IPv6 cookbook
Enabling IPv6 with Internet2
Scope: Note that this isn’t about IPv6 in general, but aimed narrowly at what a participant site has to do on a Cisco or Juniper router to connect to Internet2 using IPv6. For more information about IPv6 in general, IPv6 protocols mentioned here, and for further help, see the “For more information” section at the end of this document.
There are two parts to a “native IPv6” peering arrangement with Internet2: addressing and BGP peering. This short document describes how to enable each and a few things to look for to determine whether they’re working at all. It doesn’t discuss debugging or troubleshooting strategies.
General comments for these examples
The configurations below represent what a peer might minimally do to enable IPv6 peering with Internet2. For these examples, we’ll assume a neighbor with address 2001:468:ff:1b04::2
in AS 555
, and that Internet2 has assigned the peer the 2001:468:0400::/40
network prefix.
Neighbor | Internet2 | |
Addresses | 2001:468:ff:1b04::2/64 | 2001:468:ff:1b04::1/64 |
AS number | 555 | 11537 |
Prefix | 2001:468:0400::/40 | N/A |
- There is one global router command just to enable IPv6 routing:
ipv6 unicast-routing
Cisco addressing
- Your IPv6 neighbor address will likely be assigned to you by the Internet2 NOC. You will need to add this IPv6 address to the interface you already peer with Internet2 on. Perform the following command from interface or sub-interface configuration mode:
ipv6 address 2001:468:ff:1b04::2/64
- To verify that IPv6 is enabled on an interface issue the
show ipv6interface
command. The output for an IPv6 enabled interface should look something like this:
- Router>sh ipv6 interface
- POS2/0 is up, line protocol is up
- IPv6 is enabled, link-local address is
FE80::210:1FFF:FE44:E3FF
Description: point-to-point connection to a v6 site
- Global unicast address(es):
2001:468:FF:1b04::2
, subnet is2001:468:FF:1b04::/64
- Joined group address(es):
FF02::1
FF02::1:FF44:E3FF
FF02::1:FF00:2
FF02::2
- MTU is 9180 bytes
- ICMP error messages limited to one every 500 milliseconds
- ICMP redirects are enabled
- ND DAD is enabled, number of DAD attempts: 1
- ND reachable time is 30000 milliseconds
- Hosts use stateless autoconfig for addresses.
- Global unicast address(es):
Cisco BGP
Enable IPv6 BGP:
- Within ‘router BGP’ context, configure a new neighbor in your “address-family ipv6 unicast” context.
Address-family ipv6 unicast
Neighbor 2001:468:ff:1b04::1 remote-as 11537
Neighbor 2001:468:ff:1b04::1 activate
Neighbor 2001:468:ff:1b04::1 description Internet2
Neighbor 2001:468:ff:1b04::1 prefix-list To-Internet2 out
Network 2001:468:0400::/40
- The router will move several of your commands to other areas of the BGP configuration. The above commands will result in the following showing up in your BGP router configs:
Router bgp 555
Neighbor 2001:468:ff:1b04::1 remote-as 11537
No Neighbor 2001:468:ff:1b04::1 activate
Address-family ipv6
Neighbor 2001:468:ff:1b04::1 activate
Neighbor 2001:468:ff:1b04::1 description Internet2
Neighbor 2001:468:ff:1b04::1 prefix-list To-Internet2 out
Network 2001:468:0400::/40
Note in particular how the remote-as
command was moved to a separate portion of the config. Note also the no neighbor 2001:468:ff:1b04::1 activate
command that was inserted automatically by the router. This keeps the router from attempting to bring up an IPv4 unicast BGP session to the 2001:468:ff:1b04::1
peer. This is, after all, IPv6 BGP session!
- BGP will not advertise a route if the route is not in its routing table. The
2001:468:0400::/40
is an aggregate route, and while several /64 subnets may be in the routing table, the aggregate route of2001:468:0400::/40
will not be so unless some additional action is taken the aggregated prefix will not be advertised via BGP. There are several ways to correct this. We will get the aggregate route into the routing table by creating a static route to theNULL0
pseudo-interface. In global config context, perform the following command:
- BGP will not advertise a route if the route is not in its routing table. The
ipv6 route 2001:468:0400::/40 null0
- We wish to ensure that BGP only advertises to Internet2 the aggregate route and not the more-specifics. This is done by applying an outbound prefix-list filter to the BGP session. We have performed half of this step already by specifying the prefix-list
To-Internet2
in the BGP configuration above. We must now create theTo-Internet2
prefix-list. Issue the following command in Global configuration:
- We wish to ensure that BGP only advertises to Internet2 the aggregate route and not the more-specifics. This is done by applying an outbound prefix-list filter to the BGP session. We have performed half of this step already by specifying the prefix-list
ipv6 prefix-list To-Internet2 permit 2001:468:0400::/40
- To verify the status of the IPv6 BGP session you can issue the
show bgp summary
command. You should see something like this:
- To verify the status of the IPv6 BGP session you can issue the
- Router>sh bgp summ
- BGP router identifier 134.68.253.150, local AS number 555
- BGP table version is 966002, main routing table version 966002
- 247 network entries and 247 paths using 49647 bytes of memory
- 199 BGP path attribute entries using 11940 bytes of memory
- 195 BGP AS-PATH entries using 6492 bytes of memory
- 6 BGP community entries using 144 bytes of memory
- 0 BGP route-map cache entries using 0 bytes of memory
- 0 BGP filter-list cache entries using 0 bytes of memory
- BGP activity 45970/45723 prefixes, 89859/89612 paths, scan interval 60 secs
- Neighbor Ver AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
- 2001:468:FF:1b04::1 4 11537 508349 1221557 966 0 0 2w0d 246
- This indicates that BGP has been established to the 2001:468:ff:1b04::1 peer and that this router is receiving 246 routes from that peer.
