6PE: IPv6 over MPLS
6PE: IPv6 over MPLS
Cisco 6PE solution enables IPv6 domains to communicate with each other over MPLS IPv4 core network. MP-BGP in the IPv4 network is used to exchange IPv6 reachability information along with a label for each IPv6 prefix announced. 6PE routers are dual-stack routers i.e. running IPv6 with the customers and IPv4 in the core.
The MP-BGP AFI used is IPv6 (value 2). This way the 6PE routers convey their IPv4 address as the BGP next-hop for the advertised IPv6 prefixes. The IPv4 address of the egress 6PE router is encoded as an IPv4-mapped IPv6 address (::FFFF:<IPv4 address of BGP next-hop>) in the BGP next-hop field. In addition, the ingress 6PE router binds a label to the IPv6 prefix. The SAFI used in MP-BGP is "label" (value 4).
The label binding is piggybacked along the prefix information in the MP_REACH_NLRI attribute. The fact that this attribute contains a label is indicated by SAFI value 4. The NLRI for labeled IPv6 routes contains one or more triple (TLV) <Length, Label, Prefix>. These are-
Length: The length of the Label plus prefix
Label: In 6PE, this field carries one label where
Label value: 20 high-order bits containing the actual label
Unused: 3 bits set to 0
Bottom of Stack (BoS): 1 low-order bit
Prefix: IPv6 prefix of destination
The IPv4-mapped IPv6 addresses allow a 6PE router that has to forward an IPv6 packet to automatically determine the IPv4-enabled LSP to use for a particular IPv6 destination by looking at the MP-BGP routing information.
The IPv4-enabled LSPs can be established using LDP or RSVP-TE.
When IPv6 packets are tunneled through IPv4 core network, the ingress 6PE router directly performs label imposition on the IPv6 header. The ingress 6PE router first imposes an inner label advertised by egress 6PE using MP-BGP. This label indicates to the egress 6PE router that the packet is an IPv6 packet. The ingress 6PE router also imposes an outer label which corresponds to the IPv4-signaled LSP starting on the ingress 6PE router and ending on the egress 6PE router.
Network topology:
The two IPv6 domains are connected through an MPLS IPv4 network. The CE routers are connected to the PE routers using an IPv6 address.
IP Address configuration:
CE IP Address configuration
CE1 router:
ipv6 unicast-routing
ipv6 cef
!
interface Loopback 0
ipv6 address CAFE:1::1/64
!
interface serial 0/0
description To 6PE1 Router
ipv6 address 2001:1::1/124
!
CE2 router:
ipv6 unicast-routing
ipv6 cef
!
interface Loopback 0
ipv6 address CAFE:2::1/64
!
interface serial 0/0
description To 6PE2 Router
ipv6 address 2001:2::1/124
!
6PE IP Address configuration
6PE1 router:
ipv6 unicast-routing
ipv6 cef
!
interface Loopback 0
ip address 1.1.1.1 255.255.255.255
ipv6 address ABCD:1::1/128
!
interface serial 0/0
description To CE1 Router
ipv6 address 2001:1::2/124
!
interface fastethernet 0/0
description To P2 Router
ip address 10.1.1.1 255.255.255.252
!
6PE2 router:
ipv6 unicast-routing
ipv6 cef
!
interface Loopback 0
ip address 2.2.2.2 255.255.255.255
ipv6 address ABCD:1::2/128
!
interface serial 0/0
description To CE2 Router
ipv6 address 2001:2::2/64
!
eBGP connection between CE & 6PE routers:
There is an eBGP connection between CE & 6PE routers. CE1 is in BGP AS 65001 while CE2 is in BGP AS 65002. MPLS core uses BGP AS 100.
eBGP configuration on CE1 & CE2
CE1 router:
router bgp 65001
bgp router-id 10.210.0.1 ! BGP uses 32-bit Router ID.
neighbor 2001:1::2 remote-as 100
neighbor 2001:1::2 description 6PE1 neighbor
!
address-family ipv6
neighbor 2001:1::2 activate
network CAFE:1::/64
exit-address-family
!
