R3. ::2 on R2 side
and ::3 on R3 side
Assign IPv6 address 2001:db8:172:17::/127 between R1 & R2. :: on R1 side
and ::1 on R2 side
Configure OSPFv3 area 0 between R1 and R2 and area 1 between R2 and R3
as shown in the next slide
Put Loopbacks of R1 and R2 into area 0
Redistribute R2’s loopback into OSPFv3
Ping ipv6 Loopback 0 of R3 from the loopback 0 of R1
Compare the difference between OSPFv2 and OSPFv3 LSAs
86. R# Area 0 Configs
R2 R2(config)#int lo 0
R2(config-if)#ipv6 add 2001:db8:172:16::2/128
R2(config-if)#ipv6 ospf 1 area 0
R2(config-if)#int s1/0
R2(config-if)#ipv6 add 2001:db8:172:17::1/127
R2(config-if)#ipv6 ospf 1 area 0
R2(config-if)#end
R1 R1(config)#ipv6 unicast-routing
R1(config)#int lo 0
R1(config-if)#ipv6 add 2001:db8:172:16::1/128
R1(config-if)#ipv6 ospf 1 area 0
R1(config)#int s1/0
R1(config-if)#ipv6 add 2001:db8:172:17::/127
R1(config-if)#ipv6 ospf 1 area 0
R1(config-if)#end
Lab 7 OSPFv3: Configs
87. R2
R2#sh ipv6 ospf nei
OSPFv3 Router with ID (172.16.1.2) (Process ID 1)
Neighbor ID Pri State Dead Time Interface ID Interface
172.16.1.1 0 FULL/ - 00:00:31 6 Serial1/0
172.16.1.3 1 FULL/DR 00:00:36 2 Ethernet0/0
R2#
R2#sh ipv6 ospf nei detail | i area
In the area 0 via interface Serial1/0
In the area 1 via interface Ethernet0/0
R2#
R2#sh ipv6 ospf int brie
Interface PID Area Intf ID Cost State Nbrs F/C
Se1/0 1 0 6 64 P2P 1/1
Et0/0 1 1 2 10 BDR 1/1
R2#
Lab 7 OSPFv3: Verification
88. R2
R2#sh ipv6 ospf
Routing Process "ospfv3 1" with ID 172.16.1.2
Supports IPv6 Address Family
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
It is an area border and autonomous system boundary router
Redistributing External Routes from,
connected
[…]
Number of external LSA 1. Checksum Sum 0x0055EC
Number of areas in this router is 2. 2 normal 0 stub 0 nssa
Graceful restart helper support enabled
Reference bandwidth unit is 100 mbps
Area BACKBONE(0)
Number of interfaces in this area is 2
SPF algorithm executed 7 times
Number of LSA 8. Checksum Sum 0x03F283
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
Area 1
Number of interfaces in this area is 1
SPF algorithm executed 3 times
Number of LSA 8. Checksum Sum 0x02CAB4
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
Lab 7 OSPFv3: Verification
89. R1
R1#sh ipv6 ospf
Routing Process "ospfv3 1" with ID 172.16.1.1
Supports IPv6 Address Family
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 1. Checksum Sum 0x0055EC
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Graceful restart helper support enabled
Reference bandwidth unit is 100 mbps
Area BACKBONE(0)
Number of interfaces in this area is 2
SPF algorithm executed 3 times
Number of LSA 8. Checksum Sum 0x03F283
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
Lab 7 OSPFv3: Verification
90. R3
R3#sh ipv6 ospf
Routing Process "ospfv3 1" with ID 172.16.1.3
Supports IPv6 Address Family
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 1. Checksum Sum 0x0055EC
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Graceful restart helper support enabled
Reference bandwidth unit is 100 mbps
Area 1
Number of interfaces in this area is 1
SPF algorithm executed 3 times
Number of LSA 8. Checksum Sum 0x02CAB4
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
Lab 7 OSPFv3: Verification
91. Area 0
R2#sh ipv6 ospf data
OSPFv3 Router with ID (172.16.1.2) (Process ID 1)
Router Link States (Area 0)
ADV Router Age Seq# Fragment ID Link count Bits
172.16.1.1 968 0x80000002 0 1 None
172.16.1.2 967 0x80000002 0 1 B
Inter Area Prefix Link States (Area 0)
ADV Router Age Seq# Prefix
172.16.1.2 963 0x80000001 2001:DB8:172:17::2/127
Inter Area Router Link States (Area 0)
ADV Router Age Seq# Link ID Dest RtrID
172.16.1.2 814 0x80000001 2886729987 172.16.1.3
Link (Type-8) Link States (Area 0)
ADV Router Age Seq# Link ID Interface
172.16.1.1 967 0x80000002 6 Se1/0
172.16.1.2 964 0x80000002 6 Se1/0
Intra Area Prefix Link States (Area 0)
