6VPE (IPv6 VPN Provider Edge Router)

December 18, 2012 3 Comments


6VPE is an easy solution to connect IPv6 customers through an existing stable IPv4 MPLS infrastructure.

All clients have to do is to connect to a Provider Edge (configured with IPv6 VRFs) using IPv6.

6VPE MPLS

I hope this post will provide you with a brief and concise explanation about 6VPE.

Let’s start with a short animation resuming the 6VPE forwarding process:

Following the main configuration steps.

Lab topology

6VPE lab topology

Core IGP

For the sake of backbone stability, we need to configure the Core IGP (OSPF) to use loopback interfaces (always UP/UP) on all P and PE routers. {2.2.2.2, 3.3.3.3, 4.4.4.4}

22.2.2.2, 33.3.3.3, 44.4.4.4 loopback interfaces are used for MPLS router-id and need to be advertised through Core OSPF.

22.22.2.2, 44.4.4.4 loopback interfaces are used for MP-iBGP neighbor relationships and need to be advertised through Core OSPF.

By default OSPF will not advertise a 32-bit loopback mask. We need to configure the interface to be an OSPF network type point-to-point. For more details refer to this post…

6VPE2

interface Loopback0
 ip address 4.4.4.4 255.255.255.255
 !
!
interface Loopback2
 ip address 44.4.4.4 255.255.255.0
 !
!
interface Loopback3
 ip address 44.44.4.4 255.255.255.255
 ip ospf network point-to-point
!
router ospf 234
 router-id 4.4.4.4
 network 44.4.4.4 0.0.0.0 area 0
 network 44.44.4.4 0.0.0.0 area 0
 network 192.0.0.0 0.255.255.255 area 0

Core

interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
router ospf 234
 router-id 3.3.3.3
 network 33.3.3.3 0.0.0.0 area 0
 network 192.0.0.0 0.255.255.255 area 0

6VPE1

interface Loopback0
 ip address 2.2.2.2 255.255.255.255
 !
!
interface Loopback2
 ip address 22.2.2.2 255.255.255.255
 !
!
interface Loopback3
 ip address 22.22.2.2 255.255.255.255
 ip ospf network point-to-point
!
mpls ldp router-id Loopback2 force
!
router ospf 234
 router-id 2.2.2.2
 network 22.2.2.2 0.0.0.0 area 0
 network 22.22.2.2 0.0.0.0 area 0
 network 192.0.0.0 0.255.255.255 area 0

MPLS-LDP

MPLS-LDP establishes back-to-back sessions for label exchange in the control plane and label swapping in the forwarding plane.

Just configure MPLS LDP the appropriate interfaces and force a loopback interface for MPLS LDP router-id.

Core

interface FastEthernet0/0
 ip address 192.168.23.3 255.255.255.0
 mpls label protocol ldp
 mpls ip
!
interface FastEthernet0/1
 ip address 192.168.34.3 255.255.255.0
 mpls label protocol ldp
 mpls ip
!
mpls ldp router-id Loopback2 force

6VPE1

interface FastEthernet1/0
 ip address 192.168.23.2 255.255.255.0
 mpls label protocol ldp
 mpls ip
!
mpls ldp router-id Loopback2 force

6VPE2

interface FastEthernet1/0
 ip address 192.168.34.4 255.255.255.0
 mpls label protocol ldp
 mpls ip
!
mpls ldp router-id Loopback2 force

Provider Edge VRFs

Make sure IPv6 routing and IPv6 CEF are enabled.

6VPE1

vrf definition west-c1
 rd 100:100
 !
 address-family ipv6
 route-target export 100:100
 route-target import 100:100
 exit-address-family
interface FastEthernet0/0
 vrf forwarding west-c1
ipv6 address FE80::12:2 link-local
 ipv6 address 2001:DB8:12::2/64
router bgp 65234
 no synchronization
 bgp router-id 22.2.2.2
 bgp log-neighbor-changes
!
address-family ipv6 vrf west-c1
 redistribute connected
 no synchronization
 neighbor 2001:DB8:12::1 remote-as 65010
 neighbor 2001:DB8:12::1 activate
 exit-address-family

West6

router bgp 65010
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 neighbor 2001:DB8:12::2 remote-as 65234
 !
address-family ipv6
 neighbor 2001:DB8:12::2 activate
 network 2001:DB8:10::/64
 network 2001:DB8:12::/64
 exit-address-family

