IPv6 in Cisco or the Future is about to come

Introduction

Addressing in IPv6

Basic interface configuration

Static routes

Dynamic routing

Access lists

Tunneling in IPv4 and IPv6

Virtual routing and forwarding (VRF)

Conclusion

Introduction

The IPv6 protocol is a descendant of the IP version four, IPv4, which is widely used everywhere, and consequently, IPv6 inherited most part of the IPv4 operation logic. For instance, packet headings in IPv4 and IPv6 have much in common with; the same logic of transmitting packets is used – routing based on the destination address; the time a packet exists in the net is controlled with the help of TTL and so on. However, there are some major differences: besides the change in the length of the IP-address itself, broadcast of any kind is no longer used, including directed broadcast. Instead, multicast is used. Also, ARP disappeared; its functions are now performed by ICMP, the fact which will make IT security departments keep a close eye on this protocol, because simply banning it is no longer an option. We’re not going to describe all changes that have been introduced to the protocol as the reader can readily find them on any number of IT resources. Instead, we’ll demonstrate some practical examples of setting Cisco IOS devices to work with IPv6.

Many new network specialists are asking the question whether they should start studying IPv6 right away. In our view, these days one cannot treat IPv6 as a separate chapter of technology; on the contrary, all technics should be practiced on both IP versions. For example, studying the dynamic routing protocol EIGRP it’s worth configuring test networks in the lab both for IPv4 and IPv6. Now let’s get down to business!

Addressing in IPv6

In IPv6 the length of the protocol address is 128 bit, which is four times longer than that in IPv4. The number of addresses in IPv6 is huge and is 2128≈3,4•1038. The IP-address in IPv6 can be divided into two parts: a prefix and a host address which is also called an interface ID. Such division is very similar to that used in IPv4 in classless routing.

In IPv6, addresses are put in hexadecimal notation, each group of four digits is separated with a colon. For example: 2001:1111:2222:3333:4444:5555:6666:7777. The mask is written with a slash, for instance, /64. In an IPv6 address, there can be long sequences of zeroes, that’s why there’s a contracted notation possible. Firstly, the beginning zeroes of each group of digits can be omitted, i.e. instead of 2001:0001:0002:0003:0004:0005:0006:7000 it’s possible to write 2001:1:2:3:4:5:6:7000. The ending zeroes are not left out. If a group of digits in the address (or several groups in a row) is comprised of zeroes only, it can be replaced with a double colon. For example, instead of 2001:1:0:0:0:0:0:1 one can use a contracted notation like 2001:1::1. It has to be said that it’s only possible to contract the address in such a way once. Below are correct and incorrect notations of addresses in IPv6.

Correct notation

2001:0000:0db8:0000:0000:0000:07a0:765d
2001:0:db8:0:0:0:7a0:765d
2001:0:db8::7a0:765d

Incorrect notation

2001::db8::7a0:765d
2001:0:db8::7a:765d

Funny contractions

::/0 –default gateway
::1 – loopback
2001:2345:6789::/64 –some network address

However, not all IPv6 addresses can be assigned to global network nodes. There’re several reserved ranges and address types. An IPv6 address can belong to one the three following types

  • Unicast
  • Multicast
  • Anycast

Unicast addresses are very similar to those in IPv4. They can be assigned to end-users’ network equipment interfaces, servers and hosts. Group or Multicast addresses are intended for delivering packets to several receivers simultaneously. When Anycast addresses are used, data will be received by the nearest node with such address. Special attention should be paid to the fact that there’re no broadcast addresses in the list of those supported by IPv6. Even among Unicast addresses there’re smaller types.

  • Link local
  • Global unicast
  • Unique local

Addresses in the Unique local group are described in RFC 4193 and are very similar to private addresses in IPv4 described in RFC 1918. Link local addresses are intended for transmitting information between devices connected to the same L2-network. Most of addresses from the Global unicast range can be assigned to specific network nodes interfaces. The list of reserved addresses is below.

IPv6 address Prefix length Description Remarks
:: 128 - Analogue of 0.0.0.0 in IPv4
::1 128 Loopback Analogue of 127.0.0.1 in IPv4
::xx.xx.xx.xx 96 Built-in IPv4 IPv4-compatible. Obsolete, no longer used
::ffff:xx.xx.xx.xx 96 IPv4, depicted in IPv6 For hosts that don’t support IPv6
2001:db8:: 32 Documenting Reserved for examples. RFC 3849
fe80:: - febf:: 10 Link-Local Analogue of 169.254.0.0/16 in IPv4
fec0:: - feff:: 10 Site-Local Analogue of 10.0.0.0, 172.16.0.0, 192.168.0.0 networks. RFC 3879. Obsolete.
fc00:: 7 Unique Local Unicast Replaced Site-Local. RFC 4193
ffxx:: 8 Multicast -

Basic interface configuration

IPv6 routing is enabled with the help of the ipv6 unicast-routing command. Actually, the router will support IPv6 even without this command; however without it the device will act as a host to IPv6. Many of the commands we got used to in IPv4 are also present in IPv6, one will only have to replace the ip option with ipv6.