ADV Router Age Seq# Link ID Ref-lstype Ref-LSID
172.16.1.1 968 0x80000002 0 0x2001 0
172.16.1.2 967 0x80000002 0 0x2001 0
Lab 7 OSPFv3: Verification
92. R2 (continued..)
Router Link States (Area 1)
ADV Router Age Seq# Fragment ID Link count Bits
172.16.1.2 928 0x80000002 0 1 B
172.16.1.3 820 0x80000003 0 1 E
Net Link States (Area 1)
ADV Router Age Seq# Link ID Rtr count
172.16.1.3 929 0x80000001 2 2
Inter Area Prefix Link States (Area 1)
ADV Router Age Seq# Prefix
172.16.1.2 963 0x80000001 2001:DB8:172:16::1/128
172.16.1.2 963 0x80000001 2001:DB8:172:17::/127
172.16.1.2 963 0x80000001 2001:DB8:172:16::2/128
Link (Type-8) Link States (Area 1)
ADV Router Age Seq# Link ID Interface
172.16.1.2 968 0x80000002 2 Et0/0
172.16.1.3 968 0x80000002 2 Et0/0
Intra Area Prefix Link States (Area 1)
ADV Router Age Seq# Link ID Ref-lstype Ref-LSID
172.16.1.3 929 0x80000001 2048 0x2002 2
Type-5 AS External Link States
ADV Router Age Seq# Prefix
172.16.1.3 819 0x80000001 2001:DB8:35:1::16/127
172.16.1.3 819 0x80000001 2001:DB8:36:1::16/127
172.16.1.3 819 0x80000001 2001:DB8:172:16::3/128
Lab 7 OSPFv3: Verification
93. R5 & R6
R2#deb ipv6 ospf hello
OSPFv3 hello events debugging is on
19:02:20.240: OSPFv3: Send hello to FF02::5 area 1 on Ethernet0/0 from FE80::A8BB:CCFF:FE00:5200 interface
ID 2
19:02:27.100: OSPFv3: Rcv hello from 172.16.1.3 area 1 from Ethernet0/0 FE80::A8BB:CCFF:FE00:5300 interface
ID 2
19:02:27.100: OSPFv3: End of hello processing
19:02:28.840: OSPFv3: Send hello to FF02::5 area 0 on Serial1/0 from FE80::A8BB:CCFF:FE00:5200 interface ID
6
19:02:28.920: OSPFv3: Rcv hello from 172.16.1.1 area 0 from Serial1/0 FE80::4AFF:FEA2:851 interface ID 6
19:02:28.920: OSPFv3: End of hello processing
R2#un all
All possible debugging has been turned off
Lab 7 OSPFv3: Debugs
96. Lab 8 BGPv6: iBGP
ISP is already receiving IPv6 Internet prefixes on R1, Since there is a
requirement of providing IPv6 Internet connectivity to Site 2 as well so ISP has
to extend BGP all the way upto site 2 for IPv6 by enabling iBGP in their network
and eBGP with Site 2. Note, this BGP extension is already present in IPv4
network
iBGP peering in the ISP network is following IPv4 BGP method which is to
source the update from loopback and peer between loopbacks
ISP is following the similar method that they used in IPv4 BGP which is to make
R2 as an RR for R1 and R3 and run iBGP between R2-R1 and R2-R3
Advertise 2004:db8::1/128 from R1 under address-family ipv6
Redistribute static route for Site 1 into BGP so site 2 can learn about this prefix
Set next-hop-self towards R2 or static routes won’t be installed in AS 109
Enable iBGP between R2-R1 and R2-R3 making R1 and R3 as route-reflector
clients for R2. Note, disable ipv4-unicast default peering so it does not activate
ipv4 peering by default when ipv6 peering is configured
99. R2
R2#sh bgp ipv6 unicast sum
BGP router identifier 172.16.1.2, local AS number 109
BGP table version is 4, main routing table version 4
1 network entries using 172 bytes of memory
1 path entries using 88 bytes of memory
1/1 BGP path/bestpath attribute entries using 128 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 412 total bytes of memory
BGP activity 7/0 prefixes, 8/1 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2001:DB8:172:16::1
4 109 100 98 4 0 0 0 1:26:26 2
2001:DB8:172:16::3
4 109 95 98 4 0 0 0 1:24:10 0
R2#
Lab 8 BGPv6: iBGP Verification
100. R2
R2#sh bgp ipv6 unicast
BGP table version is 4, local router ID is 172.16.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter, a additional-path
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i 2004:DB8::1/128
2001:DB8:172:16::1
0 100 0 i
*>i 2001:DB8:1:41::/64
2001:DB8:172:16::1
0 100 0 ?
