The last post was about basic IPv6 tunnelling using GRE and a static route from the ISP router to the Cisco 887 at the remote site. That all worked , but lacked ‘interest’. I had considered putting in a Cisco 1841 which was lying around to attempt a full IPv6 BGP session but then thought ‘Why not try the 877 in use already in the office?’ – and here we are. For info I have a Cisco 877 with a massive 128MB RAM and and Advanced IP services IOS, which when compared to a border router that Gconnect use is very, very small. That said there is not much overhead in the IPv6 table at the moment (~ 10 – 15 K routes). I’m using the same layout (apart from the router model) as last time:
So the tunnels are set up as per the previous post, however I have now removed the static route at the ISP end and the default (::/0) from the remote end, ie we just have point to point connectivity between the the routers. Starting on the head end:
1. Make an appropriate prefix list
ipv6 prefix-list GCONNECT-OFFICE seq 5 permit 2A01:570:Y:XXXY::/64
2. Create the peer – I’m updating the source to Tunnel0 to make it work nicely.
router bgp 33941 neighbor 2A01:570:Y:XXXX::2 remote-as 65000 neighbor 2A01:570:Y:XXXX::2 update-source Tunnel0
3. We need to disable the IPv4 address family activation:
router bgp 33941 address-family ipv4 no neighbor 2A01:570:Y:XXXX::2 activate
4. Now add the prefix list and activate the peer in the IPv6 address family
router bgp 33941 address-family ipv6 neighbor 2A01:570:Y:XXXX::2 activate neighbor 2A01:570:Y:XXXX::2 prefix-list GCONNECT-OFFICE in
Thats the head end sorted, now the trusty 877 is pretty much a mirror of the head end, so I’ll compress into one lump:
ipv6 prefix-list OFFICE seq 5 permit 2A01:570:Y:XXXY::/64 ! router bgp 65000 bgp log-neighbor-changes neighbor 2A01:570:Y:XXXX::1 remote-as 33941 neighbor 2A01:570:Y:XXXX::1 update-source Tunnel0 ! address-family ipv4 no neighbor 2A01:570:Y:XXXX::1 activate no auto-summary no synchronization exit-address-family ! address-family ipv6 neighbor 2A01:570:Y:XXXX::1 activate neighbor 2A01:570:Y:XXXX::1 prefix-list OFFICE out network 2A01:570:Y:XXXY::/64 exit-address-family
Note the network statement at the end announcing the route to the ISP site. This route needs to be in the local routing table so if you are using a /48 and don’t have it in the table you should null route it. My vlan 1 is using the /64 so I’ve no issues here. I’m using a prefix list to filter outgoing routes as when I hook up a second ISP router i dont want to transiting via my DSL line! So we nee to run some verification commands from the Office Cisco 877:
#sh ip bgp ipv6 unicast summary BGP router identifier 192.168.X.X, local AS number 65000 BGP table version is 37022, main routing table version 37022 12133 network entries using 1844216 bytes of memory 12133 path entries using 922108 bytes of memory 7768/7762 BGP path/bestpath attribute entries using 963232 bytes of memory 7250 BGP AS-PATH entries using 184120 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory Bitfield cache entries: current 1 (at peak 2) using 32 bytes of memory BGP using 3913708 total bytes of memory BGP activity 12176/43 prefixes, 24313/12180 paths, scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 2A01:570:Y:XXXX::1 4 33941 16547 158 37022 0 0 00:31:58 12132
There are a few good points to note here. Firstly we have 12,132 IPv6 routes which is good. Second the memory that the BGP is taking up is minimal (circa 4GB) so the 877 does not have any issues. We need to check we are announcing the /64 to the ISP with the following command:
#sh ip bgp ipv6 unicast neighbors 2A01:570:Y:XXXX::1 advertised-routes BGP table version is 37046, local router ID is 192.168.X.X Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 2A01:570:Y:XXXY::/64 :: 0 32768 i Total number of prefixes 1
This all looks good, you need that ‘*>’ meaning valid and best and just the one route. Last thing is to actually test it, so we’ll ping our friends at Google.
ping 2a00:1450:400c:c00::93 source vlan1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2A00:1450:400C:C00::93, timeout is 2 seconds: Packet sent with a source address of 2A01:570:Y:XXXY::1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 48/52/56 ms
Well that just about wraps it up i think.