Network 101: IPv6

Showing posts with label IPv6. Show all posts

Friday, February 4, 2011

NAT-PT Dynamic

Sample configuration
Based on previous network diagram
http://network-101.blogspot.com/2011/02/nat-pt.html

NAT-PT Configuration section

ipv6 nat v4v6 source 1.1.1.1 777::1
ipv6 nat v4v6 source 2.2.2.1 777::2

ipv6 nat v6v4 source list pt-list pool v4pool

ipv6 nat v6v4 source 2002::1 125.249.1.10

ipv6 nat v6v4 pool v4pool 125.249.1.100 125.249.1.150 prefix-length 24

ipv6 nat prefix 777::/96
!
ipv6 access-list pt-list
permit ipv6 3001::/64 any

Verify Configration

R1#ping 777::1 source lo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 777::1, timeout is 2 seconds:

Packet sent with a source address of 3001::1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 52/69/108 ms

R3#ping 125.249.1.100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 125.249.1.100, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 44/72/104 ms

Thursday, February 3, 2011

NAT-PT

Sample Configuration of NAT-PT

Configuration

Download

http://ge.tt/4gnGkNu

R2
interface FastEthernet0/0
no ip address
ipv6 address 2002::2/64
ipv6 nat
ipv6 ospf 1 area 0
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ipv6 nat
!
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
ipv6 router ospf 1
router-id 2.2.2.2
log-adjacency-changes
redistribute connected
!
ipv6 nat v4v6 source 1.1.1.1 777::1
ipv6 nat v4v6 source 2.2.2.1 777::2
ipv6 nat v4v6 source 192.168.1.2 777::1:2
ipv6 nat v6v4 source 2002::1 10.12.1.1
ipv6 nat v6v4 source 3001::1 10.12.2.1
ipv6 nat v6v4 source 4001::1 10.12.2.2
ipv6 nat prefix 777::/96
!

Checking Interface address

IPv4

R2#sh ip int brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 unassigned YES unset up up

FastEthernet0/1 192.168.1.1 YES manual up up

NVI0 192.168.1.1 YES unset up up

IPv6

R2#sh ipv6 int brief

FastEthernet0/0 [up/up]

FE80::C001:11FF:FEFC:0

2002::2

FastEthernet0/1 [up/up]

FE80::C001:11FF:FEFC:1

NVI0 [up/up]

FE80::C001:11FF:FEFC:0

unnumbered (FastEthernet0/0)

Routing table

R2#sh ipv6 route

IPv6 Routing Table - 6 entries

Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP

U - Per-user Static route, M - MIPv6

I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary

O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2

ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2

D - EIGRP, EX - EIGRP external

C 777::/96 [0/0]

via ::, NVI0

C 2002::/64 [0/0]

via ::, FastEthernet0/0

L 2002::2/128 [0/0]

via ::, FastEthernet0/0

O 3001::1/128 [110/10]

via FE80::C000:11FF:FEFC:0, FastEthernet0/0

O 4001::1/128 [110/10]

via FE80::C000:11FF:FEFC:0, FastEthernet0/0

L FF00::/8 [0/0]

via ::, Null0

Verify Configuration

R1#ping 777::1 source lo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 777::1, timeout is 2 seconds:

Packet sent with a source address of 3001::1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 168/245/352 ms

R3#ping 10.12.2.1 source lo0 repeat 5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.12.2.1, timeout is 2 seconds:

Packet sent with a source address of 1.1.1.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 196/292/384 ms

Troubleshooting

Useful command
show ipv6 nat translation
show ipv6 nat statistics
debug ipv6 nat
debug ipv6 nat detail

Tuesday, January 18, 2011

IPv6 OSPF Configuration

OSPF IPv6 configuration example

Tasks :
- Set up IPv6 according to the diagram
- Configure Area 10 as a nssa
- Redistribute network 1111::/64 into ospf area.
- Configure Area 2 as a standard OSPF area
- Verify that R4 has 1111::/64 in its database type 5 advertised from R2
- Verify that R3 has 1111::/64 in its database type 7

Configuration
****Download Here  *****

Verify
R4 has 1111::/64 in its database type 5 advertised from R2

R4#sh ipv6 ospf database

   OSPFv3 Router with ID (4.4.4.4) (Process ID 1)

<omitted>

   Type-5 AS External Link States

ADV Router Age Seq# Prefix
2.2.2.2 671 0x80000001 1111::/64
R4#

----------------------------------------------

Verify that R3 has 1111::/64 in its database type 7

R3#sh ipv6 ospf database

   OSPFv3 Router with ID (3.3.3.3) (Process ID 1)

   Type-7 AS External Link States (Area 10)

ADV Router Age Seq# Prefix
3.3.3.3 753 0x80000001 1111::/64

   Link (Type-8) Link States (Area 10)

ADV Router Age Seq# Link ID Interface
2.2.2.2 1021 0x80000002 5 Fa0/0
3.3.3.3 786 0x80000002 4 Fa0/0

   Intra Area Prefix Link States (Area 10)

ADV Router Age Seq# Link ID Ref-lstype Ref-LSID
3.3.3.3 781 0x80000001 4096 0x2002 4

Sunday, January 9, 2011

Automatic IPv6 Tunnel 6to4

Automatic IPv6 Tunnel

This tunnel mode allows connecting IPv6 clouds with IPv4 network in the middle. Automatic IPv6 tunnel is point-to-multipoint nature. It automatically determines the destination address by using the combination between IPv6 prefix and border router IPv4 address.