CE2 router:
router bgp 65002
bgp router-id 10.210.0.2
neighbor 2001:2::2 remote-as 100
neighbor 2001:2::2 description 6PE2 neighbor
!
address-family ipv6
neighbor 2001:2::2 activate
network CAFE:2::/64
exit-address-family
!
Route-reflector (RR) configuration:
RR router is acting as a route-reflector. 6PE1 & 6PE2 routers are clients of this BGP RR.
BGP RR configuration
mpls label protocol ldp
mpls ldp router-id Loopback 0 force
mpls ipv6 source-interface Loopback 0
!
interface Loopback 0
ip address 3.3.3.3 255.255.255.255
ipv6 address ABCD:1::3/128
!
router bgp 100
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback 0
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback 0
!
address-family ipv6
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-label
neighbor 1.1.1.1 route-reflector-client
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-label
neighbor 2.2.2.2 route-reflector-client
exit-address-family
!
The 2 Magic commands:
The 6PE solution requires two new commands on 6PE routers.
1) The BGP configuration command neighbor <ip-address> send-label enables binding & advertisement of aggregate labels when advertising IPv6 prefixes in BGP.
2) The Global configuration command mpls ipv6 source-interface <interface> specifies the interface from which to inherit IPv6 addresses for locally generated packets.
MPLS & BGP on 6PE1
mpls label protocol ldp
mpls ldp router-id Loopback 0 force
mpls ipv6 source-interface Loopback 0
!
router bgp 100
neighbor 2001:1::1 remote-as 65001
neighbor 2001:1::1 description CE1 eBGP neighbor
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback 0
neighbor 3.3.3.3 description RR iBGP neighbor
!
address-family ipv6
neighbor 2001:1::1 activate
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-label
redistribute connected
exit-address-family
!
MPLS & BGP on 6PE2
mpls label protocol ldp
mpls ldp router-id Loopback 0 force
mpls ipv6 source-interface Loopback 0
!
router bgp 100
neighbor 2001:2::1 remote-as 65002
neighbor 2001:2::1 description CE2 eBGP neighbor
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback 0
neighbor 3.3.3.3 description RR iBGP neighbor
!
address-family ipv6
neighbor 2001:2::1 activate
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-label
redistribute connected
exit-address-family
!
Verification:
When BGP sessions are formed, BGP negotiates the capabilities with its neighbors. For 6PE solution, BGP should negotiate AFI/SAFI = 2/4 which indicates the neighbor can advertise IPv6 prefix with labels. The Route-Reflector advertises the IPv6 prefixes learnt from 6PE2 router. The next-hop address for IPv6 prefixes advertised by 6PE2 router will be IPv4-mapped IPv6 address of the form ::FFFF:2.2.2.2
BGP Neighbor capabilities and IPv6 Prefixes advertisement
!-- BGP Capabilities negotiated with Route-Reflector 3.3.3.3
00:05:07.687: BGP: 3.3.3.3 OPEN has CAPABILITY code: 1, length 4
00:05:07.687: BGP: 3.3.3.3 OPEN has MP_EXT CAP for afi/safi: 1/1
00:05:07.691: BGP: 3.3.3.3 rcvd OPEN w/ optional parameter type 2 (Capability) len 6
00:05:07.691: BGP: 3.3.3.3 OPEN has CAPABILITY code: 1, length 4
00:05:07.691: BGP: 3.3.3.3 OPEN has MP_EXT CAP for afi/safi: 2/1
00:05:07.691: BGP: 3.3.3.3 rcvd OPEN w/ optional parameter type 2 (Capability) len 6
00:05:07.691: BGP: 3.3.3.3 OPEN has CAPABILITY code: 1, length 4
00:05:07.691: BGP: 3.3.3.3 OPEN has MP_EXT CAP for afi/safi: 2/4
00:05:07.695: BGP: 3.3.3.3 rcvd OPEN w/ optional parameter type 2 (Capability) len 2
00:05:07.695: BGP: 3.3.3.3 OPEN has CAPABILITY code: 128, length 0
