31 May 2017

Carrying IPv6 over a MPLS Backbone (6PE)

There are multiple techniques available to integrate IPv6 services over Service Providers core backbones: dedicated IPv6 network running over various data link layers, dual stack IPv4-IPv6 backbone, or leveraging of an existing MPLS backbone. These solutions (IPv6) are deployed on Service Providers backbones when the amount of IPv6 traffic and the revenue generated are in line with the necessary investments and the risks consented

Service Providers running an MPLS/IPv4 infrastructure follow the same trends, as several integration scenarios are possible to offer IPv6 services on an MPLS network. Cisco Systems specially developed IPv6 Provider Edge Router over MPLS—(Cisco 6PE) to meet all of those requirements.

Operation of 6PE

In the 6PE solution, the PE routers are dual-stack, which means they run IPv4 and IPv6. The CE routers that are running IPv6 are connected to the PE router via a normal interface; the interface is not part of a VRF for IPv6 even though the same interface might be in a VRF for IPv4. The IPv6 routing distribution between the PE routers is done via MP-iBGP. At the same time, MP-iBGP distributes the label to be used for the specific IPv6 prefixes. This BGP label identifies or tags the IPv6 packet at the egress PE. The egress PE looks up this BGP label in the label forwarding information base (LFIB) and uses it to forward the IPv6 packet toward the egress CE.

NOTE Notice that ipv6 unicast-routing and ipv6 cef are not enabled by default and thus must be configured. Also notice that RIP routing processes have names and that they have to be enabled on each interface.

The topology below shows the case:

CE config example:
ipv6 unicast-routing
ipv6 cef
!
interface Loopback0
 ip address 10.100.1.1 255.255.255.255
 ipv6 address 2001:DB8:11::1/128
 ipv6 rip cust-one enable
!
interface Ethernet0/1
 description PE
 no ip address
 ipv6 address 2001:DB8:20::1/64
 ipv6 rip cust-one enable
!
ipv6 router rip cust-one
!
end

PE - 254.1 config:
ip cef
ipv6 unicast-routing
ipv6 cef
!
interface Loopback0
 ip address 10.200.254.1 255.255.255.255
!
interface Ethernet0/0
 ip address 10.200.200.1 255.255.255.0
 mpls ip
!
interface Ethernet0/1
 description CE
 no ip address
 ipv6 address 2001:DB8:20::2/64
 ipv6 enable
 ipv6 rip cust-one enable
!
mpls ldp router-id Loopback0 force
!
router ospf 1
 mpls ldp autoconfig
 network 0.0.0.0 255.255.255.255 area 0
!
router bgp 1
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 10.200.254.7 remote-as 1
 neighbor 10.200.254.7 update-source Loopback0
 !
 address-family ipv4
  neighbor 10.200.254.7 activate
 exit-address-family
 !
 address-family ipv6
  redistribute connected
  redistribute rip cust-one
  neighbor 10.200.254.7 activate
  neighbor 10.200.254.7 send-community both
  neighbor 10.200.254.7 send-label
 exit-address-family
!
ipv6 router rip cust-one
 redistribute bgp 1
!
end



Verifying 6PE Operation

CE# trace ipv6 2001:DB8:30::1
1 2001:DB8:20::2 0 msec 0 msec 0 msec
  2 ::FFFF:10.200.200.2 [MPLS: Labels 17/20 Exp 0] 2 msec 2 msec 3 msec
  3 ::FFFF:10.200.210.2 [MPLS: Labels 17/20 Exp 0] 2 msec 2 msec 2 msec
  4 ::FFFF:10.200.211.2 [MPLS: Labels 17/20 Exp 0] 3 msec 3 msec 2 msec
  5 ::FFFF:10.200.215.2 [MPLS: Labels 18/20 Exp 0] 2 msec 1 msec 2 msec
  6 2001:DB8:30::2 2 msec 3 msec 2 msec
  7 2001:DB8:30::1 3 msec 2 msec 2 msec

NOTE Notice the ::FFFF:IPv4 address notation in the traceroute. This is an IPv4-mapped IPv6 address, because it has the format of ::FFFF:IPv4-address. It represents the address of IPv4-only nodes as an IPv6 address. This is the result of this P router not having IPv6 enabled.

