IPv6 in Cisco or the future is near (Part 2)
I publish the continuation of this article.
The default IPv6 routing table contains not only directly connected grids, but also local addresses. In addition, it has a route to the group addresses.
')
In a familiar way, static routes in IPv6 are defined. The only thing I would like to note is that when using link-local addresses, in addition to the address of the next hop, you must also specify an interface.
Configuring dynamic routing in IPv6 is a bit more complicated. First, the network command is no longer used to add an interface to the routing process. Instead, the interface must be given an ipv6 eigrp 1 command to enable EIGRP 1, or ipv6 ospf 1 area 0 to add an interface to the backbone of the OSPF 1 process. The EIGRP routing process for IPv6 is disabled by default, so you will need to enable it, but “pleasant “A feature is the need to monitor the router-id setting. With IPv4 routing, this parameter could be assigned manually or automatically selected based on the IP addresses assigned to the interfaces. If the device does not have IPv4 addresses at all, then the router-id for IPv6 dynamic routing processes can only be assigned manually.
For the elementary network shown in the diagram below, we will configure EIGRP. Router R1 on the Gi0 / 0 interface has the address 2001: db8 :: 1/64, R2 - 2001: db8 :: 2/64.
First configure the router R1.
We introduce similar commands on R2, after this EIGRP-neighborhood is established between two routers.
On each of the routers we will create the Loopback1 interface, which will emulate the connected networks. Assign the IPv6 address 2001: db8: 1 :: 1/64 to the R1 interface Loopback1, and R2 to 2001: db8: 2 :: 1/64. You can transfer information about new networks to the dynamic routing protocol in two ways: include the new interface into the corresponding protocol, or redistribute the routes (redistribute). The only thing to be remembered in the second case is the need to specify the metrics. The metric can be specified either explicitly for each redistribution, or using the default-metric command. This action is completely analogous to IPv4, so we will not dwell in detail.
Output from router R1.
Output from R2 router.
If the network uses the BGP protocol, then they will have to take a slightly different approach to manage it: BGP does not create different processes for IPv4 and IPv6. Instead, within a single "parent" process, the division into IP protocol versions is done using the address-family command. Below is the output from router R1. R2 setup is similar.
At the time of this writing (late March 2014), the global routing table (BGP full view or BGP full table) contained approximately 500,000 prefixes for IPv4 and about 17,000 entries for IPv6.
Configuring OSPF to work on an IPv6 network is done in a similar way. The protocol to enable and configure is called OSPFv3. It is completely independent of IPv4. The third version of the protocol contains a number of changes and additions in comparison with the previous implementation of OSPF.
Access lists also have minor changes. So, for example, installing a sheet on an interface is done with the ipv6 traffic-filter command, for example, ipv6 traffic-filter TEST in.
After installing the TEST sheet on the Gi0 / 0 interface in the above diagram, router R2 stops responding to ICMP echo requests.
An equally interesting question relates to the operation of tunnels that support IPv6. The simplest tunnels in an IPv4 environment were IPIP (IP-in-IP) and GRE. When using GRE with the introduction of IPv6 for the administrator, almost nothing changes, but there is no IPv6 support in the IPIP. Instead of IPIP, you can use IPv6IP. A nice feature of GRE is its versatility, thanks to which you can transfer IPv4 and IPv6 protocols both on top of the transport network from IPv4 and on top of the IPv6 network. The ip or ipv6 keywords are responsible for selecting the transport network protocol after the tunnel mode gre command.
Let's return to our scheme and configure the GRE tunnel between the two routers so that the IPv4 protocol runs on top of it, and the tunnel itself exists in the existing IPv6 network. The listing below shows the configuration of the tunnel interface of router R1. R2 is configured similarly.
Today, most likely, the administrator will face the opposite situation: you will need to send IPv6 traffic over the IPv4 network. The configuration in this case is symmetrical: the IPv4 and IPv6 settings are swapped.