R2#sh bgp ipv6 unicast 2001:db8:1:41::/64
BGP routing table entry for 2001:DB8:1:41::/64, version 29
Paths: (1 available, best #1, table default)
Advertised to update-groups:
2
Refresh Epoch 2
Local, (Received from a RR-client)
2001:DB8:172:16::1 (metric 64) from 2001:DB8:172:16::1 (172.16.1.1)
Origin incomplete, metric 0, localpref 100, valid, internal, best
Lab 8 BGPv6: iBGP Verification
101. Lab 8 BGPv6: eBGP
ISP is now ready to provided end to end connectivity between site 1 and Site 2
for ABC
You want to use the similar BGP policies and advertisement that you have for
iPv4.
Enable eBGP between R3 and R5 over link local address and R3 and R6 over
a global address over the tunnel interfaces. Note, make sure to advertise
Serial2/0 into OSPFv3 or site 2 routes will not get installed in AS 109
Advertise prefixes that are assigned on the Ethernet segment of R5 and R6 and
aggregate 2001:db8:1:56::/64 and 2001:db8:1:57::/64 into one block
Make sure that H2 can reach IPv6 Internet. Note, in our case 2004:db8::1
represent IPv6 Internet
Verify that Site 2 can reach Site 1 by pinging H1 from H2.
104. R3
R3#sh bgp ipv6 unicast sum | e 109
BGP table version is 26, main routing table version 26
3 network entries using 516 bytes of memory
5 path entries using 440 bytes of memory
4/3 BGP path/bestpath attribute entries using 512 bytes of memory
1 BGP rrinfo entries using 24 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1516 total bytes of memory
BGP activity 15/6 prefixes, 31/18 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2001:DB8:36:1::17
4 1 11 16 26 0 0 00:05:42 2
2001:DB8:172:16::2
FE80::A01:2301%Tunnel0
4 1 11 18 26 0 0 00:05:56 2
R3#
Lab 8 BGPv6: eBGP Verification
105. R3
R3#sh bgp ipv6 unicast
BGP table version is 27, local router ID is 172.16.1.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter, a additional-path
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i 2001:DB8:1:41::/64
2001:DB8:172:16::1
0 100 0 ?
* 2001:DB8:1:56::/63
2001:DB8:36:1::17
0 0 1 i
*> FE80::A01:2301 0 0 1 i
* 2001:DB8:1:88::/64
2001:DB8:36:1::17
0 0 1 i
*> FE80::A01:2301 0 0 1 i
*>i 2004:DB8::1/128 2001:DB8:172:16::1
0 100 0 i
R3#
Lab 8 BGPv6: eBGP Verification
106. R3
R3#sh bgp ipv6 uni 2001:db8:1:56::/63
BGP routing table entry for 2001:DB8:1:56::/63, version 22
Paths: (2 available, best #2, table default)
Advertised to update-groups:
1 3
Refresh Epoch 1
1, (aggregated by 1 10.1.1.6)
2001:DB8:36:1::17 (FE80::A8BB:CCFF:FE00:5600) from 2001:DB8:36:1::17 (10.1.1.6)
Origin IGP, metric 0, localpref 100, valid, external, atomic-aggregate
Refresh Epoch 1
1, (aggregated by 1 10.1.1.5)
FE80::A01:2301 (FE80::A01:2301) from FE80::A01:2301%Tunnel0 (10.1.1.5)
Origin IGP, metric 0, localpref 100, valid, external, atomic-aggregate, best
R3#
H2#ping [H1 IPv6 Global Unicast Address]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:1:41:A8BB:CCFF:FE00:5700, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 119/123/139 ms
H2#
Lab 8 BGPv6: eBGP Verification
117. 6PE Lab Agenda
Enabling OSPFv3 as a PE-CE protocol on a non vrf based interface
Enabling BGPv6 as a PE-CE protocol on a non vrf based interface
Enabling 6PE
118.