The address in the interface can be configured in several ways. When only IPv6 support is turned on, the link-local address is automatically assigned to the interface.

R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int gi0/0
R1(config-if)#ipv6 enable
R1(config-if)#^Z
R1#show ipv6 int bri
Ethernet0/0 [administratively down/down]
unassigned
GigabitEthernet0/0 [up/up]
FE80::C800:3FFF:FED0:A008

Parts of a link-local address are calculated with the help of the EUI-64 algorithm on the base of the interface MAC-address. For this, two bytes are automatically added in the middle of the 48-byte MAC-address; in the hexadecimal notation these two bytes look like FFFE; also the seventh bit of the first byte of the MAC-address is inverted. In the pictures below one can see the scheme of the algorithm in question.

Compare the link-local address above to the physical address of the Gi0/0 interface of the router (the immaterial part of the sho int Gi0/0 command output is deleted).

R1#show int gi0/0
GigabitEthernet0/0 is up, line protocol is up
Hardware is i82543 (Livengood), address is ca00.3fd0.a008 (bia ca00.3fd0.a008)

EUI-64 part of an IPv6 address: C800:3FFF:FED0:A008.

The interface can be given an address manually with the help of the ipv6 address command, for example, ipv6 address 2001:db8::1/64. It’s possible to specify the address of a network segment only; the rest will be assigned automatically using the interface physical address converted with the help of EUI-64. For this, use the command with eui-64 key word.

R2#conf t
R2(config)#int gi0/0
R2(config-if)#ipv ad 2001:db8::/64 eui-64
R2(config-if)#^Z
R2#show ipv6 int bri
Ethernet0/0 [administratively down/down]
unassigned
GigabitEthernet0/0 [up/up]
FE80::C801:42FF:FEA4:8
2001:DB8::C801:42FF:FEA4:8

Within one L2-segment it’s possible to exchange messages only with link-local addresses and this option is sometimes used; however, in the majority of situations the interface has to be assigned an ordinary routable IPv6-address. For instance, OSPF and EIGRP neighborhood is established using link-local addresses. Automatic neighbor discovery and other service protocols also operate with link-local addresses.

R1#sho ipv6 int brief
Ethernet0/0 [administratively down/down]
unassigned
GigabitEthernet0/0 [up/up]
FE80::C800:42FF:FEA4:8
2001:DB8::1
R1#sho ipv ei ne
IPv6-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 Link-local address: Gi0/0 12 00:01:03 39 234 0 3
FE80::C801:42FF:FEA4:8
R1#ping FE80::C801:42FF:FEA4:8
Output Interface: GigabitEthernet0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FE80::C801:42FF:FEA4:8, timeout is 2 seconds:
Packet sent with a source address of FE80::C800:42FF:FEA4:8
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/20/48 ms

Naturally, there’s still the option of automatically assigning an address in IPv6 with the help of DHCP. It’s worth noting however, that there’re two types of DHCP in IPv6: stateless and stateful. Their setting is performed with the help of ipv6 address autoconfig and ipv6 address dhcp, respectively.

Configuring a «server» part practically doesn’t differ from the same for IPv4. First of all it is necessary to create a DHCP pool, then to enable it on an interface. Enabling on an interface is implemented in explicit form using an interface command ipv6 dhcp server name, where the name of earlier created DHCP pool stands for name. It is also of note here that DHCPv6 doesn’t allow excluding definite IPv6 addresses from the range as it was done for IPv4 using a command ip dhcp excluded-address as well as implementing a manual binding of address to a client.

ipv6 dhcp pool test
address prefix 2001:1::/64
dns-server 2001:1::1
domain-name foxnetwork.ru
interface GigabitEthernet1/0
no ip address
negotiation auto
ipv6 address 2001:1::1/64
ipv6 dhcp server test
ipv6 nd managed-config-flag
ipv6 nd other-config-flag

A command ipv6 nd managed-config-flag points to a client the necessity of using DHCPv6 for allocating an address. It is also possible to inform a client about the necessity of getting additional options (address of DNS-server or name of domain) using a command ipv6 nd other-config-flag.

The information about configured DHCPv6 pools can be displayed using a command show ipv6 dhcp pool.

R2#sho ipv dhcp pool
DHCPv6 pool: test
Address allocation prefix: 2001:1::/64 valid 172800 preferred 86400 (1 in use, 0 conflicts)
DNS server: 2001:1::1
Domain name: foxnetwork.ru
Active clients: 1

A list of current clients is represented in the output of a command show ipv6 dhcp binding.

R2#show ipv6 dhcp binding
Client: FE80::C801:26FF:FEFC:1C
DUID: 00030001CA0126FC0008
Username : unassigned
IA NA: IA ID 0x00050001, T1 43200, T2 69120
Address: 2001:1::CDFD:B868:5AFF:F258
preferred lifetime 86400, valid lifetime 172800
expires at Mar 12 2015 08:56 AM (170469 seconds)

To reset current DHCPv6 bindings one should use a command clear ipv6 dhcp binding {* | ipv6-address}.

Viewing the list of interfaces where DHCPv6 protocol is operating is done using a command show ipv6 dhcp interface.

R2#show ipv6 dhcp interface
GigabitEthernet1/0 is in server mode
Using pool: test
Preference value: 0
Hint from client: ignored
Rapid-Commit: disabled

Apart from stateful DHCPv6 Cisco equipment also supports a version DHCPv6 Lite, which differs in absence of address prefix command inside a pool and an interface option managed-config-flag. In this case address of a host interface is computed on basis of a message Router Advertisement.

ipv6 dhcp pool test
dns-server 2001:1::1
domain-name foxnetwork.ru
interface GigabitEthernet1/0
no ip address
negotiation auto
ipv6 address 2001:1::1/64
ipv6 dhcp server test
ipv6 nd other-config-flag

As it was for IPv4 Cisco L3-switches and routers can function as DHCP relay, for which a command ipv6 dhcp relay destination ipv6-address is used, where ipv6-address – an address of DHCPv6 server.

A very interesting facility was introduced in DHCPv6 – prefix delegation. This function, as we suppose, will be mostly in demand among service providers as it allows delegating a large prefix to a client for distributing it in an enterprise network. Let’s consider operating of Prefix Delegation function by example. At the scheme below a router Delegating_router represents an edge router of a service provider, CE_router – client’s border equipment. Client_net1 and Client_net2 emulate devices connected to different client’s IPv6-netwoks. It’s worth making a special emphasis on that Client_net1 and Client_net2 are in different subnets, there is a trunk enabled between SW1 switch and CE_router router, where two virtual networks, #2 (for Client_net1) and #3 (for Client_net2), exist. At CE_router router own subinterface for each virtual network is configured.

The first thing from which setting up should be started is configuring of address at the link between Delegating_router and CE_router routers.

Delegating_router(config)#int gi1/0
Delegating_router(config-if)#no sh
Delegating_router(config-if)#ipv6 address 2001:DB8:1::1/64
Delegating_router(config-if)#^Z
Delegating_router#
CE_router(config)#int gi0/0
CE_router(config-if)#no sh
CE_router(config-if)# ipv6 address 2001:DB8:1::2/64
CE_router(config-if)#^Z
CE_router#

Let’s create a local pool at Delegating_router router from which prefixes will be distributed to clients.

Delegating_router(config)#ipv6 local pool c_prefix 2001:DB8::/40 48

A pool c_prefix is defined as 2001:DB8::/40 prefix from which smaller prefixes with /48 mask will be distributed to clients.

After local pool configuring it is necessary to create DHCPv6 pool which to attach to Gi1/0 interface.

Delegating_router(config)#ipv6 dhcp pool customers
Delegating_router(config-dhcpv6)# prefix-delegation pool c_prefix
Delegating_router(config-dhcpv6)#int gi1/0
Delegating_router(config-if)#ipv6 dhcp server customers

Setting of delegating router finishes here. At the client’s border router delegated prefix should be accepted using an interface command ipv6 dhcp client pd prefix, where prefix is a name of accepted prefix, this name will be used later.

CE_router#sho run int gi0/0
Building configuration...
Current configuration : 170 bytes
interface GigabitEthernet0/0
no ip address
ipv6 address 2001:DB8:1::2/64
ipv6 dhcp client pd prefix
end
CE_router#sho ipv dhcp interface gi0/0
GigabitEthernet0/0 is in client mode
Prefix State is OPEN
Renew will be sent in 3d10h
Address State is IDLE
List of known servers:
Reachable via address: FE80::C801:2FF:FEC8:1C
DUID: 00030001CA0102C80008
Preference: 0
Configuration parameters:
IA PD: IA ID 0x00040001, T1 302400, T2 483840
Prefix: 2001:DB8::/48
preferred lifetime 604800, valid lifetime 2592000
expires at Apr 09 2015 10:39 AM (2587501 seconds)
Information refresh time: 0
Prefix name: prefix
Prefix Rapid-Commit: disabled
Address Rapid-Commit: disabled

Addresses of client’s subnets will be allocated from the received prefix. As for the given client a prefix 2001:DB8::/48 was assigned addresses of client networks will be, for example, such as 2001:DB8:0:1::/64 and 2001:DB8:0:2::/64. Let’s implement corresponding configuring of CE_router router subinterfaces. As it can be seen from the listing below, addresses are not specified in an explicit form, a prefix, earlier obtained from a provider, is used instead.

