6VPE (IPv6 VPN Provider Edge Router)
December 18, 2012 3 Comments
6VPE is an easy solution to connect IPv6 customers through an existing stable IPv4 MPLS infrastructure.
All clients have to do is to connect to a Provider Edge (configured with IPv6 VRFs) using IPv6.
I hope this post will provide you with a brief and concise explanation about 6VPE.
Let’s start with a short animation resuming the 6VPE forwarding process:
Following the main configuration steps.
Lab topology
Core IGP
For the sake of backbone stability, we need to configure the Core IGP (OSPF) to use loopback interfaces (always UP/UP) on all P and PE routers. {2.2.2.2, 3.3.3.3, 4.4.4.4}
22.2.2.2, 33.3.3.3, 44.4.4.4 loopback interfaces are used for MPLS router-id and need to be advertised through Core OSPF.
22.22.2.2, 44.4.4.4 loopback interfaces are used for MP-iBGP neighbor relationships and need to be advertised through Core OSPF.
By default OSPF will not advertise a 32-bit loopback mask. We need to configure the interface to be an OSPF network type point-to-point. For more details refer to this post…
6VPE2
interface Loopback0 ip address 4.4.4.4 255.255.255.255 ! ! interface Loopback2 ip address 44.4.4.4 255.255.255.0 ! ! interface Loopback3 ip address 44.44.4.4 255.255.255.255 ip ospf network point-to-point ! router ospf 234 router-id 4.4.4.4 network 44.4.4.4 0.0.0.0 area 0 network 44.44.4.4 0.0.0.0 area 0 network 192.0.0.0 0.255.255.255 area 0 |
Core
interface Loopback0 ip address 3.3.3.3 255.255.255.255 ! router ospf 234 router-id 3.3.3.3 network 33.3.3.3 0.0.0.0 area 0 network 192.0.0.0 0.255.255.255 area 0 |
6VPE1
interface Loopback0 ip address 2.2.2.2 255.255.255.255 ! ! interface Loopback2 ip address 22.2.2.2 255.255.255.255 ! ! interface Loopback3 ip address 22.22.2.2 255.255.255.255 ip ospf network point-to-point ! mpls ldp router-id Loopback2 force ! router ospf 234 router-id 2.2.2.2 network 22.2.2.2 0.0.0.0 area 0 network 22.22.2.2 0.0.0.0 area 0 network 192.0.0.0 0.255.255.255 area 0 |
MPLS-LDP
MPLS-LDP establishes back-to-back sessions for label exchange in the control plane and label swapping in the forwarding plane.
Just configure MPLS LDP the appropriate interfaces and force a loopback interface for MPLS LDP router-id.
Core
interface FastEthernet0/0 ip address 192.168.23.3 255.255.255.0 mpls label protocol ldp mpls ip ! interface FastEthernet0/1 ip address 192.168.34.3 255.255.255.0 mpls label protocol ldp mpls ip ! mpls ldp router-id Loopback2 force |
6VPE1
interface FastEthernet1/0 ip address 192.168.23.2 255.255.255.0 mpls label protocol ldp mpls ip ! mpls ldp router-id Loopback2 force |
6VPE2
interface FastEthernet1/0 ip address 192.168.34.4 255.255.255.0 mpls label protocol ldp mpls ip ! mpls ldp router-id Loopback2 force |
Provider Edge VRFs
Make sure IPv6 routing and IPv6 CEF are enabled.