In addition to these tunnels, there are several common types: 6to4, 6in4, 6rd, Teredo, ISATAP, but their consideration goes far beyond the scope of this material. The coexistence of IPv4 and IPv6 networks can occur in one of three scenarios: using the various tunnels mentioned above in dual stack mode, in which both IP versions are supported by all devices at the same time or via broadcasts, for example, NAT-PT.
Virtual Routing Processes (VRF)
Another topic that I would like to touch upon in a brief review of IPv6 is VRF. Configuring VRF in a multiprotocol environment is done a little differently - without specifying the key ip at the beginning. It also uses the address-family approach that we saw when configuring BGP. When creating a VRF, the definition keyword is used.
Adding a routing protocol to the VRF is also done using the address-family option. You can add not only named processes to a VRF, but numbered ones as well.
Concluding this introductory piece, I would like to note the following.
1. It has become more difficult for administrators to memorize the addressing of their networks.
2. It is required to get comfortable with a long record of networks / hosts in IPv6.
3. You need to get used to and master the automatic search and study of neighbors (routers and end stations), to accept the lack of broadcasting.
4. The presence of channel information about the site immediately in the IP-address. The ARP protocol (or others) is no longer required in most cases - EUI-64 is enough to define a host.
5. The devil is not so terrible as it is painted: IP is IP - ideologically everything is very close, the replacement of transport does not significantly affect the ideology of modern data transmission networks.
6. The use of NAT / PAT network address translation in IPv6, a fairly resource-intensive operation, is no longer required in most situations.
7. There can be several hosts on the network with absolutely identical valid routable IPv6 addresses. This is the so-called anycast. You should also get used to the presence of non-routable link-local addresses from the same subnet of addresses on different interfaces of routers.
8. You can gradually migrate from IPv4 to IPv6, or you can support both protocols for the time needed to go global to IPv6.
9. Cisco and other network equipment manufacturers have long been ready to move to IPv6. The case for administrators.
PS It turned out a bit cumbersome - I wanted to meet the two publications.
Once again, I thank Maxim Klimanov (www.foxnetwork.ru) for the alpha authorship of the article and the joint development of our resources - foxnetwork and www.anticisco.ru !
PPS By the way, how do you get invites now? Maxim asked, but I don’t have it already, I distributed everything ...
Static routes
The default IPv6 routing table contains not only directly connected grids, but also local addresses. In addition, it has a route to the group addresses.
R1#show ipv6 routing IPv6 Routing Table - Default - 3 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route HA - Home Agent, MR - Mobile Router, R - RIP, I1 - ISIS L1 I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP EX - EIGRP external C 2001:DB8::/64 [0/0] via GigabitEthernet0/0, directly connected L 2001:DB8::1/128 [0/0] via GigabitEthernet0/0, receive L FF00::/8 [0/0] via Null0, receive ')
In a familiar way, static routes in IPv6 are defined. The only thing I would like to note is that when using link-local addresses, in addition to the address of the next hop, you must also specify an interface.
R1#conf t R1(config)#ipv6 route ::/0 gi0/0 FE80::C801:42FF:FEA4:8 R1(config)#^Z R1#show ipv6 routing IPv6 Routing Table - Default - 4 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route HA - Home Agent, MR - Mobile Router, R - RIP, I1 - ISIS L1 I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP EX - EIGRP external S ::/0 [1/0] via FE80::C801:42FF:FEA4:8, GigabitEthernet0/0 C 2001:DB8::/64 [0/0] via GigabitEthernet0/0, directly connected L 2001:DB8::1/128 [0/0] via GigabitEthernet0/0, receive L FF00::/8 [0/0] via Null0, receive Dynamic routing
Configuring dynamic routing in IPv6 is a bit more complicated. First, the network command is no longer used to add an interface to the routing process. Instead, the interface must be given an ipv6 eigrp 1 command to enable EIGRP 1, or ipv6 ospf 1 area 0 to add an interface to the backbone of the OSPF 1 process. The EIGRP routing process for IPv6 is disabled by default, so you will need to enable it, but “pleasant “A feature is the need to monitor the router-id setting. With IPv4 routing, this parameter could be assigned manually or automatically selected based on the IP addresses assigned to the interfaces. If the device does not have IPv4 addresses at all, then the router-id for IPv6 dynamic routing processes can only be assigned manually.
