6VPE (IPv6 VPN Provider Edge Router)


6VPE is an easy solution to connect IPv6 customers through an existing stable IPv4 MPLS infrastructure.

All clients have to do is to connect to a Provider Edge (configured with IPv6 VRFs) using IPv6.

6VPE MPLS

I hope this post will provide you with a brief and concise explanation about 6VPE.

Let’s start with a short animation resuming the 6VPE forwarding process:

Following the main configuration steps.

Lab topology

6VPE lab topology

Core IGP

For the sake of backbone stability, we need to configure the Core IGP (OSPF) to use loopback interfaces (always UP/UP) on all P and PE routers. {2.2.2.2, 3.3.3.3, 4.4.4.4}

22.2.2.2, 33.3.3.3, 44.4.4.4 loopback interfaces are used for MPLS router-id and need to be advertised through Core OSPF.

22.22.2.2, 44.4.4.4 loopback interfaces are used for MP-iBGP neighbor relationships and need to be advertised through Core OSPF.

By default OSPF will not advertise a 32-bit loopback mask. We need to configure the interface to be an OSPF network type point-to-point. For more details refer to this post…

6VPE2

interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
!
interface Loopback2
ip address 44.4.4.4 255.255.255.0
!
!
interface Loopback3
ip address 44.44.4.4 255.255.255.255
ip ospf network point-to-point
!
router ospf 234
router-id 4.4.4.4
network 44.4.4.4 0.0.0.0 area 0
network 44.44.4.4 0.0.0.0 area 0
network 192.0.0.0 0.255.255.255 area 0

Core

interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
router ospf 234
router-id 3.3.3.3
network 33.3.3.3 0.0.0.0 area 0
network 192.0.0.0 0.255.255.255 area 0

6VPE1

interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
!
interface Loopback2
ip address 22.2.2.2 255.255.255.255
!
!
interface Loopback3
ip address 22.22.2.2 255.255.255.255
ip ospf network point-to-point
!
mpls ldp router-id Loopback2 force
!
router ospf 234
router-id 2.2.2.2
network 22.2.2.2 0.0.0.0 area 0
network 22.22.2.2 0.0.0.0 area 0
network 192.0.0.0 0.255.255.255 area 0

MPLS-LDP

MPLS-LDP establishes back-to-back sessions for label exchange in the control plane and label swapping in the forwarding plane.

Just configure MPLS LDP the appropriate interfaces and force a loopback interface for MPLS LDP router-id.

Core

interface FastEthernet0/0
ip address 192.168.23.3 255.255.255.0
mpls label protocol ldp
mpls ip
!
interface FastEthernet0/1
ip address 192.168.34.3 255.255.255.0
mpls label protocol ldp
mpls ip
!
mpls ldp router-id Loopback2 force

6VPE1

interface FastEthernet1/0
ip address 192.168.23.2 255.255.255.0
mpls label protocol ldp
mpls ip
!
mpls ldp router-id Loopback2 force

6VPE2

interface FastEthernet1/0
ip address 192.168.34.4 255.255.255.0
mpls label protocol ldp
mpls ip
!
mpls ldp router-id Loopback2 force

Provider Edge VRFs

Make sure IPv6 routing and IPv6 CEF are enabled.

6VPE1

vrf definition west-c1
rd 100:100
!
address-family ipv6
route-target export 100:100
route-target import 100:100
exit-address-family
interface FastEthernet0/0
vrf forwarding west-c1
ipv6 address FE80::12:2 link-local
ipv6 address 2001:DB8:12::2/64
router bgp 65234
no synchronization
bgp router-id 22.2.2.2
bgp log-neighbor-changes
!
address-family ipv6 vrf west-c1
redistribute connected
no synchronization
neighbor 2001:DB8:12::1 remote-as 65010
neighbor 2001:DB8:12::1 activate
exit-address-family

West6

router bgp 65010
bgp router-id 1.1.1.1
bgp log-neighbor-changes
neighbor 2001:DB8:12::2 remote-as 65234
!
address-family ipv6
neighbor 2001:DB8:12::2 activate
network 2001:DB8:10::/64
network 2001:DB8:12::/64
exit-address-family

