Going for the lab we need both speed and skills. I made a simple IPv6 frame-relay lab that should test your speed. Time yourself and post your time to configure in the comments. Just by looking at the time I could probably tell if you are typing manually or not. This is the scenario.
Routers R1, R2, R3 and R4 are connected to a frame-relay cloud. They are all spokes connecting to the hub R5. R1 has a DLCI 105 to R5 which is 501 from R5 POV. R2 has a DLCI that is 205 and 502 from R5 POV and so on. This is the task.
Configure all devices with a global address of 2001:1:0:1234::Y where Y is the device number.
Configure static mappings on all devices.
All devices should be able to ping each other.
Download the .net from here and then edit for your IOS version and working dir etc.
I didn’t time myself but I think I could do it in less than 2 minutes for sure. Later I will post some tips on how to improve speed.
This post will look at IPv6 over frame-relay and describe some of the small things
that differ compared to IPv4 and some gotchas.
We start out with the same topology as in my previous frame-relay post.
We configure routers R1, R2 and R3 to be in the subnet 2001:CC1E:1:1::/64.
Remember that the pool of global IPv6 unicast addresses comes from 2000::/3
which means that all today legit IPv6 addresses will start with a 2 or a 3.
I won’t say much about this config as this should be known to you if you read
my previous post on frame relay. We are using a physical interface so all DLCI’s
will be available to us. The first thing to notice about IPv6 over frame relay is that
there is no inverse ARP. This means that we need static mappings or the
frame-relay interface-dlci command on point-to-point interfaces.
We configure R2 and to mix things up a bit we use a point-to-point interface.
Since this is a point-to-point interface there is no need for static mappings.
R3 will use a multipoint interface but not the physical interface. We will use a
When we use IPv6 we always have a link-local address assigned to all IPv6 enbabled
interfaces. This can be seen with the show ipv6 interface brief command.
The link-local address is calculated based on the MAC address.
Our link-local address is based on the first MAC of this output. We want to use
an easier to remember address so we set the link local address to FE80::1 and
then the same on R2 and R3 but with ::2 and ::3.
Now it is time to do some routing. We start out with BGP. Knowing BGP is of
course a must when you are studying for the CCIE and the difference between
IPv4 and IPv6 is not that great. We need networks to announce so we create
some loopbacks on the routers.
Don’t you just love being able to have IP addresses with CCIE in them?
Time to setup BGP. We will be using AS 100 for R1 and R2. R3 will be in AS 300.
Notice that we need to set a router-ID because we have no IPv6 addresses
configured on the routers.
The session comes up and we receive one prefix.
Lets see if we have reachability.
Indeed we do, now lets setup peering between R1 and R3.
Now lets look at the BGP table on R1.
We can see R3′s loopback, nothing weird, yet…We have a next-hop of
2001:CC1E:1:1::3 which is expected. Now look at the show ipv6 route bgp
The route to 2001:CC1E:12:1::/64 has been resolved to a next-hop of FE80::3.
Do we have reachability to this network?
No, we don’t. We don’t have a mapping for the link-local address. Debug frame-relay
packet should confirm this.
Indeed, there is no mapping. Lets configure this.
Success, but the question still is why do we have a link-local next-hop for
R3′s loopback interface? RFC 2545 – Use of BGP-4 Multiprotocol extensions
for IPv6 Inter-Domain Routing gives us a hint.
We must announce the global next-hop and potentially a link-local one.
If the BGP peers share a common subnet the link-local address shall be included.
Why doesn’t the route to R2′s loopback have a link-local next-hop?
Once again, RFC 2545 gives us the answer.
If announcing to an internal peer, we may modify the next-hop by removing the
link-local address. R1 and R2 are in the same AS so they are internal peers.
Now we have seen how BGP works, what about IGPs? Lets try to configure
OSPF between R1 and R2.
The peering won’t be successful, why? We turn off the route-cache and debug IPv6 packets.
Let’s try a ping to FF02::5 which is the destination address of IPv6 OSPF packets.
No success, we can see that the packets are source from FE80::2 which must
be mapped. Also, we must have broadcast capability on one PVC, does it matter
which one? This is output from debug frame-relay packet when doing a ping to FF02::5
This shows us clearly that we have no broadcast capability. Lets look at what
frame-relay mappings we have, R2 is point-to-point only so no need for mappings there.
We don’t have a mapping for R2′s link-local address. We will need that and we
will also need broadcast capability for the PVC. To prove that we can add the
brodcast capability by configuring a map for the global address I will configure that.
Can we ping FF02::5 now?
Looking much better now. However, there is still no OSPF peering, why?
We have a mismatch in the network types. We will set both sides to broadcast.
And finally we have a working peering.
I hope this post has cleared some misconceptions about IPv6 over frame relay.
If you have any questions please post them in the comments section.
You can find the final configs for this lab here. You can find the topology for GNS3
in my earlier post on frame-relay.
- Addresses are 128 bits long
- Separated with colons every 16 bits
- Address separated in prefix and interface id, most common is /64
- Leading zeroes can be omitted from address and double colon may be used to represent Successive zeroes, may only be used once
- Unicast, multicast and anycast, doesn’t use broadcast
Currently addresses from 2000::/3 are being handed out (1/8 of total space)
Only used on links (link-local), addresses from FE80::/10 span.
Interface addresses and routing
To enable routing use ipv6 unicast-routing
Enable IP addresses with ipv6 address and then the prefix with slash notation, note that
several IPv6 addresses can be present on an interface. Compare this to IPv4 where only one
address can be active and the other addresses are secondary.
Multicast replaces broadcast in IPv6. Multicast addresses are always a destination, not a source. DHCP uses multicast instead of broadcast in IPv6. FF00::/8 is reserverd for multicast. Of the first 16 bits in a multicast address the first eight are always FF. The next four bits define the lifetime, where 0000 is permanent and 0001 is temporary. The four bits after that define the scope, these are the options:
Well known multicast addresses
FF02::1 All hosts
FF02::2 All routers
FF02::5 OSPFv3 routers
FF02::6 OSPFv3 designated routers
FF02::A EIGRP routers
FF02::D PIM routers
IP address that is used on multiple hosts/routers. Routing will decide which one is the closest and that one will reply. Anycast addresses should not be used as a source address. To define an interface as anycast, use the anycast keyword when configuring the IP address.
The unspecified address is ::. This address is used as a source when the client hasn’t got
an address yet. May not be used as a destination.
Autoconfiguration can be stateful or stateless. Statefull autoconfiguration uses DHCP
to provide the IP address. Stateless uses the local routers to tell the hosts what prefix
to used. The hosts can then append a 64 bit interface identifer through EUI-64 or other means.
Used to derive an interface ID. With Ethernet this is based on the MAC-address. The MAC address is 48 bits long and the interface ID is 64 bits long which means padding has to be done. The prefix FFFE is inserted in the middle of the MAC address. Also, the U/L bit (bit seven) has to be set to one to indicated that this is a locally administered address.
Functions of neighbor discovery
- Stateless autoconfiguration
- Duplicate address detection (DAD)
- Router discovery
- Prefix discovery
- Neighbor discovery
- Neighbor address resolution (replaces ARP)
Types of ND messages
Router advertisements (RA) – Sent by routers to announce their presence, sent to FF02::1 (all hosts).
Router solicitation (RS) – Hosts query for routers on local link. Sent to FF02::2 (all routers).
Neighbor solicitation (NS) – Hosts query for other nodes link layer addresses. Used for DAD
and to verify neighbor reachability.
Neighbor advertisement (NA) – Sent in response to NS messages and also sent periodically to provide information to neighbors.
Redirect – Sent to inform host of better next-hop routers.
To find out the link-layer address of a host NS is used. The message is sent to the other nodes solicited multicast address.
Router advertisements are sent very 200 seconds by default. To suppress them use the ipv6 nd suppress-ra command.
When hosts boot they can send a RS to find a router instead of waiting for the next RA coming in (could take up to 200 seconds).
Hosts sends NS message to solicited node multicast address of local IP to ensure that the IP is unique which it should be if assigned through EUI-64. The message is sent with the unspecified :: address as a source. There should be no reply unless there is a IP address conflict.
IPv6 access lists
At the end there is an implicit permit for ND traffic or else it would not be possible to resolve layer two addresses. To override this behaviour deny statements are needed. The command syntax is ipv6 traffic-filter instead of access-group.