And after disable the ttl in MPLS cloud (no mpls ip propagate-ttl):

CE# trace ipv6 2001:DB8:30::1
  1 2001:DB8:20::2 1 msec 0 msec 1 msec
  2 2001:DB8:30::2 2 msec 2 msec 2 msec
  3 2001:DB8:30::1 2 msec 2 msec 2 msec

CE# debug ipv6 rip
*May 31 18:48:59.515: RIPng [default VRF]: a message has been received.
*May 31 18:48:59.515: RIPng [Et0/1, default VRF]: response received from FE80::A8BB:CCFF:FE00:1010 for process "cust-one".
*May 31 18:48:59.515:        src=FE80::A8BB:CCFF:FE00:1010 (Ethernet0/1)
*May 31 18:48:59.515:        dst=FF02::9
*May 31 18:48:59.515:        sport=521, dport=521, length=72
*May 31 18:48:59.515:        command=2, version=1, mbz=0, #rte=3
*May 31 18:48:59.515:        tag=0, metric=1, prefix=2001:DB8:20::/64
*May 31 18:48:59.515:        tag=0, metric=1, prefix=2001:DB8:30::/64
*May 31 18:48:59.515:        tag=0, metric=2, prefix=2001:DB8:12::1/128
CE#
*May 31 18:49:02.737: RIPng [Et0/1, default VRF]: process "cust-one" is sending a multicast update.
*May 31 18:49:02.737:        src=FE80::A8BB:CCFF:FE00:8010
*May 31 18:49:02.737:        dst=FF02::9 (Ethernet0/1)
*May 31 18:49:02.737:        sport=521, dport=521, length=52
*May 31 18:49:02.737:        command=2, version=1, mbz=0, #rte=2
*May 31 18:49:02.737:        tag=0, metric=1, prefix=2001:DB8:11::1/128
*May 31 18:49:02.737:        tag=0, metric=1, prefix=2001:DB8:20::/64
*May 31 18:49:02.737: RIPng [Lo0, default VRF]: process "cust-one" is sending a multicast update.
*May 31 18:49:02.737:        src=FE80::A8BB:CCFF:FE00:8000
*May 31 18:49:02.737:        dst=FF02::9
CE# (Loopback0)
*May 31 18:49:02.737:        sport=521, dport=521, length=92
*May 31 18:49:02.737:        command=2, version=1, mbz=0, #rte=4
*May 31 18:49:02.737:        tag=0, metric=1, prefix=2001:DB8:11::1/128
*May 31 18:49:02.737:        tag=0, metric=1, prefix=2001:DB8:20::/64
*May 31 18:49:02.737:        tag=0, metric=2, prefix=2001:DB8:30::/64
*May 31 18:49:02.737:        tag=0, metric=3, prefix=2001:DB8:12::1/128
*May 31 18:49:02.738: RIPng [default VRF]: a message has been received.
*May 31 18:49:02.738: RIPng [Lo0, default VRF]: process "cust-one" received own response.

CE# show ipv6 route rip
R   2001:DB8:12::1/128 [120/3]
     via FE80::A8BB:CCFF:FE00:1010, Ethernet0/1
R   2001:DB8:30::/64 [120/2]
     via FE80::A8BB:CCFF:FE00:1010, Ethernet0/1

PE# show bgp ipv6 unicast neighbors
BGP neighbor is 10.200.254.7remote AS 1, internal link
  BGP version 4, remote router ID 10.200.254.7
  BGP state = Established, up for 02:34:15
  Last read 00:00:19, last write 00:00:30, hold time is 180, keepalive interval is 60 seconds
  Neighbor sessions:
    1 active, is not multisession capable (disabled)
  Neighbor capabilities:
    Route refresh: advertised and received(new)
    Four-octets ASN Capability: advertised and received
    Address family IPv4 Unicast: advertised and received
    Address family IPv6 Unicast: advertised and received
    ipv6 MPLS Label capability: advertised and received
    Enhanced Refresh Capability: advertised and received
...
 For address family: IPv6 Unicast
  Session: 10.200.254.7
  BGP table version 7, neighbor version 7/0
  Output queue size : 0
  Index 2, Advertise bit 0
  2 update-group member
  Community attribute sent to this neighbor
  Sending Prefix & Label
...