119. 6PE Instructions
MPLS/LDP is pre configured in AS 109 between R1-R2-R3
OSPFv2 is pre-configured between R1-R2-R3
OSPFv2 is pre-configured between R1-R4(E0/0-E0/0) as a PE-CE
protocol (over a VRF interface)
BGP for IPv4 is pre-configured between R3-R5(E2/0-E1/0) as a PE-
CE protocol (over a VRF interface)
IPv6 address are pre-configured between R1-R4(E1/0-E1/0) & R3-
R5(E0/0-E0/0)
Note, a separate interface is used for 6PE. This is usually a case
where ipv4 internet routes or a default routes are received on that
interface. IPv6 can be enabled on that interface to receive ipv6 internet
prefixes and that will be a dual stack environment but in lab, we are
only using that interface for IPv6
120. 6PE Lab: Enabling OSPFv3 on PE-CE link
Configure OSPFv3 between R1-R4
Why are we configuring ospfv3 on a separate interface?
R# OSPFv3
R1 interface Ethernet1/0
ipv6 ospf 1 area 0
!
router ospfv3 1
router-id 10.1.0.1
R4 interface Loopback0
ipv6 ospf 1 area 0
!
interface Ethernet1/0
ipv6 ospf 1 area 0
!
router ospfv3 1
router-id 10.0.0.1
121. 6PE Lab: Enabling OSPFv3 on PE-CE link
Configure mutual redistribution between OSPFv3 and BGP
In which routing table (global or VRF) do you see the V6 routes after the
redistribution on R1
R# OSPFv3 and Redistribution
R1 router ospfv3 1
address-family ipv6
redistribute bgp 109
!
router bgp 109
address-family ipv6
redistribute ospf 1
122. 6PE Lab: Enabling OSPFv3 on PE-CE link
Verify that the peers have been established and that R4 loopback address is received and
seen in BGP on R1
R# BGPv6
R1 R1#sh ipv6 ospf nei
OSPFv3 Router with ID (10.1.0.1) (Process ID 1)
Neighbor ID Pri State Dead Time Interface ID Interface
10.0.0.1 1 FULL/BDR 00:00:38 6 Ethernet1/0
R1#sh ipv6 route 2001:db8::4
Routing entry for 2001:DB8::4/128
Known via "ospf 1", distance 110, metric 10, type intra area, bgp 109
Route count is 1/1, share count 0
Routing paths:
FE80::A8BB:CCFF:FE00:5401, Ethernet1/0
Last updated 03:17:09 ago
R1#sh bgp ipv6 unicast
Network Next Hop Metric LocPrf Weight Path
*> 2001:DB8::4/128 :: 10 32768 ?
R1#
123. 6PE Lab: Enabling OSPFv3 on PE-CE link
Answers
We are getting global IPv4 and IPv6 routes on a separate interface
and l3vpn routes over another interface.
6PE installs the routes in the global routing table
Note that although OSPFv3 is enabled under the interface itself, the
redistribution is enabled under the ospfv3 router process
As 6PE uses the global routing table, configuring OSPFv3 in the
context of 6PE does not require anything special
124. 6PE Lab: Enabling BGPv6 as a PE-CE protocol
Configure BGPv6 between R3-R5
Advertise R5 loopback address in BGPv6
Why don’t we need to configure redistribution?
R# BGPv6 and Redistribution
R3 router bgp 109
!
address-family ipv6
neighbor 2001:db8:1:2::5 remote-as 2
R5 router bgp 2
!
address-family ipv6
neighbor 2001:db8:1:2::3 remote-as 109
network 2001:db8:1:5::3/128
125. 6PE Lab: Enabling BGPv6 as a PE-CE protocol
Verify that the peers has been established by using appropriate show commands
Verify that R5 loopback address is seen on R3
Can we configure the PE-CE BGP session over a IPv4 transport in a 6PE scenario?
R# BGPv6
R3 R3#sh bgp ipv6 unicast summ
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2001:DB8:1:2::5 4 2 14 14 5 0 0 00:08:33 1
R3#
R3#sh bgp ipv6 unicast
BGP table version is 5, local router ID is 10.1.3.1
Network Next Hop Metric LocPrf Weight Path
*> 2001:DB8:1:5::3/128
2001:DB8:1:2::5 0 0 2 i
R3#
126. 6PE Lab: Enabling BGPv6 as a PE-CE protocol
Redistribution is not required for BGP routes received from the CE
as the routes will be propagated automatically to the 6PE peers via
separate iBGP session exclusively for 6PE
The PE-CE BGP session in 6PE is just like any other IPv6 eBGP
session. It could be configured over an IPv4 or IPv6 transport. The
normal restrictions would apply. For example, a route-map would be
required to change the BGP next hop.