CE_router#sho run int gi1/0.2
Building configuration...
Current configuration : 97 bytes
interface GigabitEthernet1/0.2
encapsulation dot1Q 2
ipv6 address prefix ::1:0:0:0:1/64
end
CE_router#sho run int gi1/0.3
Building configuration...
Current configuration : 97 bytes
interface GigabitEthernet1/0.3
encapsulation dot1Q 3
ipv6 address prefix ::2:0:0:0:1/64
end

The only thing left to do – to get addresses at client’s hosts.

Client_net1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Client_net1(config)#int gi1/0
Client_net1(config-if)#no sh
*Mar 10 11:38:07.959: %LINK-3-UPDOWN: Interface GigabitEthernet1/0, changed state to up
*Mar 10 11:38:08.959: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to up
Client_net1(config-if)#ipv6 address autoconfig
Client_net1(config-if)#exi
Client_net1(config)#exi
Client_net1#sho ipv int bri
GigabitEthernet1/0 [up/up]
FE80::C803:1EFF:FE3C:1C
2001:DB8:0:1:C803:1EFF:FE3C:1C
Client_net1#

Another opportunity related to the use of prefixes is an option of a global detection of the router prefix. Such opportunity allows simplifying a procedure of addresses assignment on interfaces of a router or L3-switch. Let us assume that an enterprise was allocated network 2001:db8:1::/48. This means that all addresses will commence with «2001:db8:1». It is necessary to begin with the detection of a prefix.

R1(config)#ipv6 general-prefix ?
  WORD  General prefix name
R1(config)#ipv6 general-prefix fox ?
  6rd                 6rd
  6to4                6to4
  X:X:X:X::X/<0-128>  IPv6 prefix
R1(config)#ipv6 general-prefix fox 2001:DB8:1::/48
R1(config)#do sho ipv gene
IPv6 Prefix fox, acquired via Manual configuration
  2001:DB8:1::/48 Valid lifetime infinite, preferred lifetime infinite

Once the prefix is configured, it is possible to pass on to its direct assignment on the interface.

R1(config)#int gi0/0
R1(config-if)#ipv address ?
  WORD                General prefix name
  X:X:X:X::X          IPv6 link-local address
  X:X:X:X::X/<0-128>  IPv6 prefix
  autoconfig          Obtain address using autoconfiguration
  dhcp                Obtain a ipv6 address using dhcp
R1(config-if)#ipv address fox ?
  X:X:X:X::X/<0-128>  IPv6 prefix
R1(config-if)#ipv address fox 0:0:0:1::1/64
R1(config-if)#^Z
R1#sho ipv int bri
Ethernet0/0            [administratively down/down]
GigabitEthernet0/0     [up/up]
    FE80::C801:3CFF:FED0:8
    2001:DB8:1:1::1
R1#sho run int gi0/0
Building configuration...
Current configuration : 144 bytes
interface GigabitEthernet0/0
 no ip address
 duplex full
 speed 1000
 media-type gbic
 negotiation auto
 ipv6 address fox ::1:0:0:0:1/64
end

It is necessary to pay special attention to the syntax that is used for assigning address on an interface. The left part of the address is filled with bits from the main prefix (the number of bits corresponds to the length of the main prefix). The remaining part is taken out from the address specified with ipv6 address command. In principle, the left part of the address specified in the interface can be any, it is filled with zero in the example above.

The usage of the main prefix can be combined with automatic address assignment on an interface using SLAAC.

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int e0/0
R1(config-if)#ipv add fox 0:0:0:2::/64 ?
  anycast  Configure as an anycast
  cga      Use CGA interface identifier
  eui-64   Use eui-64 interface identifier
  <cr>
R1(config-if)#ipv add fox 0:0:0:2::/64 eui-64
R1(config-if)#^Z
R1#sho ipv int bri
Ethernet0/0            [administratively down/down]
    FE80::C801:3CFF:FED0:6
    2001:DB8:1:2:C801:3CFF:FED0:6
GigabitEthernet0/0     [up/up]
    FE80::C801:3CFF:FED0:8
    2001:DB8:1:1::1

With the help of the sho ipv general-prefix command it is possible to view on which interfaces the addresses using a certain main prefix are configured.

