11/28/2016 6pe | Darren's Blog

Darren's Blog
Google Engineer. Dual CCIE #38070. JNCIE-SP #2227

Tag: 6pe

IPv6 over IPv4 MPLS Core Interop – IOS,

Junos, Netiron – Part 2 of 2 – 6VPE
This is part two of my blog started here: http://mellowd.co.uk/ccie/?p=3300

Same diagram as last time:

This time each CPE is going to be connected to a VRF on the PE router. I’m only using
one customer for this post, but this is regular L3VPN so scale as you see fit.

Major issue with the Netiron. It doesn’t support the VPNV6 adress family :( – I’m
using the latest 5.4b code and nothing. So this means this is a Junos/IOS lab only

CPE config
https://mellowd.co.uk/ccie/?tag=6pe 1/11
11/28/2016 6pe | Darren's Blog

CPE config
All the CPEs are running BGP with their directly connected PE routers. All are
advertising reachability to their IPv6 loopback addresses to their PE router. I’m only
showing R6’s config as the others are the same with different addresses:

interfaces {
ae1 {
unit 36 {
vlan-id 36;
family inet6 {
address 2001:db8:36::6/64;
}
}
lo0 {
unit 6 {
family inet6 {
address 2001:db8:6666::6666/128;
}
}
}
}
protocols {
bgp {
group PROVIDER {
family inet6 {
unicast;
}
export LOOPBACK;
neighbor 2001:db8:36::3 {
peer-as 100;
}
}
}
}
policy-options {
policy-statement LOOPBACK {
from {
protocol direct;
route-filter 2001:db8:6666::6666/128 exact;
}
then accept;
}
}
routing-options {
router-id 6.6.6.6;
autonomous-system 65123 loops 2;
}

You’ll need to statically define your router-id for all sites. If a router is running ONLY
IPv6, or your VRF ONLY has a IPv6 address, then the router has no IPv4 address to

https://mellowd.co.uk/ccie/?tag=6pe 2/11
11/28/2016 6pe | Darren's Blog

choose it’s router-id from. This will be a common theme throughout as you’ll also
need to set router-ids in IPv6-only VRF instances.

PE config

Junos

First we need to set up the VRF to the customer and run BGP. We then need to enable
the VPNV6 family in BGP. I’m going to remove the old IPv6 unicast config used in
part one of this series.

USER3:R3> show configuration protocols

mpls {
ipv6-tunneling;
interface ae1.13;
}
bgp {
group 6VPE {
family inet6-vpn {
unicast;
}
peer-as 100;
neighbor 4.4.4.4;
}
}

USER3:R3> show configuration routing-instances

CUSTOMER1 {
instance-type vrf;
interface fe-0/0/3.36;
route-distinguisher 3.3.3.3:1;
vrf-target target:100:1;
routing-options {
router-id 3.3.3.3;
}
protocols {
bgp {
group EXTERNAL {
advertise-peer-as;
family inet6 {
unicast;
}
neighbor 2001:db8:36::6 {
peer-as 65123;
}
}
}
}
}

https://mellowd.co.uk/ccie/?tag=6pe 3/11
11/28/2016 6pe | Darren's Blog

IPv6 address family running with the customer. VPNv6 address family running with
IOS PE R4. Note that I have to use ‘advertise-peer-as’ on R3 as Junos will not advertise
a route to an AS that already has the AS number in the path by default.

IOS

The main issue with IOS is that I cannot statically definate a BGP router-id if I’m
ONLY running IPv6. BGP requires a router-id on the x.x.x.x format. IOS does not give
me the option to hard-code a router-id under the BGP process for the VRF, or the
ipv6 unicast address family. So I had to enable the ipv4 address-family under the VRF
and define a loopback address in the VRF to use as the router-id. Very silly indeed.

vrf definition CUSTOMER1

rd 4.4.4.4:100
!
address-family ipv4
exit-address-family
!
address-family ipv6
route-target export 100:1
route-target import 100:1
exit-address-family
!
interface Loopback4
vrf forwarding CUSTOMER1
ip address 4.4.4.4 255.255.255.255
!
router bgp 100
bgp router-id vrf auto-assign
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
!
address-family vpnv6
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family ipv6 vrf CUSTOMER1
no synchronization
neighbor 2001:DB8:47::7 remote-as 65123
neighbor 2001:DB8:47::7 activate
exit-address-family

VRF assigned to the CE-PE link. IPv6 unicast running with the CPE and VPNv6
running with the Junos PE R3 router.

Verification
https://mellowd.co.uk/ccie/?tag=6pe 4/11
11/28/2016 6pe | Darren's Blog

Verification
Let’s first check if our VPNv6 sessions are up:

7200_SRD_R4#show bgp vpnv6 unicast all neighbors 3.3.3.3 | include

state|fam$
BGP state = Established, up for 03:09:47
Address family VPNv6 Unicast: advertised and received
For address family: VPNv6 Unicast
Connection state is ESTAB, I/O status: 1, unread input bytes: 0

USER3:R3> show bgp neighbor 4.4.4.4 | match "Estab|NLRI"

Type: Internal State: Established Flags:
NLRI for restart configured on peer: inet6-vpn-unicast
NLRI advertised by peer: inet6-vpn-unicast
NLRI for this session: inet6-vpn-unicast

Sessions are up and running the VPNv6 family.