6VPE1
vrf definition west-c1 rd 100:100 ! address-family ipv6 route-target export 100:100 route-target import 100:100 exit-address-family |
interface FastEthernet0/0 vrf forwarding west-c1 ipv6 address FE80::12:2 link-local ipv6 address 2001:DB8:12::2/64 |
router bgp 65234 no synchronization bgp router-id 22.2.2.2 bgp log-neighbor-changes ! address-family ipv6 vrf west-c1 redistribute connected no synchronization neighbor 2001:DB8:12::1 remote-as 65010 neighbor 2001:DB8:12::1 activate exit-address-family |
West6
router bgp 65010 bgp router-id 1.1.1.1 bgp log-neighbor-changes neighbor 2001:DB8:12::2 remote-as 65234 ! address-family ipv6 neighbor 2001:DB8:12::2 activate network 2001:DB8:10::/64 network 2001:DB8:12::/64 exit-address-family |
6VPE2
vrf definition east-c1 rd 100:100 ! address-family ipv6 route-target export 100:100 route-target import 100:100 exit-address-family |
interface FastEthernet0/0 vrf forwarding east-c1 ipv6 address FE80::45:4 link-local ipv6 address 2001:DB8:45::4/64 |
router bgp 65234 no synchronization bgp router-id 44.4.4.4 bgp log-neighbor-changes ! address-family ipv6 vrf east-c1 redistribute connected no synchronization neighbor 2001:DB8:45::5 remote-as 65050 neighbor 2001:DB8:45::5 activate exit-address-family |
Note: With BGP used as customer protocol redistribution is not needed between PE-CE routing protocol (BGP) and MP-BGP
East6
router bgp 65050 bgp router-id 5.5.5.5 bgp log-neighbor-changes neighbor 2001:DB8:45::4 remote-as 65234 ! address-family ipv6 neighbor 2001:DB8:45::4 activate network 2001:DB8:45::/64 network 2001:DB8:50::/64 exit-address-family |
Provider Edge-to-Provider Edge VPNv6
To understand the difference between PE-PE and PE-CE interactions, think about the difference between a routing protocol and a routed protocol:
- BGP, OSPF, EIGRP, RIP are routing protocols.
- IPv4, IPv6, IPX, AppleTalk are routed protocol.
So routing protocols exchange routed protocol information. In our particular case:
- PE-CE routing protocol is BGP and PE-CE routed protocol is IPv6.
- PE-PE routing protocol is MP-BGP and PE-PE routed protocol is vpnv6.
- Core routing protocol is OSPF and the routed protocol is IPv4.
Vpnv4 = RD + VRF IPv4 prefix
Vpnv6 = RD + VRF IPv6 prefix
RD (Route Distinguisher) uniquely identifies the VRF on the PE and allows having multiple customer VPNs with overlapping address schemas.
RT is a BGP extended community attribute (need to be enabled) used to control the installation of exchanged routes between PEs into the correct VRF.
PE-PE (MP-BGP) updates containing MP_BGP_NLRI information:
vpnv4 + (BGP attributes+ RT extended attribute) + Label
VPNv6 route exchange (using MP-BGP)
MPLS network autonomous system 65234 transits traffic between customer autonomous systems 65010 and 65040.
In our case all MPLS routers (P and PE) belong to the same AS. Therefore we need to configure next-hop-self on each PE; otherwise customer prefixes will be visible in BGP table with unreachable next-hops.
Another solution is to enable MPLS IP on interfaces facing clients to include them in MPLS updates, then don’t forget to filter LDP(UDP 646),TDP(TCP 711) traffic with the clients .
6VPE1
router bgp 65234 no synchronization bgp router-id 22.2.2.2 neighbor 44.44.4.4 remote-as 65234 neighbor 44.44.4.4 update-source Loopback3 neighbor 44.44.4.4 next-hop-self no auto-summary |
The address-family vpnv4 is used to exchange customer IPv4 prefixes between PEs (through IPv4 core)
The address-family vpnv6 is used to exchange customer IPv6 prefixes between PEs (through IPv4 core)
router bgp 65234 address-family vpnv4 neighbor 44.44.4.4 activate neighbor 44.44.4.4 send-community extended exit-address-family ! address-family vpnv6 neighbor 44.44.4.4 activate neighbor 44.44.4.4 send-community extended exit-address-family |
6VPE2
router bgp 65234 no synchronization bgp router-id 44.4.4.4 neighbor 22.22.2.2 remote-as 65234 neighbor 22.22.2.2 update-source Loopback3 neighbor 22.22.2.2 next-hop-self no auto-summary |
router bgp 65234 address-family vpnv4 neighbor 22.22.2.2 activate neighbor 22.22.2.2 send-community extended exit-address-family ! address-family vpnv6 neighbor 22.22.2.2 activate neighbor 22.22.2.2 send-community extended exit-address-family |
And a small QUIZ to check the very basic
The offline lab provides you with more information about the network behavior and its states in different test cases.
An extensive range of commands is provided.
I hope you will find it useful. Suggestions and critics are welcome.