R1#sho ipv general-prefix
IPv6 Prefix fox, acquired via Manual configuration
  2001:DB8:1::/48 Valid lifetime infinite, preferred lifetime infinite
   GigabitEthernet0/0 (Address command)
   Ethernet0/0 (Address command)

To be fair, it is worth noting that it is allowed to define several prefixes with one name. All configured addresses will be assigned on interfaces.

R1#sho run | i general
ipv6 general-prefix fox 2001:DB8:1::/48
ipv6 general-prefix fox 2001:DB8:2::/48
R1#sho ipv gene
IPv6 Prefix fox, acquired via Manual configuration
  2001:DB8:1::/48 Valid lifetime infinite, preferred lifetime infinite
  2001:DB8:2::/48 Valid lifetime infinite, preferred lifetime infinite
   GigabitEthernet0/0 (Address command)
   Ethernet0/0 (Address command)
R1#sho ipv int bri
Ethernet0/0            [administratively down/down]
    FE80::C801:3CFF:FED0:6
    2001:DB8:1:2:C801:3CFF:FED0:6
    2001:DB8:2:2:C801:3CFF:FED0:6
GigabitEthernet0/0     [up/up]
    FE80::C801:3CFF:FED0:8
    2001:DB8:1:1::1
    2001:DB8:2:1::1

As was mentioned above, in IPv6 ARP is no longer used. Neighbors are discovered with the help of NDP (Neighbor Discovery Protocol) through exchanging ICMP messages sending them to the group address FF02::1.

R1#show ipv6 neighbors
IPv6 Address Age Link-layer Addr State Interface
FE80::C801:42FF:FEA4:8 25 ca01.42a4.0008 STALE Gi0/0

In Windows operating systems there’s also a function of looking through the list of neighbors (the analogue of the arp –a command), but the system call is longer now.

C:\>netsh interface ipv6 show neighbors
Interface 1: Loopback Pseudo-Interface 1
Internet Address Physical Address Type
-------------------------------------------- ----------------- -----------
ff02::c Permanent
ff02::16 Permanent
ff02::1:2 Permanent
ff02::1:3 Permanent
ff02::1:ff1e:f939 Permanent
Interface 24: LAN 4
Internet Address Physical Address Type
-------------------------------------------- ----------------- -----------
2001:db8:0: 5::1 00-11-5c-1b-3d-49 Reachable (Router)
fe80::ffff:ffff:fffe Unreachable Unreachable
fe80::211:5cff:fe1b:3d49 00-11-5c-1b-3d-49 Stale (Router)
fe80::218:f3ff:fe73:33d7 Unreachable Unreachable
fe80::a541:1a9:3b2d:7734 Unreachable Unreachable
ff02::1 33-33-00-00-00-01 Permanent
ff02::2 33-33-00-00-00-02 Permanent
ff02::c 33-33-00-00-00-0c Permanent
ff02::16 33-33-00-00-00-16 Permanent
ff02::1:2 33-33-00-01-00-02 Permanent
ff02::1:3 33-33-00-01-00-03 Permanent
ff02::1:ff00:0 33-33-ff-00-00-00 Permanent
ff02::1:ff00:1 33-33-ff-00-00-01 Permanent

Routers in the local segment are discovered in a similar way; only in this case packets are sent to FF02::2. The interested node sends an RS (Router Solicitation) message and gets RA (Router Advertisement) in reply from the router. This reply contains IP parameters of the given network. The described process is shown in the picture below.

Discovery of a router connected to a local network segment is used so that the node will get an IPv6 address with the help of the stateless address autoconfiguration (SLAAC) procedure which is mistakenly also referred to as Stateless DHCP.

Static routes

By default, the IPv6 routing table contains not only networks actually connected, but local addresses as well. Besides, there’s a route to group addresses in it, too.

R1#sho ipv6 routing
IPv6 Routing Table - Default - 3 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
HA - Home Agent, MR - Mobile Router, R - RIP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external
C 2001:DB8::/64 [0/0]
via GigabitEthernet0/0, directly connected
L 2001:DB8::1/128 [0/0]
via GigabitEthernet0/0, receive
L FF00::/8 [0/0]
via Null0, receive

Static routes in IPv6 are set in the well-known way. The only thing one has to note is that when link-local addresses are used, besides the address of the next transition, the interface has to be specified as well.