Can the CE’s ping each other from their IPv6 loopbacks?

USER7:R7> ping 2001:db8:6666::6666 source 2001:db8:7777::7777 rapid count 5

PING6(56=40+8+8 bytes) 2001:db8:7777::7777 --> 2001:db8:6666::6666
!!!!!
--- 2001:db8:6666::6666 ping6 statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/std-dev = 1.520/1.726/1.997/0.195 ms

USER6:R6> ping 2001:db8:7777::7777 source 2001:db8:6666::6666 rapid count 5

PING6(56=40+8+8 bytes) 2001:db8:6666::6666 --> 2001:db8:7777::7777
!!!!!
--- 2001:db8:7777::7777 ping6 statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/std-dev = 1.533/1.706/1.968/0.147 ms

No problems there :)

SHARE THIS:

 Twitter  Google  LinkedIn  Facebook 1  Reddit

 March 7, 2013  Brocade, CCIE, JNCIE, Juniper  6pe, 6vpe, brocade, cisco, IOS, Juniper, junos, ldp,

mpls, netiron, provider, service, service provider, sp, vpnv6  Leave a comment

https://mellowd.co.uk/ccie/?tag=6pe 5/11
11/28/2016 6pe | Darren's Blog

IPv6 over IPv4 MPLS Core Interop – IOS,

Junos, Netiron – Part 1 of 2 – 6PE
I wanted to test 6PE and 6VPE interoperability with the three major vendors. As
always I’m stuck with IOS only in the Cisco world for now, but what can I do. This
test will run over a Junos MPLS core. All my MPLS labs thus far has been using RSVP,
so let’s change this to LDP for now just to mix things up a bit.

6PE allows you to run IPv6 transport over a IPv4 MPLS core. MPLS does not have
native label support for IPv6 addresses, at least yet. This means if you need to
transport IPv6 traffic over your MPLS core, you need to tunnel it over IPv4. 6PE is
one of those ways. 6VPE is essentially MPLS layer 3 VPN for IPv6 over an IPv4 as
opposed to 6PE which is simple IPv6 over an IPv4 MPLS core.

6PE
There is no need to worry about CPE kit for now. I’ll simply have an IPv6 loopback
address on R3, R4, and R8. These PE routers will peer over MP-BGP over the IPv4-
only core.

R3 – Junos
https://mellowd.co.uk/ccie/?tag=6pe 6/11
11/28/2016 6pe | Darren's Blog

R3 – Junos

interfaces {
ae1 {
unit 13 {
vlan-id 13;
family inet {
address 10.0.4.13/30;
}
family inet6;
family mpls;
}
lo0 {
unit 3 {
family inet {
address 3.3.3.3/32;
}
family inet6 {
address 2001:db8:3333::3333/128;
}
}
}
}
protocols {

mpls {
ipv6-tunneling;
interface ae1.13;
}
bgp {
group 6PE {
family inet6 {
labeled-unicast {
explicit-null;
}
}
export LOOPBACK;
peer-as 100;
neighbor 4.4.4.4;
neighbor 8.8.8.8;
}
}
ldp {
interface ae1.13;
}
}
policy-options {
policy-statement LOOPBACK {
from {
protocol direct;
route-filter 2001:db8:3333::3333/128 exact;
}
then accept;
}
}
routing-options {

https://mellowd.co.uk/ccie/?tag=6pe 7/11
11/28/2016 6pe | Darren's Blog

autonomous-system 100;
}

Junos requires you to active the family inet6 address family on the core-facing
interface, even if no address is applied. LDP is configured. BGP has been configured
with family inet6 address family only. You also need to send labelled unicast as well
as explicit-null. Junos will not commit if you leave this out.

I’ve then redistributed my IPv6 loopback address into BGP.

R4 – IOS

interface Loopback6
no ip address
ipv6 address 2001:DB8:4444::4444/128
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
ip ospf 1 area 0
!
interface FastEthernet1/0.24
encapsulation dot1Q 24
ip address 10.0.4.9 255.255.255.252
ip ospf network point-to-point
mpls ip
!
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
neighbor 8.8.8.8 remote-as 100
neighbor 8.8.8.8 update-source Loopback0
!
address-family ipv6
no synchronization
network 2001:DB8:4444::4444/128
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-label
neighbor 8.8.8.8 activate
neighbor 8.8.8.8 send-label
exit-address-family

IOS is a bit easier. Create my loopback, IPv6 unicast BGP sessions with send-label
configured, and advertise IPv6 loopback.

R8 – Netiron

https://mellowd.co.uk/ccie/?tag=6pe 8/11
11/28/2016 6pe | Darren's Blog

interface loopback 1
ip ospf area 0
ip address 8.8.8.8/32
ipv6 address 2001:db8:8888::8888/128
!
router bgp
local-as 100
next-hop-mpls
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source 8.8.8.8
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 update-source 8.8.8.8

address-family ipv6 unicast

network 2001:db8:8888::8888/128
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-label
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-label
exit-address-family
!
router mpls

mpls-interface ve2
ldp-enable

Very similar to IOS here.