6VPE2

vrf definition east-c1
 rd 100:100
 !
 address-family ipv6
 route-target export 100:100
 route-target import 100:100
 exit-address-family
interface FastEthernet0/0
 vrf forwarding east-c1
 ipv6 address FE80::45:4 link-local
 ipv6 address 2001:DB8:45::4/64
router bgp 65234
 no synchronization
 bgp router-id 44.4.4.4
 bgp log-neighbor-changes
!
address-family ipv6 vrf east-c1
 redistribute connected
 no synchronization
 neighbor 2001:DB8:45::5 remote-as 65050
 neighbor 2001:DB8:45::5 activate
 exit-address-family

Note: With BGP used as customer protocol redistribution is not needed between PE-CE routing protocol (BGP) and MP-BGP

East6

router bgp 65050
 bgp router-id 5.5.5.5
 bgp log-neighbor-changes
 neighbor 2001:DB8:45::4 remote-as 65234
!
address-family ipv6
 neighbor 2001:DB8:45::4 activate
 network 2001:DB8:45::/64
 network 2001:DB8:50::/64
 exit-address-family

Provider Edge-to-Provider Edge VPNv6

To understand the difference between PE-PE and PE-CE interactions, think about the difference between a routing protocol and a routed protocol:

  • BGP, OSPF, EIGRP, RIP are routing protocols.
  • IPv4, IPv6, IPX, AppleTalk are routed protocol.

So routing protocols exchange routed protocol information. In our particular case:

  • PE-CE routing protocol is BGP and PE-CE routed protocol is IPv6.
  • PE-PE routing protocol is MP-BGP and PE-PE routed protocol is vpnv6.
  • Core routing protocol is OSPF and the routed protocol is IPv4.

Vpnv4 = RD + VRF IPv4 prefix

Vpnv6 = RD + VRF IPv6 prefix

RD (Route Distinguisher) uniquely identifies the VRF on the PE and allows having multiple customer VPNs with overlapping address schemas.

RT is a BGP extended community attribute (need to be enabled) used to control the installation of exchanged routes between PEs into the correct VRF.

PE-PE (MP-BGP) updates containing MP_BGP_NLRI information:

vpnv4 + (BGP attributes+ RT extended attribute) + Label

VPNv6 route exchange (using MP-BGP)

MPLS network autonomous system 65234 transits traffic between customer autonomous systems 65010 and 65040.

In our case all MPLS routers (P and PE) belong to the same AS. Therefore we need to configure next-hop-self on each PE; otherwise customer prefixes will be visible in BGP table with unreachable next-hops.

Another solution is to enable MPLS IP on interfaces facing clients to include them in MPLS updates, then don’t forget to filter LDP(UDP 646),TDP(TCP 711) traffic with the clients .

6VPE1

router bgp 65234
 no synchronization
 bgp router-id 22.2.2.2
 neighbor 44.44.4.4 remote-as 65234
 neighbor 44.44.4.4 update-source Loopback3
 neighbor 44.44.4.4 next-hop-self
 no auto-summary

The address-family vpnv4 is used to exchange customer IPv4 prefixes between PEs (through IPv4 core)

The address-family vpnv6 is used to exchange customer IPv6 prefixes between PEs (through IPv4 core)

router bgp 65234
address-family vpnv4
 neighbor 44.44.4.4 activate
 neighbor 44.44.4.4 send-community extended
 exit-address-family
 !
 address-family vpnv6
 neighbor 44.44.4.4 activate
 neighbor 44.44.4.4 send-community extended
 exit-address-family

6VPE2

router bgp 65234
 no synchronization
 bgp router-id 44.4.4.4
 neighbor 22.22.2.2 remote-as 65234
 neighbor 22.22.2.2 update-source Loopback3
 neighbor 22.22.2.2 next-hop-self
 no auto-summary
router bgp 65234
address-family vpnv4
 neighbor 22.22.2.2 activate
 neighbor 22.22.2.2 send-community extended
 exit-address-family
 !
 address-family vpnv6
 neighbor 22.22.2.2 activate
 neighbor 22.22.2.2 send-community extended
 exit-address-family

And a small QUIZ to check the very basic

The offline lab provides you with more information about the network behavior and its states in different test cases.

An extensive range of commands is provided.

I hope you will find it useful. Suggestions and critics are welcome.

Filed under Animation, BGP, IPv6, MPLS Tagged with , , , , ,