IPv6 Tunnel using BGP on a Cisco 877

The last post was about basic IPv6 tunnelling using GRE and a static route from the ISP router to the Cisco 887 at the remote site. That all worked , but lacked ‘interest’. I had considered putting in a Cisco 1841 which was lying around to attempt a full IPv6 BGP session but then thought ‘Why not try the 877 in use already in the office?’ – and here we are. For info I have a Cisco 877 with a massive 128MB RAM and and Advanced IP services IOS, which when compared to a border router that Gconnect use is very, very small. That said there is not much overhead in the IPv6 table at the moment (~ 10 – 15 K routes). I’m using the same layout (apart from the router model) as last time:

tunnel_diagram

 

So the tunnels are set up as per the previous post, however I have now removed the static route at the ISP end and the default (::/0) from the remote end, ie we just have point to point connectivity between the the routers. Starting on the head end:

1. Make an appropriate prefix list

ipv6 prefix-list GCONNECT-OFFICE seq 5 permit 2A01:570:Y:XXXY::/64

2. Create the peer – I’m updating the source to Tunnel0 to make it work nicely.

router bgp 33941
neighbor 2A01:570:Y:XXXX::2 remote-as 65000
neighbor 2A01:570:Y:XXXX::2 update-source Tunnel0

3. We need to disable the IPv4 address family activation:

 
router bgp 33941
 address-family ipv4
 no neighbor 2A01:570:Y:XXXX::2 activate

4. Now add the prefix list and activate the peer in the IPv6 address family

 
router bgp 33941
 address-family ipv6
  neighbor 2A01:570:Y:XXXX::2 activate
  neighbor 2A01:570:Y:XXXX::2 prefix-list GCONNECT-OFFICE in

Thats the head end sorted, now the trusty 877 is pretty much a mirror of the head end, so I’ll compress into one lump:

ipv6 prefix-list OFFICE seq 5 permit 2A01:570:Y:XXXY::/64
!
router bgp 65000
 bgp log-neighbor-changes
 neighbor 2A01:570:Y:XXXX::1 remote-as 33941
 neighbor 2A01:570:Y:XXXX::1 update-source Tunnel0
 !
 address-family ipv4
  no neighbor 2A01:570:Y:XXXX::1 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family ipv6
  neighbor 2A01:570:Y:XXXX::1 activate
  neighbor 2A01:570:Y:XXXX::1 prefix-list OFFICE out
  network 2A01:570:Y:XXXY::/64
 exit-address-family

Note the network statement at the end announcing the route to the ISP site. This route needs to be in the local routing table so if you are using a /48 and don’t have it in the table you should null route it. My vlan 1 is using the /64 so I’ve no issues here. I’m using a prefix list to filter outgoing routes as when I hook up a second ISP router i dont want to transiting via my DSL line! So we nee to run some verification commands from the Office Cisco 877:

#sh ip bgp ipv6 unicast summary 
BGP router identifier 192.168.X.X, local AS number 65000
BGP table version is 37022, main routing table version 37022
12133 network entries using 1844216 bytes of memory
12133 path entries using 922108 bytes of memory
7768/7762 BGP path/bestpath attribute entries using 963232 bytes of memory
7250 BGP AS-PATH entries using 184120 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 2) using 32 bytes of memory
BGP using 3913708 total bytes of memory
BGP activity 12176/43 prefixes, 24313/12180 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2A01:570:Y:XXXX::1
                4 33941   16547     158    37022    0    0 00:31:58    12132

There are a few good points to note here. Firstly we have 12,132 IPv6 routes which is good. Second the memory that the BGP is taking up is minimal (circa 4GB) so the 877 does not have any issues. We need to check we are announcing the /64 to the ISP with the following command:

#sh ip bgp ipv6 unicast neighbors 2A01:570:Y:XXXX::1 advertised-routes 
BGP table version is 37046, local router ID is 192.168.X.X
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 2A01:570:Y:XXXY::/64
                    ::                       0         32768 i

Total number of prefixes 1

This all looks good, you need that ‘*>’ meaning valid and best and just the one route. Last thing is to actually test it, so we’ll ping our friends at Google.

ping 2a00:1450:400c:c00::93 source vlan1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2A00:1450:400C:C00::93, timeout is 2 seconds:
Packet sent with a source address of 2A01:570:Y:XXXY::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/52/56 ms

Well that just about wraps it up i think.

This entry was posted in Cisco, IPv6 and tagged , , . Bookmark the permalink.

Leave a Reply