R1#conf t
R1(config)#ipv ro ::/0 gi0/0 FE80::C801:42FF:FEA4:8
R1(config)#^Z
R1#sho ipv6 routing
IPv6 Routing Table - Default - 4 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
HA - Home Agent, MR - Mobile Router, R - RIP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external
S ::/0 [1/0]
via FE80::C801:42FF:FEA4:8, GigabitEthernet0/0
C 2001:DB8::/64 [0/0]
via GigabitEthernet0/0, directly connected
L 2001:DB8::1/128 [0/0]
via GigabitEthernet0/0, receive
L FF00::/8 [0/0]
via Null0, receive

Dynamic routing

To configure dynamic routing in IPv6 is not much more complicated. Firstly, the network command is no longer used for adding an interface to the routing process. Instead, the ipv6 eigrp 1 command should be run in the interface to enable EIGRP 1 or ipv6 ospf 1 area 0 to add the interface to the backbone area of the OSPF 1 process. By default, the EIGRP routing process in IPv6 is switched off and has to be enabled; however, the “best” thing here is the necessity to keep an eye on assigning the router-id parameter. In IPv4 routing, this parameter could be assigned manually or chosen automatically based on IP-addresses assigned to interfaces. If there’re no IPv4 addresses on a device, router-id for the IPv6 dynamic routing process can be only assigned manually.

For a simple network presented below, let’s configure EIGRP. The R1 router on the Gi0/0 interface has the address 2001:db8::1/64, R2 – 2001:db8::2/64.

First, let’s configure the R1 router.

R1#conf t
R1(config)#ipv6 router eigrp 1
R1(config-rtr)#no shut
R1(config-rtr)#eigrp router-id 1.1.1.1
R1(config-rtr)#int gi0/0
R1(config-if)#ipv6 eigrp 1
R1(config-if)#^Z
R1#sho ipv6 eigrp interfaces
EIGRP-IPv6 Interfaces for AS(1)
Xmit Queue PeerQ Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/0 0 0/0 0/0 0 0/0 0 0
R1#show ipv6 eigrp neighbors
EIGRP-IPv6 Neighbors for AS(1)

Then we run the same commands on R2, after which this EIGRP-neighborhood is established between the two routers.

R1#
*Mar 21 12:01:13.763: %DUAL-5-NBRCHANGE: EIGRP-IPv6 1: Neighbor FE80::C80E:21FF:FEE4:8 (GigabitEthernet0/0) is up: new adjacency
R1#show ipv6 eigrp neighbors
EIGRP-IPv6 Neighbors for AS(1)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 Link-local address: Gi0/0 11 00:00:15 40 240 0 2
FE80::C80E:21FF:FEE4:8

On each of the routers let’s create a Loopback1 interface that will simulate connected networks. On R1, the Loopback1 interface will have an IPv6 address 2001:db8:1::1/64, on R2 - 2001:db8:2::1/64. There’re two ways to transmit information about new networks into the dynamic routing protocol: one can either include the new interface into the corresponding protocol or redistribute the routes (redistribute). The only thing one has to bear in mind in the second case is the necessity of specifying metrics. A metric can be specified either explicitly for each redistribution or with the help of the default-metric command. This process is exactly the same as in IPv4, so we’re not going to speak about it in detail.

Output from the R1 router.

R1#show ipv6 route
IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP
C 2001:DB8::/64 [0/0]
via GigabitEthernet0/0, directly connected
L 2001:DB8::1/128 [0/0]
via GigabitEthernet0/0, receive
C 2001:DB8:1::/64 [0/0]
via Loopback1, directly connected
L 2001:DB8:1::1/128 [0/0]
via Loopback1, receive
EX 2001:DB8:2::/64 [170/2560512]
via FE80::C80E:21FF:FEE4:8, GigabitEthernet0/0
L FF00::/8 [0/0]
via Null0, receive
R1#sho run int loo 1
Building configuration...
Current configuration : 87 bytes
interface Loopback1
no ip address
ipv6 address 2001:DB8:1::1/64
ipv6 eigrp 1
end
R1#sho run | sec router
ipv6 router eigrp 1
eigrp router-id 1.1.1.1

Output from the R2 router.

R2#show ipv6 route
IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP
C 2001:DB8::/64 [0/0]
via GigabitEthernet0/0, directly connected
L 2001:DB8::2/128 [0/0]
via GigabitEthernet0/0, receive
D 2001:DB8:1::/64 [90/130816]
via FE80::C80D:1EFF:FE28:8, GigabitEthernet0/0
C 2001:DB8:2::/64 [0/0]
via Loopback1, directly connected
L 2001:DB8:2::1/128 [0/0]
via Loopback1, receive
L FF00::/8 [0/0]
via Null0, receive
R2#sho run int lo 1
Building configuration...
Current configuration : 73 bytes
interface Loopback1
no ip address
ipv6 address 2001:DB8:2::1/64
end
R2#sho run | sec router
ipv6 router eigrp 1
eigrp router-id 2.2.2.2
redistribute connected
default-metric 1000 1 100 100 1500

If BGP is used in the network, to manage it, one will have to take a different approach: in BGP different processes are not created for IPv4 and IPv6. Instead, within one “parent” process the address-family command splits IP into versions. Below you can see the output from the R1 router. The R2 is configured in the same way.

