11/28/2016 6pe | Darren's Blog
Darren's Blog
Google Engineer. Dual CCIE #38070. JNCIE-SP #2227
Tag: 6pe
IPv6 over IPv4 MPLS Core Interop – IOS,
Junos, Netiron – Part 2 of 2 – 6VPE
This is part two of my blog started here: [Link]
Same diagram as last time:
This time each CPE is going to be connected to a VRF on the PE router. I’m only using
one customer for this post, but this is regular L3VPN so scale as you see fit.
Major issue with the Netiron. It doesn’t support the VPNV6 adress family :( – I’m
using the latest 5.4b code and nothing. So this means this is a Junos/IOS lab only
CPE config
[Link] 1/11
�11/28/2016 6pe | Darren's Blog
CPE config
All the CPEs are running BGP with their directly connected PE routers. All are
advertising reachability to their IPv6 loopback addresses to their PE router. I’m only
showing R6’s config as the others are the same with different addresses:
interfaces {
ae1 {
unit 36 {
vlan-id 36;
family inet6 {
address [Link]/64;
}
}
lo0 {
unit 6 {
family inet6 {
address [Link]/128;
}
}
}
}
protocols {
bgp {
group PROVIDER {
family inet6 {
unicast;
}
export LOOPBACK;
neighbor [Link] {
peer-as 100;
}
}
}
}
policy-options {
policy-statement LOOPBACK {
from {
protocol direct;
route-filter [Link]/128 exact;
}
then accept;
}
}
routing-options {
router-id [Link];
autonomous-system 65123 loops 2;
}
You’ll need to statically define your router-id for all sites. If a router is running ONLY
IPv6, or your VRF ONLY has a IPv6 address, then the router has no IPv4 address to
[Link] 2/11
�11/28/2016 6pe | Darren's Blog
choose it’s router-id from. This will be a common theme throughout as you’ll also
need to set router-ids in IPv6-only VRF instances.
PE config
Junos
First we need to set up the VRF to the customer and run BGP. We then need to enable
the VPNV6 family in BGP. I’m going to remove the old IPv6 unicast config used in
part one of this series.
USER3:R3> show configuration protocols
mpls {
ipv6-tunneling;
interface ae1.13;
}
bgp {
group 6VPE {
family inet6-vpn {
unicast;
}
peer-as 100;
neighbor [Link];
}
}
USER3:R3> show configuration routing-instances
CUSTOMER1 {
instance-type vrf;
interface fe-0/0/3.36;
route-distinguisher [Link]:1;
vrf-target target:100:1;
routing-options {
router-id [Link];
}
protocols {
bgp {
group EXTERNAL {
advertise-peer-as;
family inet6 {
unicast;
}
neighbor [Link] {
peer-as 65123;
}
}
}
}
}
[Link] 3/11
�11/28/2016 6pe | Darren's Blog
IPv6 address family running with the customer. VPNv6 address family running with
IOS PE R4. Note that I have to use ‘advertise-peer-as’ on R3 as Junos will not advertise
a route to an AS that already has the AS number in the path by default.
IOS
The main issue with IOS is that I cannot statically definate a BGP router-id if I’m
ONLY running IPv6. BGP requires a router-id on the x.x.x.x format. IOS does not give
me the option to hard-code a router-id under the BGP process for the VRF, or the
ipv6 unicast address family. So I had to enable the ipv4 address-family under the VRF
and define a loopback address in the VRF to use as the router-id. Very silly indeed.
vrf definition CUSTOMER1
rd [Link]:100
!
address-family ipv4
exit-address-family
!
address-family ipv6
route-target export 100:1
route-target import 100:1
exit-address-family
!
interface Loopback4
vrf forwarding CUSTOMER1
ip address [Link] [Link]
!
router bgp 100
bgp router-id vrf auto-assign
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor [Link] remote-as 100
neighbor [Link] update-source Loopback0
!
address-family vpnv6
neighbor [Link] activate
neighbor [Link] send-community extended
exit-address-family
!
address-family ipv6 vrf CUSTOMER1
no synchronization
neighbor [Link] remote-as 65123
neighbor [Link] activate
exit-address-family
VRF assigned to the CE-PE link. IPv6 unicast running with the CPE and VPNv6
running with the Junos PE R3 router.
Verification
[Link] 4/11
�11/28/2016 6pe | Darren's Blog
Verification
Let’s first check if our VPNv6 sessions are up:
7200_SRD_R4#show bgp vpnv6 unicast all neighbors [Link] | include
state|fam$
BGP state = Established, up for [Link]
Address family VPNv6 Unicast: advertised and received
For address family: VPNv6 Unicast
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
USER3:R3> show bgp neighbor [Link] | match "Estab|NLRI"
Type: Internal State: Established Flags:
NLRI for restart configured on peer: inet6-vpn-unicast
NLRI advertised by peer: inet6-vpn-unicast
NLRI for this session: inet6-vpn-unicast
Sessions are up and running the VPNv6 family.
Can the CE’s ping each other from their IPv6 loopbacks?
USER7:R7> ping [Link] source [Link] rapid count 5
PING6(56=40+8+8 bytes) [Link] --> [Link]
!!!!!
--- [Link] ping6 statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/std-dev = 1.520/1.726/1.997/0.195 ms
USER6:R6> ping [Link] source [Link] rapid count 5
PING6(56=40+8+8 bytes) [Link] --> [Link]
!!!!!
--- [Link] ping6 statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/std-dev = 1.533/1.706/1.968/0.147 ms
No problems there :)
SHARE THIS:
Twitter Google LinkedIn Facebook 1 Reddit
March 7, 2013 Brocade, CCIE, JNCIE, Juniper 6pe, 6vpe, brocade, cisco, IOS, Juniper, junos, ldp,
mpls, netiron, provider, service, service provider, sp, vpnv6 Leave a comment
[Link] 5/11
�11/28/2016 6pe | Darren's Blog
IPv6 over IPv4 MPLS Core Interop – IOS,
Junos, Netiron – Part 1 of 2 – 6PE
I wanted to test 6PE and 6VPE interoperability with the three major vendors. As
always I’m stuck with IOS only in the Cisco world for now, but what can I do. This
test will run over a Junos MPLS core. All my MPLS labs thus far has been using RSVP,
so let’s change this to LDP for now just to mix things up a bit.
6PE allows you to run IPv6 transport over a IPv4 MPLS core. MPLS does not have
native label support for IPv6 addresses, at least yet. This means if you need to
transport IPv6 traffic over your MPLS core, you need to tunnel it over IPv4. 6PE is
one of those ways. 6VPE is essentially MPLS layer 3 VPN for IPv6 over an IPv4 as
opposed to 6PE which is simple IPv6 over an IPv4 MPLS core.
6PE
There is no need to worry about CPE kit for now. I’ll simply have an IPv6 loopback
address on R3, R4, and R8. These PE routers will peer over MP-BGP over the IPv4-
only core.
R3 – Junos
[Link] 6/11
�11/28/2016 6pe | Darren's Blog
R3 – Junos
interfaces {
ae1 {
unit 13 {
vlan-id 13;
family inet {
address [Link]/30;
}
family inet6;
family mpls;
}
lo0 {
unit 3 {
family inet {
address [Link]/32;
}
family inet6 {
address [Link]/128;
}
}
}
}
protocols {
mpls {
ipv6-tunneling;
interface ae1.13;
}
bgp {
group 6PE {
family inet6 {
labeled-unicast {
explicit-null;
}
}
export LOOPBACK;
peer-as 100;
neighbor [Link];
neighbor [Link];
}
}
ldp {
interface ae1.13;
}
}
policy-options {
policy-statement LOOPBACK {
from {
protocol direct;
route-filter [Link]/128 exact;
}
then accept;
}
}
routing-options {
[Link] 7/11
�11/28/2016 6pe | Darren's Blog
autonomous-system 100;
}
Junos requires you to active the family inet6 address family on the core-facing
interface, even if no address is applied. LDP is configured. BGP has been configured
with family inet6 address family only. You also need to send labelled unicast as well
as explicit-null. Junos will not commit if you leave this out.
I’ve then redistributed my IPv6 loopback address into BGP.
R4 – IOS
interface Loopback6
no ip address
ipv6 address [Link]/128
!
interface Loopback0
ip address [Link] [Link]
ip ospf 1 area 0
!
interface FastEthernet1/0.24
encapsulation dot1Q 24
ip address [Link] [Link]
ip ospf network point-to-point
mpls ip
!
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor [Link] remote-as 100
neighbor [Link] update-source Loopback0
neighbor [Link] remote-as 100
neighbor [Link] update-source Loopback0
!
address-family ipv6
no synchronization
network [Link]/128
neighbor [Link] activate
neighbor [Link] send-label
neighbor [Link] activate
neighbor [Link] send-label
exit-address-family
IOS is a bit easier. Create my loopback, IPv6 unicast BGP sessions with send-label
configured, and advertise IPv6 loopback.