For the elementary network shown in the diagram below, we will configure EIGRP. Router R1 on the Gi0 / 0 interface has the address 2001: db8 :: 1/64, R2 - 2001: db8 :: 2/64.
First configure the router R1.
R1#conf t R1(config)#ipv6 router eigrp 1 R1(config-rtr)#no shut R1(config-rtr)#eigrp router-id 1.1.1.1 R1(config-rtr)#int gi0/0 R1(config-if)#ipv6 eigrp 1 R1(config-if)#^Z R1#show ipv6 eigrp interfaces EIGRP-IPv6 Interfaces for AS(1) Xmit Queue PeerQ Mean Pacing Time Multicast Pending Interface Peers Un/Reliable Un/Reliable SRTT Un/Reliable Flow Timer Routes Gi0/0 0 0/0 0/0 0 0/0 0 0 R1#show ipv6 eigrp neighbors EIGRP-IPv6 Neighbors for AS(1) We introduce similar commands on R2, after this EIGRP-neighborhood is established between two routers.
R1# *Mar 21 12:01:13.763: %DUAL-5-NBRCHANGE: EIGRP-IPv6 1: Neighbor FE80::C80E:21FF:FEE4:8 (GigabitEthernet0/0) is up: new adjacency R1#show ipv6 eigrp neighbors EIGRP-IPv6 Neighbors for AS(1) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 Link-local address: Gi0/0 11 00:00:15 40 240 0 2 FE80::C80E:21FF:FEE4:8 On each of the routers we will create the Loopback1 interface, which will emulate the connected networks. Assign the IPv6 address 2001: db8: 1 :: 1/64 to the R1 interface Loopback1, and R2 to 2001: db8: 2 :: 1/64. You can transfer information about new networks to the dynamic routing protocol in two ways: include the new interface into the corresponding protocol, or redistribute the routes (redistribute). The only thing to be remembered in the second case is the need to specify the metrics. The metric can be specified either explicitly for each redistribution, or using the default-metric command. This action is completely analogous to IPv4, so we will not dwell in detail.
Output from router R1.
R1#show ipv6 route IPv6 Routing Table - default - 6 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, R - RIP, H - NHRP, I1 - ISIS L1 I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1 OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP C 2001:DB8::/64 [0/0] via GigabitEthernet0/0, directly connected L 2001:DB8::1/128 [0/0] via GigabitEthernet0/0, receive C 2001:DB8:1::/64 [0/0] via Loopback1, directly connected L 2001:DB8:1::1/128 [0/0] via Loopback1, receive EX 2001:DB8:2::/64 [170/2560512] via FE80::C80E:21FF:FEE4:8, GigabitEthernet0/0 L FF00::/8 [0/0] via Null0, receive R1#show run int loop 1 ! interface Loopback1 ipv6 address 2001:DB8:1::1/64 ipv6 eigrp 1 end R1#show run | sec router ipv6 router eigrp 1 eigrp router-id 1.1.1.1 Output from R2 router.
R2#show ipv6 route IPv6 Routing Table - default - 6 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, R - RIP, H - NHRP, I1 - ISIS L1 I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1 OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP C 2001:DB8::/64 [0/0] via GigabitEthernet0/0, directly connected L 2001:DB8::2/128 [0/0] via GigabitEthernet0/0, receive D 2001:DB8:1::/64 [90/130816] via FE80::C80D:1EFF:FE28:8, GigabitEthernet0/0 C 2001:DB8:2::/64 [0/0] via Loopback1, directly connected L 2001:DB8:2::1/128 [0/0] via Loopback1, receive L FF00::/8 [0/0] via Null0, receive R2#sho run int loop 1 interface Loopback1 ipv6 address 2001:DB8:2::1/64 end R2#show run | sec router ipv6 router eigrp 1 eigrp router-id 2.2.2.2 redistribute connected default-metric 1000 1 100 100 1500 If the network uses the BGP protocol, then they will have to take a slightly different approach to manage it: BGP does not create different processes for IPv4 and IPv6. Instead, within a single "parent" process, the division into IP protocol versions is done using the address-family command. Below is the output from router R1. R2 setup is similar.