128. 6PE Lab: Enabling 6PE
Verify that the peers has been established by using appropriate show commands
*Only R2 (RR) peering is shown as it covers all peering
Why don’t we have ipv6 neighbors?
R# BGPv6
R2 R2#sh bgp ipv6 unicast summ
BGP router identifier 10.1.0.0, local AS number 109
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.0.1 4 109 15 15 1 0 0 00:10:04 0
10.1.3.1 4 109 13 11 1 0 0 00:08:38 0
R2#
129. 6PE Lab: Enabling 6PE
Verify that R5 loopback is received on R1 and what label is advertised for it
What is the next hop for it and why?
Look at R5 loopback address in cefv6
Why do we see 2 labels for this ipv6 prefix?
R# BGPv6
R1 R1#sh bgp ipv6 unicast label
Network Next Hop In label/Out label
2001:DB8::4/128 :: 16/nolabel
2001:DB8:1:5::3/128
::FFFF:10.1.3.1 nolabel/17
R1#sh ip cef 10.1.3.1
10.1.3.1/32
nexthop 10.1.0.2 Serial2/0 label 17
R1#sh ipv6 cef 2001:db8:1:5::3
2001:DB8:1:5::3/128
nexthop 10.1.0.2 Serial2/0 label 17 17
130. 6PE Lab: Enabling 6PE Answers
6PE requires configuring the BGP session over an IPv4 transport as
the core is not IPv6 enabled
This is done by activating a neighbor with an IPv4 peer address
under address-family ipv6
The send-label statement under address-family ipv6 is really what
enables 6PE
6PE uses an IGP label to get the ipv6 packet from the ingress to the
egress PE. It is the LDP label learnt for the BGP next hop (IPv4
address).
It also uses a service label on the egress PE to forward the packet
through the proper egress interface. The service label is learnt via
BGP as a result of the send-label keyword.
131. 6PE Lab: Enabling BGPv6 Answers
The BGP next hop for R5 loopback address is actually R3 loopback
IPv4 address. It is displayed as an IPv4 mapped IPv6 address. The
first 80 bits are all zero followed by 0xFFFF and then the IPv4 next
hop address of the egress PE in dotted decimal format
Redistribution is not required for BGP routes received from the CE
as the routes will be propagated automatically to the 6PE peers.
139. 6VPE Lab Agenda
Enabling static a PE-CE protocol for IPv6
Enabling BGP as a PE-CE protocol for IPv6
Enabling 6VPE
140.
141. 6VPE Instructions
MPLS/LDP is pre configured in AS 109 between R1-R2-R3
OSPFv2 is pre-configured between R1-R2-R3
IPv6 address are pre-configured between R1-R4 & R3-R5
PE-CE protocol between R1-R4 is static for IPv4 and is
preconfigured
PE-CE protocol between R3-R5 is BGP for IPv4 and is
preconfigured
142. 6VPE Lab: Enabling static a PE-CE protocol for
IPv6
Enable IPv6 VRF on R1
Configure static route between R1-R4
Redistribute static in BGP
R# OSPFv3 and Redistribution
R1 vrf upgrade-cli multi-af-mode common-policies vrf 6vpe force
!
vrf definition 6vpe
address-family ipv6
!
ipv6 route vrf 6vpe 2001:db8::/64 201:db8:1:1::4
!
router bgp 109
address-family ipv6 vrf 6vpe
redistribute static
R4 ipv6 route ::/0 2001:db8:1:1::1
143. 6VPE Lab: Enabling static a PE-CE protocol for
IPv6
Verify that static route is installed in the VRF and that it is present in BGP
What is the purpose of the “vrf upgrade-cli” command?
R# BGPv6
R4 R4#sh ipv6 route ::/0
Routing entry for ::/0
Known via "static", distance 1, metric 0
Backup from "static [2]"
Route count is 1/1, share count 0
Routing paths:
2001:DB8:1:1::1
Last updated 00:01:22 ago
R1 R1#sh ipv6 route vrf 6vpe | incl 2001:DB8::/64
S 2001:DB8::/64 [1/0]
R1#sh bgp vpnv6 unicast all | incl 2001:DB8::/64
*> 2001:DB8::/64 2001:DB8:1:1::4 0 32768 ?
