Welcome to The Taylor Family Sign in | Help

David

Work and Play...
IPv6 remote connectivity...

I set up a remote connection over a IPv4 VPN connection to a remote lab.  It took quite a bit of tinkering to get things to work correctly, so I figured I'd share the effort in case somebody else tries to do it.

I have a connection with my work lab set up so that I can do testing on remote networks across a slow speed link (as compared to the LAN).  I have a Cisco 3620 on the remote side attached to the lab network with a few workstations behind it.  A VPN connection gets me up to the network that the router and lab equipment is attached to (this is a IPv6 only forwarding router the way its set up).  I created a tunnel interface following Cisco's documentation for a v6 over v4 tunnel and had no problems with that.  Originally, I set up RIPng to make sure that the connection works, which it did, but I wanted to create a BGP connection as it was more of a challenge to do.

BTW, just a little side note, the 3620 is running 12.3 code which is the latest Cisco made for that platform.  The config allows you to enter ipv6 router ospf 1, but it doesn't actually do anything.  It doesn't show up in the running config and it won't let you enable it on any interface, so when running the 12.3 code, you have to run RIP or static (I don't do ISIS, so I am uncertain about setting it up with IPv6)..

Ok, BGP is a bit trickier to set up as you have to set up the multi-protocol pieces to make it work correctly.  This was a new one for me and I had to actually get the docs out to do it rather than just whipping it out from previous configs.  It's pretty straightforward once you get the where things go...  The first section is about normal except for the no bgp default ipv4-unicast statement for creating a pure IPv6 BGP setup.  Next after configuring the main section with your neighbor statements, you have to create a section for the IPv6 address family.  You actually activate your neighbor here and add your network and redistribute statements in this section rather than in the main router bgp section.  Below, I've attached the config for the my core router (minus a few extraneous details like passwords :)  I did leave one item in for illustration, the name server address.  The DNS server is a Win2003 server and it listens on IPv6 for resolving addresses.  Cisco does the DNS over IPv6 just fine too.

A couple of items.  BGP, in the configuration below only talks on IPv6 (over the tunnel), but BGP v4 has a couple of limitations: 

  • The router id is a 4 byte  number.  If you set up a completely IPv6 network, you'll need to give the router-id some unique IPv4 address for its identity.
  • The cluster id used on route reflectors is a also a4 byte number, so the same limitation applies here too.

Have fun with the configs...

Here's the local side network config
hostname Core
!
ip cef
!
ip name-server FD15:A9B8:480D:1:290:27FF:FEA1:7F81
!
ipv6 unicast-routing
ipv6 cef
!
interface Tunnel1
 description Connection to RemoteNet
 no ip address
 ipv6 address FD15:A9B8:480D:FFF1::1/64
 tunnel source FastEthernet0/0
 tunnel destination 10.254.54.34
 tunnel mode ipv6ip
!
interface Loopback0
 ip address 10.255.1.1 255.255.255.255
 ipv6 address FD15:A9B8:480D:FFFF::1/128
 ipv6 enable
 ipv6 rip 1 enable
!
interface FastEthernet0/0
 description Primary Ethernet Network
 ip address 172.30.255.1 255.255.255.224
 ip route-cache flow
 duplex auto
 speed auto
 ipv6 address FD15:A9B8:480D:1::1/64
 ipv6 address autoconfig default
 ipv6 enable
 ipv6 rip 1 enable
!
router bgp 65011
 bgp router-id 172.30.255.1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor FD15:A9B8:480D:FFF1::2 remote-as 65010
 !
 address-family ipv6
 neighbor FD15:A9B8:480D:FFF1::2 activate
 neighbor FD15:A9B8:480D:FFF1::2 route-map remotev6 in
 network FD15:A9B8:480D::/48
 redistribute static
 redistribute rip 1
 no synchronization
 exit-address-family
!
ipv6 route FD15:A9B8:480D::/48 Null0
ipv6 route FDA0:3DF0:4465:FFFF::1/128 FD15:A9B8:480D:FFF1::2
ipv6 router ospf 1
 router-id 10.255.1.1
 log-adjacency-changes
!
ipv6 router rip 1
!
ipv6 prefix-list remotev6 seq 5 permit FDA0:3DF0:4465::/48 le 128
ipv6 prefix-list remotev6 seq 10 deny ::/0
route-map remotev6 permit 10
 match ipv6 address prefix-list remotev6
!

Here's the remote side network config:

hostname remotelab
!
ip cef
ip name-server FD15:A9B8:480D:1:2D0:59FF:FE2D:62FE
ip name-server FD15:A9B8:480D:1:290:27FF:FEA1:7F81
!
ipv6 unicast-routing
!
interface Loopback0
 no ip address
 ipv6 address FDA0:3DF0:4465:FFFF::1/128
 ipv6 enable
!
interface Tunnel1
 description Connection to HomeLab
 no ip address
 ipv6 address FD15:A9B8:480D:FFF1::2/64
 tunnel source Ethernet0/1
 tunnel destination 172.30.255.1
 tunnel mode ipv6ip
!
interface Ethernet0/0
 no ip address
 full-duplex
 ipv6 address FDA0:3DF0:4465:D200::1/64
 ipv6 enable
 ipv6 rip 1 enable
!
interface Ethernet0/1
 ip address 10.254.54.34 255.255.255.224
 full-duplex
!
router bgp 65010
 bgp router-id 10.254.54.33
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor FD15:A9B8:480D:FFF1::1 remote-as 65011
 !
 address-family ipv6
 neighbor FD15:A9B8:480D:FFF1::1 activate
 neighbor FD15:A9B8:480D:FFF1::1 route-map homev6 in
 network FDA0:3DF0:4465::/48
 no synchronization
 redistribute static
 redistribute rip 1
 exit-address-family
!
ipv6 route FD15:A9B8:480D:FFFF::1/128 FD15:A9B8:480D:FFF1::1
ipv6 route FDA0:3DF0:4465::/48 Null0
ipv6 router rip 1
!
ipv6 prefix-list homev6 seq 15 permit FD15:A9B8:480D::/48 le 128
ipv6 prefix-list homev6 seq 20 deny ::/0
route-map homev6 permit 10
 match ipv6 address prefix-list homev6

Posted: Saturday, August 12, 2006 8:32 PM by David
Filed under:

Comments

No Comments

Anonymous comments are disabled