6PE: IPv6 over MPLS

6PE: IPv6 over MPLS

Cisco 6PE solution enables IPv6 domains to communicate with each other over MPLS IPv4 core network. MP-BGP in the IPv4 network is used to exchange IPv6 reachability information along with a label for each IPv6 prefix announced. 6PE routers are dual-stack routers i.e. running IPv6 with the customers and IPv4 in the core.

The MP-BGP AFI used is IPv6 (value 2). This way the 6PE routers convey their IPv4 address as the BGP next-hop for the advertised IPv6 prefixes. The IPv4 address of the egress 6PE router is encoded as an IPv4-mapped IPv6 address (::FFFF:<IPv4 address of BGP next-hop>) in the BGP next-hop field. In addition, the ingress 6PE router binds a label to the IPv6 prefix. The SAFI used in MP-BGP is "label" (value 4).

The label binding is piggybacked along the prefix information in the MP_REACH_NLRI attribute. The fact that this attribute contains a label is indicated by SAFI value 4. The NLRI for labeled IPv6 routes contains one or more triple (TLV) <Length, Label, Prefix>. These are-

Length: The length of the Label plus prefix

Label: In 6PE, this field carries one label where

Label value: 20 high-order bits containing the actual label

Unused: 3 bits set to 0

Bottom of Stack (BoS): 1 low-order bit

Prefix: IPv6 prefix of destination

The IPv4-mapped IPv6 addresses allow a 6PE router that has to forward an IPv6 packet to automatically determine the IPv4-enabled LSP to use for a particular IPv6 destination by looking at the MP-BGP routing information.

The IPv4-enabled LSPs can be established using LDP or RSVP-TE.

When IPv6 packets are tunneled through IPv4 core network, the ingress 6PE router directly performs label imposition on the IPv6 header. The ingress 6PE router first imposes an inner label advertised by egress 6PE using MP-BGP. This label indicates to the egress 6PE router that the packet is an IPv6 packet. The ingress 6PE router also imposes an outer label which corresponds to the IPv4-signaled LSP starting on the ingress 6PE router and ending on the egress 6PE router.

Network topology:

The two IPv6 domains are connected through an MPLS IPv4 network. The CE routers are connected to the PE routers using an IPv6 address.

IP Address configuration:

CE IP Address configuration

CE1 router:
ipv6 unicast-routing
ipv6 cef
!
interface Loopback 0
 ipv6 address CAFE:1::1/64
!
interface serial 0/0
 description To 6PE1 Router
 ipv6 address 2001:1::1/124
!
CE2 router:
ipv6 unicast-routing
ipv6 cef
!
interface Loopback 0
 ipv6 address CAFE:2::1/64
!
interface serial 0/0
 description To 6PE2 Router
 ipv6 address 2001:2::1/124
!

6PE IP Address configuration

6PE1 router:
ipv6 unicast-routing
ipv6 cef
!
interface Loopback 0
 ip address 1.1.1.1 255.255.255.255
 ipv6 address ABCD:1::1/128
!
interface serial 0/0
 description To CE1 Router
 ipv6 address 2001:1::2/124
!
interface fastethernet 0/0
 description To P2 Router
 ip address 10.1.1.1 255.255.255.252
!
6PE2 router:
ipv6 unicast-routing
ipv6 cef
!
interface Loopback 0
 ip address 2.2.2.2 255.255.255.255
 ipv6 address ABCD:1::2/128
!
interface serial 0/0
 description To CE2 Router
 ipv6 address 2001:2::2/64
!

eBGP connection between CE & 6PE routers:

There is an eBGP connection between CE & 6PE routers. CE1 is in BGP AS 65001 while CE2 is in BGP AS 65002. MPLS core uses BGP AS 100.

eBGP configuration on CE1 & CE2

CE1 router:
router bgp 65001
 bgp router-id 10.210.0.1                    ! BGP uses 32-bit Router ID.
 neighbor 2001:1::2 remote-as 100
 neighbor 2001:1::2 description 6PE1 neighbor
 !
 address-family ipv6
 neighbor 2001:1::2 activate
 network CAFE:1::/64
 exit-address-family
!
CE2 router:
router bgp 65002
 bgp router-id 10.210.0.2
 neighbor 2001:2::2 remote-as 100
 neighbor 2001:2::2 description 6PE2 neighbor
 !
 address-family ipv6
 neighbor 2001:2::2 activate
 network CAFE:2::/64
 exit-address-family
!

Route-reflector (RR) configuration:

RR router is acting as a route-reflector. 6PE1 & 6PE2 routers are clients of this BGP RR.