- We can ensure that we are passing a route to the BGP peer by looking at the routes this BGP session is sending to the 2001:468:ff:1b04::1 peer.
Router>sh bgp ipv6 neighbor 2001:468:FF:1b04::1 advertised
BGP table version is 966017, local router ID is 134.68.253.150
Status codes:s suppressed,d damped,h history,* valid,> best,i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network | Next Hop | Metric LocPrf Weight Path |
*> 2001:468:0400::/40 | 2001:468:FF:1b04::2 | 0 i |
- That’s it. All done.
Juniper addressing
- We will assume that the interface that peers with Internet2 is ge-2/0/0. Also, don’t forget to save and engage your changes by doing
commit
. From the interface ge-2/0/0 unit 0 edit mode, issue the following command:
- We will assume that the interface that peers with Internet2 is ge-2/0/0. Also, don’t forget to save and engage your changes by doing
set family inet6 address 2001:468:ff:1b04::2/64
- To verify that IPv6 is configured for the interface, issue the
show interface terse
command. The output should be something like this:
- To verify that IPv6 is configured for the interface, issue the
User> show interfaces at-1/2/0 terse
Interface | Admin | Link | Proto | Local | Remote |
at-1/2/0 | up | up | |||
at-1/2/0.0 | up | up | inet | 192.12.206.250/30 | |
inet6 | 2001:468:ff:1b04::2/64 | ||||
fe80::2a0:a5ff:fe3d:76c/64 |
Interface Admin Link Proto Local Remote
at-1/2/0 up up
at-1/2/0.0 up up inet 192.12.206.250/30
inet6 2001:468:ff:1b04::2/64
fe80::2a0:a5ff:fe3d:76c/64
Juniper BGP
- A new BGP session must be established using IPv6 addresses. The easiest way to do this is to create a new group. From the Protocols BGP edit mode issue set commands to create a group that looks like this:
group Peers-V6 {
type external;
export To-Internet2;
family inet6 {
any;
}
peer-as 11537;
neighbor 2001:468:FF:1b04::1 {
description “Internet2 v6 BGP Session”;
}
}
- The “To-Internet2” policy, referred to in the
export
command above, will need to be created. It should perform two functions. First, it should ensure that only the aggregate prefix2001:468:0400::/40
is advertised to Internet2, and not the more specific/64s
. In addition, the policy will set the Next-Hop for the route to Self. The following policy will do this:
- The “To-Internet2” policy, referred to in the
policy-statement To-Internet2 {
term allow {
from {
route-filter 2001:468:0400::0/40 exact;
then {
next-hop self;
accept;
}
}
term deny {
then reject;
}
- We will need to create an aggregate route, 2001:468:0400::/40, in order for BGP to advertise this route and not the more specific /64s. This can be done in the “routing-options” edit mode:
rib inet6.0 {
static {
rib-group IF6-RG6;
route 2001:468:0400::0/40 {
reject;
install;
readvertise;
}
}
}
- Note that this static route was created in the rib-group IF6-RG6.This should be replaced with the name of your inet6.0 rib-group. If you do not have an inet6.0 rib-group then you will need to create one BEFOREyou create the static route. You can do this by issuing the following command in “routing-options” edit mode:
rib-groups {
IF6-RG6 {
import-rib inet6.0;
}
}
}
- To verify that BGP has been established issue the
show bgp summary
command. The output should be something like this:
- To verify that BGP has been established issue the
User> show bgp summary
Groups: 8 Peers: 10 Down peers: 0
Table | Tot Paths | Act Paths | Suppressed | History | Damp State | Pending |
inet.0 | 6806 | 6789 | 0 | 0 | 0 | 0 |
inet.2 | 3625 | 3621 | 0 | 0 | 0 | 0 |
inet6.0 | 247 | 247 | 0 | 0 | 0 | 0 |
inet6.2 | 0 | 0 | 0 | 0 | 0 | 0 |
Peer | AS | InPkt | OutPkt | OutQ | Flaps | Last Up/Down | State|#Active/Received/Damped... |
2001:468:ff:1b04::1 | 11537 | 63536 | 42563 | 0 | 0 | 2w0d18h | inet6.0: 246/246/0 |
•You can verify that you are advertising the correct aggregate route to Internet2 by issuing the show route advertising-protocol bgp 2001:468:ff1b04::1
command. The output should be something like this:
User> show route advertising-protocol bgp 2001:468:ff:644::1
inet6.0: 258 destinations, 258 routes (258 active,0 holddown,0 hidden)
Prefix | Nexthop | MED | Lclpref AS path |
2001:468:400::/40 | Self | 0 | I |
For more information:
- Cisco web pages: including recommended releases, tutorials, sample configurations, and much more.
- Juniper web pages: including recommended releases, tutorials, sample configurations, and much more.
- Internet2 IPv6 working group
- National Center for Network Engineering (NCNE) web pages including FAQ and many tutorials from users and vendors.
- NCNE user help: NCNE has agreed to help sites bringing up or having troubles with IPv6. Email NCNE at ncne@ncne.org and ask for help specifically with IPv6. Indicate that you’re an Internet2 site.