R1#show run | sec router bgp router bgp 65001 bgp router-id 1.1.1.1 bgp log-neighbor-changes neighbor 2001:DB8::2 remote-as 65002 ! address-family ipv4 no neighbor 2001:DB8::2 activate exit-address-family ! address-family ipv6 network 2001:DB8:1::/64 neighbor 2001:DB8::2 activate exit-address-family ! R1#show bgp ipv6 unicast summary BGP router identifier 1.1.1.1, local AS number 65001 BGP table version is 3, main routing table version 3 2 network entries using 336 bytes of memory 2 path entries using 208 bytes of memory 2/2 BGP path/bestpath attribute entries using 272 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 840 total bytes of memory BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 2001:DB8::2 4 65002 12 12 3 0 0 00:07:34 1 ! ! R1#show bgp ipv6 unicast BGP table version is 3, local router ID is 1.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 2001:DB8:1::/64 :: 0 32768 i *> 2001:DB8:2::/64 2001:DB8::2 0 0 65002 i At the time of this writing (late March 2014), the global routing table (BGP full view or BGP full table) contained approximately 500,000 prefixes for IPv4 and about 17,000 entries for IPv6.
Configuring OSPF to work on an IPv6 network is done in a similar way. The protocol to enable and configure is called OSPFv3. It is completely independent of IPv4. The third version of the protocol contains a number of changes and additions in comparison with the previous implementation of OSPF.
interface GigabitEthernet0/0 ipv6 enable ipv6 ospf 1 area 0 router ospfv3 1 router-id 1.1.1.1 address-family ipv6 unicast redistribute connected exit-address-family Access lists
Access lists also have minor changes. So, for example, installing a sheet on an interface is done with the ipv6 traffic-filter command, for example, ipv6 traffic-filter TEST in.
R2#show run | section access ipv6 access-list TEST deny icmp any any echo-reply deny icmp any any echo-request permit ipv6 any any ! R2#show ipv6 access-list IPv6 access list test deny icmp any any echo-reply sequence 10 deny icmp any any echo-request (5 matches) sequence 20 permit ipv6 any any (28 matches) sequence 30 interface GigabitEthernet0/0 ipv6 address 2001:DB8::2/64 ipv6 eigrp 1 ipv6 traffic-filter TEST in After installing the TEST sheet on the Gi0 / 0 interface in the above diagram, router R2 stops responding to ICMP echo requests.
R1#ping 2001:db8::2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8::2, timeout is 2 seconds: AAAAA Success rate is 0 percent (0/5) IPv4 and IPv6 Tunneling
An equally interesting question relates to the operation of tunnels that support IPv6. The simplest tunnels in an IPv4 environment were IPIP (IP-in-IP) and GRE. When using GRE with the introduction of IPv6 for the administrator, almost nothing changes, but there is no IPv6 support in the IPIP. Instead of IPIP, you can use IPv6IP. A nice feature of GRE is its versatility, thanks to which you can transfer IPv4 and IPv6 protocols both on top of the transport network from IPv4 and on top of the IPv6 network. The ip or ipv6 keywords are responsible for selecting the transport network protocol after the tunnel mode gre command.
Let's return to our scheme and configure the GRE tunnel between the two routers so that the IPv4 protocol runs on top of it, and the tunnel itself exists in the existing IPv6 network. The listing below shows the configuration of the tunnel interface of router R1. R2 is configured similarly.
R1#show run int tunnel 1 interface Tunnel1 ip address 192.168.0.1 255.255.255.252 tunnel source GigabitEthernet0/0 tunnel mode gre ipv6 tunnel destination 2001:DB8::2 tunnel path-mtu-discovery end R1#ping 192.168.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 48/87/120 ms Today, most likely, the administrator will face the opposite situation: you will need to send IPv6 traffic over the IPv4 network. The configuration in this case is symmetrical: the IPv4 and IPv6 settings are swapped.