BGP RR configuration

mpls label protocol ldp
mpls ldp router-id Loopback 0 force
mpls ipv6 source-interface Loopback 0
!
interface Loopback 0
 ip address 3.3.3.3 255.255.255.255
 ipv6 address ABCD:1::3/128
!
router bgp 100
 neighbor 1.1.1.1 remote-as 100
 neighbor 1.1.1.1 update-source Loopback 0
 neighbor 2.2.2.2 remote-as 100
 neighbor 2.2.2.2 update-source Loopback 0
 !
 address-family ipv6
 neighbor 1.1.1.1 activate
 neighbor 1.1.1.1 send-label
 neighbor 1.1.1.1 route-reflector-client
 neighbor 2.2.2.2 activate
 neighbor 2.2.2.2 send-label
 neighbor 2.2.2.2 route-reflector-client
 exit-address-family
!

The 2 Magic commands:

The 6PE solution requires two new commands on 6PE routers.

1) The BGP configuration command neighbor <ip-address> send-label enables binding & advertisement of aggregate labels when advertising IPv6 prefixes in BGP.

2) The Global configuration command mpls ipv6 source-interface <interface> specifies the interface from which to inherit IPv6 addresses for locally generated packets.

MPLS & BGP on 6PE1

mpls label protocol ldp
mpls ldp router-id Loopback 0 force
mpls ipv6 source-interface Loopback 0
!
router bgp 100
 neighbor 2001:1::1 remote-as 65001
 neighbor 2001:1::1 description CE1 eBGP neighbor
 neighbor 3.3.3.3 remote-as 100
 neighbor 3.3.3.3 update-source Loopback 0
 neighbor 3.3.3.3 description RR iBGP neighbor
 !
 address-family ipv6
 neighbor 2001:1::1 activate
 neighbor 3.3.3.3 activate
 neighbor 3.3.3.3 send-label
 redistribute connected
 exit-address-family
!

MPLS & BGP on 6PE2

mpls label protocol ldp
mpls ldp router-id Loopback 0 force
mpls ipv6 source-interface Loopback 0
!
router bgp 100
 neighbor 2001:2::1 remote-as 65002
 neighbor 2001:2::1 description CE2 eBGP neighbor
 neighbor 3.3.3.3 remote-as 100
 neighbor 3.3.3.3 update-source Loopback 0
 neighbor 3.3.3.3 description RR iBGP neighbor
 !
 address-family ipv6
 neighbor 2001:2::1 activate
 neighbor 3.3.3.3 activate
 neighbor 3.3.3.3 send-label
 redistribute connected
 exit-address-family
!

Verification:

When BGP sessions are formed, BGP negotiates the capabilities with its neighbors. For 6PE solution, BGP should negotiate AFI/SAFI = 2/4 which indicates the neighbor can advertise IPv6 prefix with labels. The Route-Reflector advertises the IPv6 prefixes learnt from 6PE2 router. The next-hop address for IPv6 prefixes advertised by 6PE2 router will be IPv4-mapped IPv6 address of the form ::FFFF:2.2.2.2

BGP Neighbor capabilities and IPv6 Prefixes advertisement

!-- BGP Capabilities negotiated with Route-Reflector 3.3.3.3
00:05:07.687: BGP: 3.3.3.3 OPEN has CAPABILITY code: 1, length 4
00:05:07.687: BGP: 3.3.3.3 OPEN has MP_EXT CAP for afi/safi: 1/1
00:05:07.691: BGP: 3.3.3.3 rcvd OPEN w/ optional parameter type 2 (Capability) len 6
00:05:07.691: BGP: 3.3.3.3 OPEN has CAPABILITY code: 1, length 4
00:05:07.691: BGP: 3.3.3.3 OPEN has MP_EXT CAP for afi/safi: 2/1
00:05:07.691: BGP: 3.3.3.3 rcvd OPEN w/ optional parameter type 2 (Capability) len 6
00:05:07.691: BGP: 3.3.3.3 OPEN has CAPABILITY code: 1, length 4
00:05:07.691: BGP: 3.3.3.3 OPEN has MP_EXT CAP for afi/safi: 2/4
00:05:07.695: BGP: 3.3.3.3 rcvd OPEN w/ optional parameter type 2 (Capability) len 2
00:05:07.695: BGP: 3.3.3.3 OPEN has CAPABILITY code: 128, length 0
00:05:07.695: BGP: 3.3.3.3 OPEN has ROUTE-REFRESH capability(old) for all address-families
00:05:07.695: BGP: 3.3.3.3 rcvd OPEN w/ optional parameter type 2 (Capability) len 2
00:05:07.699: BGP: 3.3.3.3 OPEN has CAPABILITY code: 2, length 0
00:05:07.699: BGP: 3.3.3.3 OPEN has ROUTE-REFRESH capability(new) for all address-families
!-- output omitted
!-- IPv6 prefixes advertised by remote 6PE2 router via Route-Reflector
00:05:08.855: BGP(1-lbl): resolving bestpath with tag 22 for network 2001:2::, nh ::FFFF:2.2.2.2
00:05:08.859: BGP(1-lbl): resolving bestpath with tag 19 for network ABCD::2, nh ::FFFF:2.2.2.2
00:05:08.859: BGP(1-lbl): resolving bestpath with tag 21 for network ABCD::3, nh ::FFFF:3.3.3.3
00:05:08.863: BGP(1-lbl): resolving bestpath with tag 23 for network CAFE:2::, nh ::FFFF:2.2.2.2
00:05:08.867: BGP(1-lbl): 3.3.3.3 allocate local label 25 for network CAFE:1::
6PE1# show bgp ipv6 unicast neighbors 3.3.3.3 | section Neighbor capabilities
  Neighbor capabilities:
    Route refresh: advertised and received(old & new)
    Address family IPv4 Unicast: advertised and received
    Address family IPv6 Unicast: advertised and received
    ipv6 MPLS Label capability: advertised and received