The example is in the diagram below. The IPv6 prefix in this case is 2002::/48. Border router ip address is converted to hexadecimal number in order to serve this purpose. C0:A8:0101 is a hexadecimal version of 192.168.1.1. Therefore, when combining the IPv6 prefix and the router address, the tunnel address will be 2002:C0A8:0101::/48. Using tunnel mode ipv6v4 6to4 to enable automatic ipv6 tunnel.

Note: Automatic Tunnel 6to4 does not require the destination address for the tunnel interface

Example

Establish the 6to4 tunnel betwee R1 and R2 and configure the IGP to allow 2 separated IPv6 network to talk to each other. The configurations are as followings.

interface Tunnel0

no ip address

no ip redirects

ipv6 address 2002:C0A8:0101::1/40
// adjust ipv6 mask a bit in order to have both ipv6 address in the same network

tunnel source FastEthernet0/0

tunnel mode ipv6ip 6to4

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

duplex auto

speed auto

ipv6 route 3001::/64 2002:C0A8:102::2

interface Tunnel0

no ip address

no ip redirects

ipv6 address 2002:C0A8:0102::2/40

tunnel source FastEthernet0/0

tunnel mode ipv6ip 6to4

interface FastEthernet0/0

ip address 192.168.1.2 255.255.255.0

duplex auto

speed auto

ipv6 route 2001::/64 2002:C0A8:101::1

Verify configuration

R2#sh ipv6 route

IPv6 Routing Table - 6 entries

Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP

U - Per-user Static route, M - MIPv6

I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary

O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2

ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2

D - EIGRP, EX - EIGRP external

S 2001::/64 [1/0]

via 2002:C0A8:101::1

C 2002:C0A8:100::/40 [0/0]

via ::, Tunnel0

L 2002:C0A8:102::2/128 [0/0]

via ::, Tunnel0

C 3001::/64 [0/0]

via ::, Loopback0

L 3001::1/128 [0/0]

via ::, Loopback0

L FF00::/8 [0/0]

via ::, Null0

R2#

R2#ping 2001::1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001::1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 168/221/248 ms

R2#

R1#ping 3001::1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3001::1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 152/208/256 ms

R1#

Reference
http://www.cisco.com/image/gif/paws/45741/6bone_tc_1.pdf

BGP IPv6

Basic Configuration for BGP IPv6

IPv6 configuration for BGP is similar to IPv4. However, additional command are needed to establish the neighbor relationship between routers. We use address family ipv6 and neighbor activate command to activate neighbor in BGP ipv6.

Example

R1 and R2 are the eBGP peer and the link between R1 and R2 is in 2001::/64 network. R1 advertised its loopback networks (2002::0/64 and 2003::/64) to R2. Followings are the configurations of R1 and R2.

ipv6 unicast-routing
// enable IPv6 routing

router bgp 100

no synchronization

bgp router-id 1.1.1.1

bgp log-neighbor-changes

neighbor 2222::1 remote-as 200

neighbor 2222::1 ebgp-multihop 2

neighbor 2222::1 update-source Loopback0

no auto-summary

address-family ipv6

neighbor 2222::1 activate

network 2002::/64

network 2003::/64

exit-address-family

ipv6 unicast-routing

router bgp 200

no synchronization

bgp router-id 2.2.2.2

bgp log-neighbor-changes

neighbor 2111::1 remote-as 100

neighbor 2111::1 ebgp-multihop 2

neighbor 2111::1 update-source Loopback0

no auto-summary

address-family ipv6

neighbor 2111::1 activate

// if route-map is needed, put route-map command under ipv6 address family

exit-address-family

Verify configuration

R2#sh ip bgp summary

BGP router identifier 2.2.2.2, local AS number 200

BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

2111::1 4 100 8 7 1 0 0 00:03:39 0

R2#sh ipv6 route

IPv6 Routing Table - 8 entries

Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP

U - Per-user Static route, M - MIPv6

I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary

O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2

ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2

D - EIGRP, EX - EIGRP external

C 2001::/64 [0/0]

via ::, FastEthernet0/0

L 2001::2/128 [0/0]

via ::, FastEthernet0/0

B 2002::/64 [20/0]

via 2111::1

B 2003::/64 [20/0]

via 2111::1

S 2111::1/128 [1/0]

via 2001::1

C 2222::/64 [0/0]

via ::, Loopback0

L 2222::1/128 [0/0]

via ::, Loopback0

L FF00::/8 [0/0]

via ::, Null0

R2#

R2#ping 2002::1 source lo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2002::1, timeout is 2 seconds:

Packet sent with a source address of 2222::1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/27/72 ms

R2#

Pages

Friday, February 4, 2011

NAT-PT Dynamic

Thursday, February 3, 2011

NAT-PT

Tuesday, January 18, 2011

IPv6 OSPF Configuration

Sunday, January 9, 2011

Automatic IPv6 Tunnel 6to4

BGP IPv6