PE# show ipv6 route 2001:db8:30::1
Routing entry for 2001:DB8:30::/64
  Known via "bgp 1", distance 200, metric 0, type internal
  Redistributing via rip cust-one
  Route count is 1/1, share count 0
  Routing paths:
    10.200.254.7%default indirectly connected
      MPLS label: 20
      Last updated 02:37:44 ago

PE# show bgp ipv6 unicast 2001:db8:30::1/64
BGP routing table entry for 2001:DB8:30::/64, version 6
Paths: (1 available, best #1, table default)
  Not advertised to any peer
  Refresh Epoch 1
  Local
    ::FFFF:10.200.254.7 (metric 51) from 10.200.254.7 (10.200.254.7)
      Origin incomplete, metric 0, localpref 100, valid, internal, best
      mpls labels in/out nolabel/20
      rx pathid: 0, tx pathid: 0x0


PE# show ipv6 cef 2001:DB8:30::1/64 detail
2001:DB8:30::/64, epoch 0, flags [rib defined all labels]
  recursive via 10.200.254.7 label 20
    nexthop 10.200.200.2 Ethernet0/0 label 17

Summary Steps
1. enable
2. configure terminal
3. ip cef
4. ipv6 cef
5. ipv6 unicast-routing
6. router bgp as-number
7. no synchronization
8. no bgp default ipv4-unicast
9. neighbor {ip-address | ipv6-address | peer-group-name} remote-as as-number
10. neighbor {ip-address | ipv6-address | peer-group-name} update-so intf-type intf-number
11. address-family ipv6
12. neighbor {ip-address | ipv6-address | peer-group-name} activate
13. neighbor {ip-address | ipv6-address | peer-group-name} send-label
14. exit-address-family

biOos

20 April 2017

IPv6 over IPv4 Tunneling

Overlay tunneling encapsulates IPv6 packets in IPv4 packets for delivery across an IPv4 infrastructure (a core network or the figure below). By using overlay tunnels, you can communicate with isolated IPv6 networks without upgrading the IPv4 infrastructure between them. Overlay tunnels can be configured between border devices or between a border device and a host; however, both tunnel endpoints must support both the IPv4 and IPv6 protocol stacks. IPv6 supports the following types of overlay tunneling mechanisms:

  • Manual
  • Generic routing encapsulation (GRE)
  • IPv4-compatible
  • 6to4
  • Intrasite Automatic Tunnel Addressing Protocol (ISATAP) 

 
The config is simple.


R1# show running-config
!
ip cef
ipv6 unicast-routing
ipv6 cef
!
interface Loopback0
no ip address
ipv6 address 2001:DB8:1::1/64
ipv6 ospf 1 area 0
!
interface Tunnel0
no ip address
ipv6 address 2001:DB8:10::1/64
ipv6 ospf 1 area 0
tunnel source Ethernet0/0
tunnel mode ipv6ip
tunnel destination 209.165.201.6
!
interface Ethernet0/0
ip address 209.165.201.1 255.255.255.252
!
router ospfv3 1
!
address-family ipv6 unicast
exit-address-family
!
router bgp 100
bgp router-id 1.1.1.1
bgp log-neighbor-changes
neighbor 209.165.201.2 remote-as 200
!
address-family ipv4
network 209.165.201.0 mask 255.255.255.252
neighbor 209.165.201.2 activate
exit-address-family
!
end

R3# show ipv6 int brief
Ethernet0/1            [up/up]
    unassigned
Loopback0              [up/up]
    FE80::A8BB:CCFF:FE00:3000
    2001:DB8:3::3
Tunnel0                [up/up]
    FE80::D1A5:C906
    2001:DB8:10::2

R3# tracer 2001:DB8:1::1
Tracing the route to 2001:DB8:1::1

  1 2001:DB8:10::1 2 msec 2 msec 1 msec

R1# debug ipv6 icmp
*Apr 20 18:04:41.250: ICMPv6: Sent Unreachable code 4, Src=2001:DB8:10::1, Dst=2001:DB8:10::2
*Apr 20 18:04:41.251: ICMPv6: Sent Unreachable code 4, Src=2001:DB8:10::1, Dst=2001:DB8:10::2


biOos