6VPE2

vrf definition east-c1
rd 100:100
!
address-family ipv6
route-target export 100:100
route-target import 100:100
exit-address-family
interface FastEthernet0/0
vrf forwarding east-c1
ipv6 address FE80::45:4 link-local
ipv6 address 2001:DB8:45::4/64
router bgp 65234
no synchronization
bgp router-id 44.4.4.4
bgp log-neighbor-changes
!
address-family ipv6 vrf east-c1
redistribute connected
no synchronization
neighbor 2001:DB8:45::5 remote-as 65050
neighbor 2001:DB8:45::5 activate
exit-address-family

Note: With BGP used as customer protocol redistribution is not needed between PE-CE routing protocol (BGP) and MP-BGP

East6

router bgp 65050
bgp router-id 5.5.5.5
bgp log-neighbor-changes
neighbor 2001:DB8:45::4 remote-as 65234
!
address-family ipv6
neighbor 2001:DB8:45::4 activate
network 2001:DB8:45::/64
network 2001:DB8:50::/64
exit-address-family

Provider Edge-to-Provider Edge VPNv6

To understand the difference between PE-PE and PE-CE interactions, think about the difference between a routing protocol and a routed protocol:

  • BGP, OSPF, EIGRP, RIP are routing protocols.
  • IPv4, IPv6, IPX, AppleTalk are routed protocol.

So routing protocols exchange routed protocol information. In our particular case:

  • PE-CE routing protocol is BGP and PE-CE routed protocol is IPv6.
  • PE-PE routing protocol is MP-BGP and PE-PE routed protocol is vpnv6.
  • Core routing protocol is OSPF and the routed protocol is IPv4.

Vpnv4 = RD + VRF IPv4 prefix

Vpnv6 = RD + VRF IPv6 prefix

RD (Route Distinguisher) uniquely identifies the VRF on the PE and allows having multiple customer VPNs with overlapping address schemas.

RT is a BGP extended community attribute (need to be enabled) used to control the installation of exchanged routes between PEs into the correct VRF.

PE-PE (MP-BGP) updates containing MP_BGP_NLRI information:

vpnv4 + (BGP attributes+ RT extended attribute) + Label

VPNv6 route exchange (using MP-BGP)

MPLS network autonomous system 65234 transits traffic between customer autonomous systems 65010 and 65040.

In our case all MPLS routers (P and PE) belong to the same AS. Therefore we need to configure next-hop-self on each PE; otherwise customer prefixes will be visible in BGP table with unreachable next-hops.

Another solution is to enable MPLS IP on interfaces facing clients to include them in MPLS updates, then don’t forget to filter LDP(UDP 646),TDP(TCP 711) traffic with the clients .

6VPE1

router bgp 65234
no synchronization
bgp router-id 22.2.2.2
neighbor 44.44.4.4 remote-as 65234
neighbor 44.44.4.4 update-source Loopback3
neighbor 44.44.4.4 next-hop-self
no auto-summary

The address-family vpnv4 is used to exchange customer IPv4 prefixes between PEs (through IPv4 core)

The address-family vpnv6 is used to exchange customer IPv6 prefixes between PEs (through IPv4 core)

router bgp 65234
address-family vpnv4
neighbor 44.44.4.4 activate
neighbor 44.44.4.4 send-community extended
exit-address-family
!
address-family vpnv6
neighbor 44.44.4.4 activate
neighbor 44.44.4.4 send-community extended
exit-address-family

6VPE2

router bgp 65234
no synchronization
bgp router-id 44.4.4.4
neighbor 22.22.2.2 remote-as 65234
neighbor 22.22.2.2 update-source Loopback3
neighbor 22.22.2.2 next-hop-self
no auto-summary
router bgp 65234
address-family vpnv4
neighbor 22.22.2.2 activate
neighbor 22.22.2.2 send-community extended
exit-address-family
!
address-family vpnv6
neighbor 22.22.2.2 activate
neighbor 22.22.2.2 send-community extended
exit-address-family

And a small QUIZ to check the very basic

The offline lab provides you with more information about the network behavior and its states in different test cases.

An extensive range of commands is provided.

I hope you will find it useful. Suggestions and critics are welcome.

Advertisements

About ajnouri
Se vi deziras sekure komuniki eksterbloge, jen mia publika (GPG) ŝlosilo: My public key for secure communication: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x41CCDE1511DF0EB8

3 Responses to 6VPE (IPv6 VPN Provider Edge Router)

  1. eduardo1n says:

    thanks for this post, was really good. I knew how to do this on ipv4, however, I didn’t know the concept was very similar for IPv6. Thanks.

  2. Pingback: Mpls Provider Edge | MPLS

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: