6VPE: IPv6 over MPLS VPN

6VPE: IPv6 over MPLS VPN

An IPv6 VPN is connected over an IPv6 interface or sub-interface to the Service Provider (SP) backbone via a PE router. The site can be both IPv4 and IPv6 capable. Each IPv6 VPN has its own address space which means a given address denotes different systems in different VPNs. This is achieved via a new address family- VPN-IPv6 or VPNv6 address-family which prepends a Route Distinguisher (RD) to the IP address.

A VPNv6 address is a 24-byte quantity beginning with a 8-byte RD and ending with a 16-byte IPv6 address. When a site is IPv4 and IPv6 capable, the same RD can be used for the advertisement of IPv4 and IPv6 addresses.

Network topology:

The PE-CE links are IPv6 capable. The MPLS VPN network is IPv4 enabled. 6VPE routers are dual-stack routers.

CE Configuration

CE1 router:

ipv6 unicast-routing

ipv6 cef

interface Serial 0/0

 ipv6 address 2001:1::1/124

interface Loopback 0

 ipv6 address ABCD::1/128

CE2 router:

ipv6 unicast-routing

ipv6 cef

interface Serial 0/0

 ipv6 address 2001:2::1/124

interface Loopback 0

 ipv6 address ABCD::2/128

6VPE Configuration

6VPE1 router:

ipv6 unicast-routing

ipv6 cef

mpls label protocol ldp

mpls ldp router-id Loopback 0 force

!----- The VRF is defined with vrf definition <vrf-name> and is made IPv6 aware --------!

vrf definition CUST1

 rd 1:1

 address-family ipv6

 route-target import 1:1

 route-target export 1:1

 exit-address-family

interface Serial 0/0

 vrf forwarding CUST1

 ipv6 address 2001:1::2/124

interface Loopback 0

 ip address 1.1.1.1 255.255.255.255

 ip ospf 1 area 0

6VPE2 router:

ipv6 unicast-routing

ipv6 cef

mpls label protocol ldp

mpls ldp router-id Loopback 0 force

vrf definition CUST1

 rd 1:1

 address-family ipv6

 route-target import 1:1

 route-target export 1:1

 exit-address-family

interface Serial 0/0

 vrf forwarding CUST1

 ipv6 address 2001:2::2/124

interface Loopback 0

 ip address 3.3.3.3 255.255.255.255

 ip ospf 1 area 0

MP-BGP Configuration:

Address-family VPNv6 is configured on 6VPE routers for iBGP connection. There is eBGP connection between 6VPE and CE routers.

MP-BGP Configuration on CE1 & 6VPE1

CE1 router:

router bgp 65101

 neighbor 2001:1::2 remote-as 100

 address-family ipv6

 neighbor 2001:1::2 activate

 network ABCD::1/128

 exit-address-family

6VPE1 router:

router bgp 100

 neighbor 3.3.3.3 remote-as 100

 neighbor 3.3.3.3 update-source Loopback 0

 address-family vpnv6

 neighbor 3.3.3.3 activate

 exit-address-family

 address-family ipv6 vrf CUST1

 neighbor 2001:1::1 remote-as 65101

 neighbor 2001:1::1 activate

 redistribute connected

 exit-address-family

MP-BGP Configuration on CE2 and 6VPE2

CE2 router:

router bgp 65102

 neighbor 2001:2::2 remote-as 100

 address-family ipv6

 neighbor 2001:2::2 activate

 network ABCD::2/128

 exit-address-family

6VPE2 router:

router bgp 100

 neighbor 1.1.1.1 remote-as 100

 neighbor 1.1.1.1 update-source Loopback 0

 address-family vpnv6

 neighbor 1.1.1.1 activate

 exit-address-family

 address-family ipv6 vrf CUST1

 neighbor 2001:2::1 remote-as 65102

 neighbor 2001:2::1 activate

 redistribute connected

 exit-address-family

BGP Capability Negotiation:

The MP-BGP are used to advertise the IPv6 VPN routes in the MP_REACH NLRI. The AFI/SAFI used is 2/128. AFI=2 for IPv6 and SAFI=128 for MPLS labeled VPNv6.

debug ip bgp

21:10:10.387: BGP: 3.3.3.3 went from Active to OpenSent

21:10:10.391: BGP: 3.3.3.3 sending OPEN, version 4, my as: 100, holdtime 180 seconds

21:10:10.395: BGP: 3.3.3.3 send message type 1, length (incl. header) 61

21:10:10.579: BGP: 3.3.3.3 rcv message type 1, length (excl. header) 42

21:10:10.579: BGP: 3.3.3.3 rcv OPEN, version 4, holdtime 180 seconds

21:10:10.583: BGP: 3.3.3.3 rcv OPEN w/ OPTION parameter len: 32

21:10:10.583: BGP: 3.3.3.3 rcvd OPEN w/ optional parameter type 2 (Capability) len 6

21:10:10.583: BGP: 3.3.3.3 OPEN has CAPABILITY code: 1, length 4

21:10:10.587: BGP: 3.3.3.3 OPEN has MP_EXT CAP for afi/safi: 1/1

21:10:10.587: BGP: 3.3.3.3 rcvd OPEN w/ optional parameter type 2 (Capability) len 6

21:10:10.587: BGP: 3.3.3.3 OPEN has CAPABILITY code: 1, length 4

21:10:10.587: BGP: 3.3.3.3 OPEN has MP_EXT CAP for afi/safi: 2/128

21:10:10.591: BGP: 3.3.3.3 rcvd OPEN w/ optional parameter type 2 (Capability) len 2

21:10:10.591: BGP: 3.3.3.3 OPEN has CAPABILITY code: 128, length 0

21:10:10.591: BGP: 3.3.3.3 OPEN has ROUTE-REFRESH capability(old) for all address-families

21:10:10.591: BGP: 3.3.3.3 rcvd OPEN w/ optional parameter type 2 (Capability) len 2

21:10:10.595: BGP: 3.3.3.3 OPEN has CAPABILITY code: 2, length 0

21:10:10.595: BGP: 3.3.3.3 OPEN has ROUTE-REFRESH capability(new) for all address-families

21:10:10.595: BGP: 3.3.3.3 rcvd OPEN w/ optional parameter type 2 (Capability) len 6

21:10:10.595: BGP: 3.3.3.3 OPEN has CAPABILITY code: 65, length 4

21:10:10.599: BGP: 3.3.3.3 OPEN has 4-byte ASN CAP for: 100

BGP: 3.3.3.3 rcvd OPEN w/ remote AS 100, 4-byte remote AS 100

21:10:10.599: BGP: 3.3.3.3 went from OpenSent to OpenConfirm

21:10:10.603: BGP: 3.3.3.3 went from OpenConfirm to Established

21:10:10.603: %BGP-5-ADJCHANGE: neighbor 3.3.3.3 Up

21:10:11.547: %BGP-5-ADJCHANGE: neighbor 2001:1::1 vpn vrf CUST1 Up

6VPE1# show bgp vpnv6 unicast all neighbors

BGP neighbor is 3.3.3.3,  remote AS 100, internal link

  BGP version 4, remote router ID 3.3.3.3

  BGP state = Established, up for 00:05:32

  Last read 00:00:30, last write 00:00:20, hold time is 180, keepalive interval is 60 seconds

  Neighbor capabilities:

    Route refresh: advertised and received(new)

    New ASN Capability: advertised and received

    Address family IPv4 Unicast: advertised and received

    Address family VPNv6 Unicast: advertised and received

    !---output ommitted

BGP neighbor is 2001:1::1,  vrf CUST1,  remote AS 65101, external link

  BGP version 4, remote router ID 10.210.0.1

  BGP state = Established, up for 00:05:54

  Last read 00:00:54, last write 00:00:43, hold time is 180, keepalive interval is 60 seconds

  Neighbor capabilities:

    Route refresh: advertised and received(new)

    New ASN Capability: advertised

    Address family IPv6 Unicast: advertised and received

    !---output ommitted

Since the IPv6 VPN traffic is to be transported to the BGP speaker using IPv4 tunneling, the BGP speaker advertises to its peer a next-hop network address field containing a VPNv6 address- the 8-byte RD is set to 0, while the 16-byte IPv6 address is the IPv4-mapped IPv6 address of the advertising BGP speaker.

BGP Next-Hop address

6VPE2# show bgp vpnv6 unicast vrf CUST1

BGP table version is 30, local router ID is 3.3.3.3

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 1:1 (default for vrf CUST1)

*>i2001:1::/124     ::FFFF:1.1.1.1           0    100      0 ?

*> 2001:2::/124     ::                       0         32768 ?

*>iABCD::1/128      ::FFFF:1.1.1.1           0    100      0 65101 i

*> ABCD::2/128      2001:2::1                0             0 65102 i

6VPE2# show bgp vpnv6 unicast vrf CUST1 ABCD::1/128

BGP routing table entry for [1:1]ABCD::1/128, version 30

Paths: (1 available, best #1, table CUST1)

  Advertised to update-groups:

    ::FFFF:1.1.1.1 (metric 3) from 1.1.1.1 (1.1.1.1)

      Origin IGP, metric 0, localpref 100, valid, internal, best

      Extended Community: RT:1:1

      mpls labels in/out nolabel/20

Notice that the RD of VPNv6 prefixes is printed between []. This is done to differentiate between RD and IPv6 address.

Label imposition:

When a 6VPE router receives a packet from an attached CE router, it looks up the packet IPv6 destination address in the VRF table corresponding to that CE router. This enables it to find a VPNv6 route. The VPNv6 route has an associated MPLS label (top label) and an associated BGP Next Hop label (bottom label).

Label imposition

6VPE2# show bgp vpnv6 unicast vrf CUST1 ABCD::1/128

BGP routing table entry for [1:1]ABCD::1/128, version 30

Paths: (1 available, best #1, table CUST1)

  Advertised to update-groups:

    ::FFFF:1.1.1.1 (metric 3) from 1.1.1.1 (1.1.1.1)

      Origin IGP, metric 0, localpref 100, valid, internal, best

      Extended Community: RT:1:1

      mpls labels in/out nolabel/20

6VPE2# show ip cef 1.1.1.1

1.1.1.1/32

  nexthop 10.2.2.1 FastEthernet2/0 label 16

6VPE2# show ipv6 cef vrf CUST1 ABCD::1/128 detail

ABCD::1/128, epoch 0

  recursive via 1.1.1.1 label 20

    nexthop 10.2.2.1 FastEthernet2/0 label 16

IPv6 Prefixes advertised to CE routers:

The show ipv6 route bgp command displays the BGP routes learnt by the router.

IPv6 prefixes

CE1# show ipv6 route bgp

IPv6 Routing Table - 6 entries

Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP

       U - Per-user Static route, M - MIPv6

       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary

       O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2

       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2

       D - EIGRP, EX - EIGRP external

B   2001:2::/124 [20/0]

     via FE80::C808:17FF:FE2C:0, Serial0/0

B   ABCD::2/128 [20/0]

     via FE80::C808:17FF:FE2C:0, Serial0/0

CE2# show ipv6 route bgp

IPv6 Routing Table - 6 entries

Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP

       U - Per-user Static route, M - MIPv6

       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary

       O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2

       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2

       D - EIGRP, EX - EIGRP external

B   2001:1::/124 [20/0]

     via FE80::C809:14FF:FEB4:0, Serial0/0

B   ABCD::1/128 [20/0]

     via FE80::C809:14FF:FEB4:0, Serial0/0

The following packet capture indicates the labels imposed on the ICMPv6 packet when a PING is initialized from CE2 router to ABCD::1/128.

Page updated

Google Sites

Report abuse