Verification
First let’s see if each of our boxes has the IPv6 routes to the others loopbacks:

USER3:R3> show route 2001:db8:4444::4444/128

inet6.0: 9 destinations, 10 routes (9 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

2001:db8:4444::4444/128
*[BGP/170] 00:19:31, MED 0, localpref 100, from 4.4.4.4
AS path: I
> to 10.0.4.14 via ae1.13, Push 16, Push 300016(top)

USER3:R3> show route 2001:db8:8888::8888/128

inet6.0: 9 destinations, 10 routes (9 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

2001:db8:8888::8888/128
*[BGP/170] 21:40:12, MED 0, localpref 100, from 8.8.8.8
AS path: I
> to 10.0.4.14 via ae1.13, Push 794624, Push 300048(top)

https://mellowd.co.uk/ccie/?tag=6pe 9/11
11/28/2016 6pe | Darren's Blog

7200_SRD_R4#show ipv6 route 2001:DB8:3333::3333/128

Routing entry for 2001:DB8:3333::3333/128
Known via "bgp 100", distance 200, metric 0, type internal
Route count is 1/1, share count 0
Routing paths:
3.3.3.3%default indirectly connected
MPLS Required
Last updated 00:20:47 ago

7200_SRD_R4#show ipv6 route 2001:DB8:8888::8888/128

Routing entry for 2001:DB8:8888::8888/128
Known via "bgp 100", distance 200, metric 0, type internal
Route count is 1/1, share count 0
Routing paths:
8.8.8.8%default indirectly connected
MPLS Required
Last updated 00:21:00 ago

SSH@XMR_R8#show ipv6 route 2001:db8:3333::3333/128

Type Codes - B:BGP C:Connected I:ISIS L:Local O:OSPF R:RIP S:Static
BGP Codes - i:iBGP e:eBGP
ISIS Codes - L1:Level-1 L2:Level-2
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2
STATIC Codes - d:DHCPv6
Type IPv6 Prefix Next Hop Router Interface Dis/Metric
Uptime src-vrf
Bi 2001:db8:3333::3333/128
:: LDP (5) 200/0
8m3s -
label information: 2(OUT)
SSH@XMR_R8#show ipv6 route 2001:db8:4444::4444/128
Type Codes - B:BGP C:Connected I:ISIS L:Local O:OSPF R:RIP S:Static
BGP Codes - i:iBGP e:eBGP
ISIS Codes - L1:Level-1 L2:Level-2
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2
STATIC Codes - d:DHCPv6
Type IPv6 Prefix Next Hop Router Interface Dis/Metric
Uptime src-vrf
Bi 2001:db8:4444::4444/128
:: LDP (3) 200/0
7m25s -
label information: 16(OUT)

Control plane looks fine. Routes are installed with next-hops associated with labels.
Let’s see if data actually flows:

USER3:R3> ping 2001:db8:4444::4444 source 2001:db8:3333::3333 rapid count 5

PING6(56=40+8+8 bytes) 2001:db8:3333::3333 --> 2001:db8:4444::4444
!!!!!
--- 2001:db8:4444::4444 ping6 statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/std-dev = 1.262/1.399/1.789/0.196 ms

https://mellowd.co.uk/ccie/?tag=6pe 10/11
11/28/2016 6pe | Darren's Blog

7200_SRD_R4#ping 2001:DB8:8888::8888 source lo6

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001:DB8:8888::8888, timeout is 2 seconds:
Packet sent with a source address of 2001:DB8:4444::4444
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms

SSH@XMR_R8#ping ipv6 2001:db8:3333::3333 source 2001:db8:8888::8888 count 5

Sending 5, 16-byte ICMPv6 Echo to 2001:db8:3333::3333
timeout 5000 msec, Hop Limit 64
Type Control-c to abort
Reply from 2001:db8:3333::3333: bytes=16 time=1ms Hop Limit=64
Reply from 2001:db8:3333::3333: bytes=16 time<1ms Hop Limit=64
Reply from 2001:db8:3333::3333: bytes=16 time<1ms Hop Limit=64
Reply from 2001:db8:3333::3333: bytes=16 time<1ms Hop Limit=64
Reply from 2001:db8:3333::3333: bytes=16 time<1ms Hop Limit=64
Success rate is 100 percent (5/5), round-trip min/avg/max=0/0/1 ms.

All looks good to me.

You can find part 2 here: hhttp://mellowd.co.uk/ccie/?p=3546

SHARE THIS:

 Twitter  Google  LinkedIn  Facebook  Reddit

 March 6, 2013  Brocade, CCIE, Juniper  6pe, 7200, 7206, brocade, cisco, IOS, ipv6, Juniper, junos,

ldp, mlx, mlx-e, netiron, rsvp, vxr, xmr  5 Comments

Proudly powered by WordPress

© 2009-2016 Darren O'Connor All Rights Reserved -- Copyright notice by Blog Copyright

https://mellowd.co.uk/ccie/?tag=6pe 11/11