R1#
144. 6VPE Lab: Enabling static a PE-CE protocol for
IPv6 Answers
The “vrf upgrade-cli” command converts the IPv4 centric VRF CLI to
a multi address family VRF CLI. There are several option with this
command. For example, only one VRF can be converted into new
format at a time. “force” command will not prompt for the verification.
Common policies will keep the same policies as IPv4 vrf
Note that the VRF configuration as been slightly modified to
accommodate multiple address families
Static routes in the context of 6VPE are very similar to any other
static routes. They just need to be configured as part of the VRF
configuration on the PE
145. 6VPE Lab: Enabling BGP as a PE-CE protocol for
IPv6
Enable IPv6 VRF on R3
Configure BGP between R3-R5
R# Static and redistribution for V6
R3 vrf upgrade-cli multi-af-mode common-policies vrf 6vpe force
!
vrf definition 6vpe
address-family ipv6
!
router bgp 109
address-family ipv6 vrf 6vpe
neighbor 2001:db8:1:2::5 remote-as 2
R5 router bgp 2
no bgp default ipv4-unicast
neighbor 2001:db8:1:2::3 remote-as 109
address-family ipv6
network 2001:db8:1:5::3/128
neighbor 2001:db8:1:2::3 activate
146. 6VPE Lab: Enabling BGP as a PE-CE protocol for
IPv6
Verify the BGP sessions are up and that the routes are advertised
R# Static routes
R3 R3#sh bgp vpnv6 uni all summ | incl 2001
2001:DB8:1:2::5 4 2 57 59 4 0 0 00:48:33 1
R3#sh bgp vpnv6 uni all | incl 2001:DB8:1:5::3
*> 2001:DB8:1:5::3/128
R3#
R5 R5#sh bgp ipv6 uni summ | incl 2001
2001:DB8:1:2::3 4 109 61 59 3 0 0 00:50:21 1
R5#sh bgp ipv6 uni | incl 2001:DB8::/64
*> 2001:DB8::/64 2001:DB8:1:2::3 0 109 ?
R5#
147. 6VPE Lab: Enabling BGP as a PE-CE protocol for
IPv6 Answers
The BGP session on the PE is in the VRF context, where as it is a
simple BGP session on the CE
Note that just as for IPv4 BGP in a VRF context, the neighbor
address only needs to be configured under the appropriate address-
family for the specific VRF
Just like any IPv6 BGP session, you can either use an IPv6 or IPv4
transport address when you configure the BGP session in the VRF
context
149. 6VPE Lab: Enabling 6VPE
Verify the BGP sessions are up on the RR and that the routes are
advertised
R# Static routes
R2 R2#sh bgp vpnv6 uni all summ
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.0.1 4 109 72 71 3 0 0 01:00:42 1
10.1.3.1 4 109 68 66 3 0 0 00:57:40 1
R2#sh bgp vpnv6 uni all
BGP table version is 3, local router ID is 10.1.0.0
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter, a additional-path
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1
*>i 2001:DB8::/64 ::FFFF:10.1.0.1 0 100 0 ?
*>i 2001:DB8:1:5::3/128
::FFFF:10.1.3.1 0 100 0 2 i
150. 6VPE Lab: Enabling 6VPE
Verify that routes are received and installed in the CEF table
R# Static routes
R1 R1#sh bgp vpnv6 uni all
BGP table version is 4, local router ID is 10.1.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter, a additional-path
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf 6vpe)
*> 2001:DB8::/64 2001:DB8:1:1::4 0 32768 ?
*>i 2001:DB8:1:5::3/128
::FFFF:10.1.3.1 0 100 0 2 i
R1#sh ip cef 10.1.3.1
10.1.3.1/32
nexthop 10.1.0.2 Serial1/0 label 17
R1#sh ipv6 cef vrf 6vpe 2001:db8:1:5::3
2001:DB8:1:5::3/128
nexthop 10.1.0.2 Serial1/0 label 17 20
R1#
151. 6VPE Lab: Enabling 6VPE Answers
Just like 6PE and L3VPN for IPv4, 6VPE uses a label stack to
forward traffic through the MPLS core.
The IGP label is learnt via LDP and correspond to the BGP next hop
(loopback address of the egress PE).
The service label is learnt via the VPNv6 session which is
configured between the two PE