R1#show run | sec router bgp
router bgp 65001
bgp router-id 1.1.1.1
bgp log-neighbor-changes
neighbor 2001:DB8::2 remote-as 65002
!
address-family ipv4
no neighbor 2001:DB8::2 activate
exit-address-family
!
address-family ipv6
network 2001:DB8:1::/64
neighbor 2001:DB8::2 activate
exit-address-family
R1#show bgp ipv6 summary
BGP router identifier 1.1.1.1, local AS number 65001
BGP table version is 3, main routing table version 3
2 network entries using 336 bytes of memory
2 path entries using 208 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 840 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2001:DB8::2 4 65002 12 12 3 0 0 00:07:24 1
% NOTE: This command is deprecated. Please use 'show bgp ipv6 unicast'
R1#show bgp ipv6 unicast summary
BGP router identifier 1.1.1.1, local AS number 65001
BGP table version is 3, main routing table version 3
2 network entries using 336 bytes of memory
2 path entries using 208 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 840 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2001:DB8::2 4 65002 12 12 3 0 0 00:07:34 1
R1#show bgp ipv6 unicast
BGP table version is 3, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 2001:DB8:1::/64 :: 0 32768 i
*> 2001:DB8:2::/64 2001:DB8::2 0 0 65002 i

When the article was being written (the end of March 2014) in the BGP full routing table, there were 500000 prefixes for IPv4 and 17000 entries for IPv6.

The OSPF protocol is configured for operation in an IPv6 network in a similar fashion. The protocol that has to be switched on and configured is called OSPFv3. It is completely independent from IPv4. The third version of the protocol has undergone a number of changes and additions in comparison with the previous implementation of OSPF.

interface GigabitEthernet0/0
no ip address
media-type gbic
speed 1000
duplex full
negotiation auto
ipv6 enable
ipv6 ospf 1 area 0
router ospfv3 1
router-id 1.1.1.1
address-family ipv6 unicast
redistribute connected
exit-address-family

Access lists

There’re also some minor changes in access lists. For instance, a list for an interface is set with the ipv6 traffic-filter command like ipv6 traffic-filter TEST in.

R2#show run | section access
ipv6 access-list TEST
deny icmp any any echo-reply
deny icmp any any echo-request
permit ipv6 any any
R2#show ipv6 access-list
IPv6 access list test
deny icmp any any echo-reply sequence 10
deny icmp any any echo-request (5 matches) sequence 20
permit ipv6 any any (28 matches) sequence 30
interface GigabitEthernet0/0
no ip address
media-type gbic
speed 1000
duplex full
negotiation auto
ipv6 address 2001:DB8::2/64
ipv6 eigrp 1
ipv6 traffic-filter TEST in

After introducing the TEST list for the Gi0/0 interface in the scheme above, the R2 router ceases to respond to echo-requests via ICMP.

R1#ping 2001:db8::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8::2, timeout is 2 seconds:
AAAAA
Success rate is 0 percent (0/5)

Tunneling in IPv4 and IPv6

Quite as interesting a question is connected to the work of tunnels supporting IPv6. The simplest tunnels in the IPv4 medium were IPIP (IP-in-IP) and GRE. For an administrator, almost nothing changes with the introduction of IPv6 when GRE is used. However, IPIP is not supported in IPv6. Instead of it, IPv6IP can be used. A nice peculiarity of GRE is that it’s universal, thanks to which it’s possible to transfer IPv4 and IPv6 protocols both over transportation networks with IPv4 and IPv6. Key words ip or ipv6 after the tunnel mode gre command are responsible for the choice of the network protocol.

Let’s turn to our scheme again and configure a GRE tunnel between the two routers so that IPv4 could work above it, whereas the tunnel itself was in the existing IPv6 network. The listing below shows configuration of tunnel interface of the R1 router. The R2 device is configured in the same way.

R1#sho run int tunnel 1
Building configuration...
Current configuration : 180 bytes
interface Tunnel1
ip address 192.168.0.1 255.255.255.252
tunnel source GigabitEthernet0/0
tunnel mode gre ipv6
tunnel destination 2001:DB8::2
tunnel path-mtu-discovery
end
R1#ping 192.168.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/87/120 ms

To date, it’s most likely that an administrator will face an opposite situation: it’ll be necessary to transmit IPv6 traffic above an IPv4 network. In this case the configuration will be symmetrical: IPv4 and IPv6 settings just change places. It is worth mentioning that currently in GRE tunnels over IPv6 keepalive messages are not supported.