The show bgp ipv6 unicast command displays the IPv6 prefixes learnt via MP-BGP.

BGP IPv6 prefixes

6PE1# show bgp ipv6 unicast
BGP table version is 8, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*> 2001:1::/124     2001:1::1                0             0 65001 ?
*>i2001:2::/124     ::FFFF:2.2.2.2           0    100      0 65002 ?
*> ABCD::1/128      ::                       0         32768 i
*>iABCD::2/128      ::FFFF:2.2.2.2           0    100      0 i
*>iABCD::3/128      ::FFFF:3.3.3.3           0    100      0 i
*> CAFE:1::/64      2001:1::1                0             0 65001 ?
*>iCAFE:2::/64      ::FFFF:2.2.2.2           0    100      0 65002 i

The following output shows the labels imposed for IPv6 prefix CAFE:2::/64. Label 23 is advertised by remote 6PE2 router via MP-BGP. Label 17 is the IGP label to reach the next-hop address 2.2.2.2 i.e. 6PE2 router.

Labels imposed for IPv6 prefix CAFE:2::/64

6PE1# show bgp ipv6 unicast CAFE:2::/64
BGP routing table entry for CAFE:2::/64, version 7
Paths: (1 available, best #1, table Global-IPv6-Table)
  Advertised to update-groups:
        1
  65002
    ::FFFF:2.2.2.2 (metric 4) from 3.3.3.3 (3.3.3.3)
      Origin IGP, metric 0, localpref 100, valid, internal, best
      Originator: 2.2.2.2, Cluster list: 3.3.3.3
      mpls labels in/out nolabel/23
6PE1# show ip cef 2.2.2.2
2.2.2.2/32, version 60, epoch 0, cached adjacency 10.1.1.2
0 packets, 0 bytes
  tag information set
    local tag: 18
    fast tag rewrite with Fa0/0, 10.1.1.2, tags imposed: {17}
  via 10.1.1.2, FastEthernet0/0, 0 dependencies
    next hop 10.1.1.2, FastEthernet0/0
    valid cached adjacency
    tag rewrite with Fa0/0, 10.1.1.2, tags imposed: {17}
6PE1#show ipv6 cef CAFE:2::/64
CAFE:2::/64
     nexthop ::FFFF:2.2.2.2
    fast tag rewrite with Fa0/0, 10.1.1.2, tags imposed: {17 23}

The following output shows the IPv6 prefix CAFE:2::/64 installed into IPv6 routing table of 6PE1 router. The next-hop is ::FFFF:2.2.2.2 which is the IPv4-mapped IPv6 address of remote 6PE2 router. When a packet arrives on the router for destination IPv6 prefix, a recursive lookup is done on the next-hop and outgoing labels are found.

IPv6 routing table

6PE1#show ipv6 route CAFE:2::/64
IPv6 Routing Table - 9 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
       U - Per-user Static route, M - MIPv6
       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
       O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       D - EIGRP, EX - EIGRP external
B   CAFE:2::/64 [200/0]
     via ::FFFF:2.2.2.2, IPv6-mpls

The following packet capture indicates an ICMPv6 Echo Request packet from CE1 to remote IPv6 prefix CAFE:2::/64 on CE2 router. It indicates the label imposed by 6PE1 router.