00:05:07.695: BGP: 3.3.3.3 OPEN has ROUTE-REFRESH capability(old) for all address-families
00:05:07.695: BGP: 3.3.3.3 rcvd OPEN w/ optional parameter type 2 (Capability) len 2
00:05:07.699: BGP: 3.3.3.3 OPEN has CAPABILITY code: 2, length 0
00:05:07.699: BGP: 3.3.3.3 OPEN has ROUTE-REFRESH capability(new) for all address-families
!-- output omitted
!-- IPv6 prefixes advertised by remote 6PE2 router via Route-Reflector
00:05:08.855: BGP(1-lbl): resolving bestpath with tag 22 for network 2001:2::, nh ::FFFF:2.2.2.2
00:05:08.859: BGP(1-lbl): resolving bestpath with tag 19 for network ABCD::2, nh ::FFFF:2.2.2.2
00:05:08.859: BGP(1-lbl): resolving bestpath with tag 21 for network ABCD::3, nh ::FFFF:3.3.3.3
00:05:08.863: BGP(1-lbl): resolving bestpath with tag 23 for network CAFE:2::, nh ::FFFF:2.2.2.2
00:05:08.867: BGP(1-lbl): 3.3.3.3 allocate local label 25 for network CAFE:1::
6PE1# show bgp ipv6 unicast neighbors 3.3.3.3 | section Neighbor capabilities
Neighbor capabilities:
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
Address family IPv6 Unicast: advertised and received
ipv6 MPLS Label capability: advertised and received
The show bgp ipv6 unicast command displays the IPv6 prefixes learnt via MP-BGP.
BGP IPv6 prefixes
6PE1# show bgp ipv6 unicast
BGP table version is 8, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 2001:1::/124 2001:1::1 0 0 65001 ?
*>i2001:2::/124 ::FFFF:2.2.2.2 0 100 0 65002 ?
*> ABCD::1/128 :: 0 32768 i
*>iABCD::2/128 ::FFFF:2.2.2.2 0 100 0 i
*>iABCD::3/128 ::FFFF:3.3.3.3 0 100 0 i
*> CAFE:1::/64 2001:1::1 0 0 65001 ?
*>iCAFE:2::/64 ::FFFF:2.2.2.2 0 100 0 65002 i
The following output shows the labels imposed for IPv6 prefix CAFE:2::/64. Label 23 is advertised by remote 6PE2 router via MP-BGP. Label 17 is the IGP label to reach the next-hop address 2.2.2.2 i.e. 6PE2 router.
Labels imposed for IPv6 prefix CAFE:2::/64
6PE1# show bgp ipv6 unicast CAFE:2::/64
BGP routing table entry for CAFE:2::/64, version 7
Paths: (1 available, best #1, table Global-IPv6-Table)
Advertised to update-groups:
1
65002
::FFFF:2.2.2.2 (metric 4) from 3.3.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, internal, best
Originator: 2.2.2.2, Cluster list: 3.3.3.3
mpls labels in/out nolabel/23
6PE1# show ip cef 2.2.2.2
2.2.2.2/32, version 60, epoch 0, cached adjacency 10.1.1.2
0 packets, 0 bytes
tag information set
local tag: 18
fast tag rewrite with Fa0/0, 10.1.1.2, tags imposed: {17}
via 10.1.1.2, FastEthernet0/0, 0 dependencies
next hop 10.1.1.2, FastEthernet0/0
valid cached adjacency
tag rewrite with Fa0/0, 10.1.1.2, tags imposed: {17}
6PE1#show ipv6 cef CAFE:2::/64
CAFE:2::/64
nexthop ::FFFF:2.2.2.2
fast tag rewrite with Fa0/0, 10.1.1.2, tags imposed: {17 23}
The following output shows the IPv6 prefix CAFE:2::/64 installed into IPv6 routing table of 6PE1 router. The next-hop is ::FFFF:2.2.2.2 which is the IPv4-mapped IPv6 address of remote 6PE2 router. When a packet arrives on the router for destination IPv6 prefix, a recursive lookup is done on the next-hop and outgoing labels are found.
IPv6 routing table
6PE1#show ipv6 route CAFE:2::/64
IPv6 Routing Table - 9 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route, M - MIPv6
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
B CAFE:2::/64 [200/0]
via ::FFFF:2.2.2.2, IPv6-mpls
The following packet capture indicates an ICMPv6 Echo Request packet from CE1 to remote IPv6 prefix CAFE:2::/64 on CE2 router. It indicates the label imposed by 6PE1 router.