In addition to these tunnels, there are several common types: 6to4, 6in4, 6rd, Teredo, ISATAP, but their consideration goes far beyond the scope of this material. The coexistence of IPv4 and IPv6 networks can occur in one of three scenarios: using the various tunnels mentioned above in dual stack mode, in which both IP versions are supported by all devices at the same time or via broadcasts, for example, NAT-PT.
Virtual Routing Processes (VRF)
Another topic that I would like to touch upon in a brief review of IPv6 is VRF. Configuring VRF in a multiprotocol environment is done a little differently - without specifying the key ip at the beginning. It also uses the address-family approach that we saw when configuring BGP. When creating a VRF, the definition keyword is used.
R1#conf t R1(config)#vrf definition test R1(config-vrf)#rd 1:1 R1(config-vrf)#address-family ? ipv4 Address family ipv6 Address family R1(config-vrf)#address-family ipv6 R1(config-vrf-af)#? R1(config-vrf-af)#int loop 2 R1(config-if)#vrf forwarding test R1(config-if)#^Z R1#show vrf Name Default RD Protocols Interfaces test 1:1 ipv6 Lo2 Adding a routing protocol to the VRF is also done using the address-family option. You can add not only named processes to a VRF, but numbered ones as well.
R1#show run | sec router router eigrp test address-family ipv6 unicast vrf test autonomous-system 1 topology base exit-af-topology eigrp router-id 1.1.1.1 exit-address-family ! R1#show run int gi0/0 interface GigabitEthernet0/0 vrf forwarding test ipv6 address 2001:DB8::1/64 end ! R1#sho ipv route vrf test IPv6 Routing Table - test - 4 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, R - RIP, H - NHRP, I1 - ISIS L1 I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1 OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP C 2001:DB8::/64 [0/0] via GigabitEthernet0/0, directly connected L 2001:DB8::1/128 [0/0] via GigabitEthernet0/0, receive D 2001:DB8:2::/64 [90/2570240] via FE80::C80E:21FF:FEE4:8, GigabitEthernet0/0 L FF00::/8 [0/0] via Null0, receive ! R1#show eigrp address-family ipv6 vrf test neighbors EIGRP-IPv6 VR(test) Address-Family Neighbors for AS(1) VRF() H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 Link-local address: Gi0/0 10 00:01:53 56 336 0 3 FE80::C80E:21FF:FEE4:8 Concluding this introductory piece, I would like to note the following.
1. It has become more difficult for administrators to memorize the addressing of their networks.
2. It is required to get comfortable with a long record of networks / hosts in IPv6.
3. You need to get used to and master the automatic search and study of neighbors (routers and end stations), to accept the lack of broadcasting.
4. The presence of channel information about the site immediately in the IP-address. The ARP protocol (or others) is no longer required in most cases - EUI-64 is enough to define a host.
5. The devil is not so terrible as it is painted: IP is IP - ideologically everything is very close, the replacement of transport does not significantly affect the ideology of modern data transmission networks.
6. The use of NAT / PAT network address translation in IPv6, a fairly resource-intensive operation, is no longer required in most situations.
7. There can be several hosts on the network with absolutely identical valid routable IPv6 addresses. This is the so-called anycast. You should also get used to the presence of non-routable link-local addresses from the same subnet of addresses on different interfaces of routers.
8. You can gradually migrate from IPv4 to IPv6, or you can support both protocols for the time needed to go global to IPv6.
9. Cisco and other network equipment manufacturers have long been ready to move to IPv6. The case for administrators.
PS It turned out a bit cumbersome - I wanted to meet the two publications.
Once again, I thank Maxim Klimanov (www.foxnetwork.ru) for the alpha authorship of the article and the joint development of our resources - foxnetwork and www.anticisco.ru !
PPS By the way, how do you get invites now? Maxim asked, but I don’t have it already, I distributed everything ...
Source: https://habr.com/ru/post/223523/
All Articles