R8 – Netiron
[Link] 8/11
�11/28/2016 6pe | Darren's Blog
interface loopback 1
ip ospf area 0
ip address [Link]/32
ipv6 address [Link]/128
!
router bgp
local-as 100
next-hop-mpls
neighbor [Link] remote-as 100
neighbor [Link] update-source [Link]
neighbor [Link] remote-as 100
neighbor [Link] update-source [Link]
address-family ipv6 unicast
network [Link]/128
neighbor [Link] activate
neighbor [Link] send-label
neighbor [Link] activate
neighbor [Link] send-label
exit-address-family
!
router mpls
mpls-interface ve2
ldp-enable
Very similar to IOS here.
Verification
First let’s see if each of our boxes has the IPv6 routes to the others loopbacks:
USER3:R3> show route [Link]/128
inet6.0: 9 destinations, 10 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
[Link]/128
*[BGP/170] [Link], MED 0, localpref 100, from [Link]
AS path: I
> to [Link] via ae1.13, Push 16, Push 300016(top)
USER3:R3> show route [Link]/128
inet6.0: 9 destinations, 10 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
[Link]/128
*[BGP/170] [Link], MED 0, localpref 100, from [Link]
AS path: I
> to [Link] via ae1.13, Push 794624, Push 300048(top)
[Link] 9/11
�11/28/2016 6pe | Darren's Blog
7200_SRD_R4#show ipv6 route [Link]/128
Routing entry for [Link]/128
Known via "bgp 100", distance 200, metric 0, type internal
Route count is 1/1, share count 0
Routing paths:
[Link]%default indirectly connected
MPLS Required
Last updated [Link] ago
7200_SRD_R4#show ipv6 route [Link]/128
Routing entry for [Link]/128
Known via "bgp 100", distance 200, metric 0, type internal
Route count is 1/1, share count 0
Routing paths:
[Link]%default indirectly connected
MPLS Required
Last updated [Link] ago
SSH@XMR_R8#show ipv6 route [Link]/128
Type Codes - B:BGP C:Connected I:ISIS L:Local O:OSPF R:RIP S:Static
BGP Codes - i:iBGP e:eBGP
ISIS Codes - L1:Level-1 L2:Level-2
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2
STATIC Codes - d:DHCPv6
Type IPv6 Prefix Next Hop Router Interface Dis/Metric
Uptime src-vrf
Bi [Link]/128
:: LDP (5) 200/0
8m3s -
label information: 2(OUT)
SSH@XMR_R8#show ipv6 route [Link]/128
Type Codes - B:BGP C:Connected I:ISIS L:Local O:OSPF R:RIP S:Static
BGP Codes - i:iBGP e:eBGP
ISIS Codes - L1:Level-1 L2:Level-2
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2
STATIC Codes - d:DHCPv6
Type IPv6 Prefix Next Hop Router Interface Dis/Metric
Uptime src-vrf
Bi [Link]/128
:: LDP (3) 200/0
7m25s -
label information: 16(OUT)
Control plane looks fine. Routes are installed with next-hops associated with labels.
Let’s see if data actually flows:
USER3:R3> ping [Link] source [Link] rapid count 5
PING6(56=40+8+8 bytes) [Link] --> [Link]
!!!!!
--- [Link] ping6 statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/std-dev = 1.262/1.399/1.789/0.196 ms
[Link] 10/11
�11/28/2016 6pe | Darren's Blog
7200_SRD_R4#ping [Link] source lo6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to [Link], timeout is 2 seconds:
Packet sent with a source address of [Link]
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms
SSH@XMR_R8#ping ipv6 [Link] source [Link] count 5
Sending 5, 16-byte ICMPv6 Echo to [Link]
timeout 5000 msec, Hop Limit 64
Type Control-c to abort
Reply from [Link] bytes=16 time=1ms Hop Limit=64
Reply from [Link] bytes=16 time<1ms Hop Limit=64
Reply from [Link] bytes=16 time<1ms Hop Limit=64
Reply from [Link] bytes=16 time<1ms Hop Limit=64
Reply from [Link] bytes=16 time<1ms Hop Limit=64
Success rate is 100 percent (5/5), round-trip min/avg/max=0/0/1 ms.
All looks good to me.
You can find part 2 here: h[Link]
SHARE THIS:
Twitter Google LinkedIn Facebook Reddit
March 6, 2013 Brocade, CCIE, Juniper 6pe, 7200, 7206, brocade, cisco, IOS, ipv6, Juniper, junos,
ldp, mlx, mlx-e, netiron, rsvp, vxr, xmr 5 Comments
Proudly powered by WordPress
© 2009-2016 Darren O'Connor All Rights Reserved -- Copyright notice by Blog Copyright
[Link] 11/11