Besides the given tunnels, there’re several more rather widely spread types: 6to4, 6in4, 6rd, Teredo, ISATAP; however, describing them goes way beyond the scope of this article. Co-existence of IPv4 and IPv6 networks can go along one of three scenarios: use of different tunnels mentioned above; in the dual stack mode when all devices support both versions of IP; or with the help of translations like NAT-PT.

Virtual routing and forwarding (VRF)

One more issue we’d like to discuss in this brief review of IPv6 is VRF. In a multi-protocol medium, VRF is configured slightly differently – without specifying the key ip in the beginning. Here the address-family approach that we saw in configuring BGP is also used. The key word for creating VRF is definition.

R1#conf t
R1(config)#vrf definition test
R1(config-vrf)#rd 1:1
VPN Routing/Forwarding instance configuration commands:
address-family Enter Address Family command mode
default Set a command to its defaults
description VRF specific description
exit Exit from VRF configuration mode
no Negate a command or set its defaults
rd Specify Route Distinguisher
route-target Specify Target VPN Extended Communities
vnet Virtual NETworking configuration
vpn Configure VPN ID as specified in rfc2685
R1(config-vrf)#address-family ?
ipv4 Address family
ipv6 Address family
R1(config-vrf)#address-family ipv6
R1(config-vrf-af)#?
IP VPN Routing/Forwarding instance configuration commands:
default Set a command to its defaults
exit-address-family Exit from vrf address-family configuration submode
export VRF export
import VRF import
inter-as-hybrid Inter AS hybrid mode
maximum Set a limit
mdt Backbone Multicast Distribution Tree
no Negate a command or set its defaults
protection Configure local repair
route-target Specify Target VPN Extended Communities
snmp Modify snmp parameters
R1(config-vrf-af)#^Z
R1#conf t
R1(config-if)#int loo 2
R1(config-if)#vrf forwarding test
R1(config-if)#^Z
R1#sho vrf
Name Default RD Protocols Interfaces
test 1:1 ipv6 Lo2

A routing protocol is added to VRF also with the help of the address-family option. It’s possible to add not only named processes to VRF, but numbered, too.

R1#sho run | sec router
router eigrp test
address-family ipv6 unicast vrf test autonomous-system 1
topology base
exit-af-topology
eigrp router-id 1.1.1.1
exit-address-family
R1#sho run int gi0/0
interface GigabitEthernet0/0
vrf forwarding test
no ip address
media-type gbic
speed 1000
duplex full
negotiation auto
ipv6 address 2001:DB8::1/64
end
R1#sho ipv route vrf test
IPv6 Routing Table - test - 4 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP
C 2001:DB8::/64 [0/0]
via GigabitEthernet0/0, directly connected
L 2001:DB8::1/128 [0/0]
via GigabitEthernet0/0, receive
D 2001:DB8:2::/64 [90/2570240]
via FE80::C80E:21FF:FEE4:8, GigabitEthernet0/0
L FF00::/8 [0/0]
via Null0, receive
R1#sho eigrp address-family ipv6 vrf test neighbors
EIGRP-IPv6 VR(test) Address-Family Neighbors for AS(1)
VRF()
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 Link-local address: Gi0/0 10 00:01:53 56 336 0 3
FE80::C80E:21FF:FEE4:8

Conclusion

Completing this introductory bit, we’d like to note the following.

  1. It’s got more difficult for administrators to memorize their network addressing
  2. One has to get the hang of loooong notations of networks/hosts in IPv6
  3. One should get accustomed to and master automatic discovery and exploration of neighbors (routers and end-stations) and put up with no broadcast
  4. Node channel information is in the IP-address. ARP (and other protocols) is mostly redundant – EUI-64 is enough for detecting a host
  5. The devil is not as black as it is painted. IP is still IP – in principle everything is very similar, the change in transport doesn’t have any major effect on the principles of modern data transferring networks
  6. In the majority of situations, NAT/PAT network addresses translation – rather a resource-intensive operation – is not necessary in IPv6
  7. In a network, it’s possible that several hosts have identical valid routable IPv6 addresses. This is so called anycast. One should also get used to the fact that on a router different interfaces there can be addresses from the same subnet of unroutable link-local interfaces
  8. One can either make a gradual move from IPv4 to IPv6 or support both protocols for some time needed for a global move to IPv6
  9. Cisco and other network equipment vendors have long been ready to move to IPv6. Now it administrators’ turn.

Add comment


Security code
Refresh

Found a typo? Please select it and press Ctrl + Enter.