6VPE: IPv6 over MPLS VPN
6VPE: IPv6 over MPLS VPN
An IPv6 VPN is connected over an IPv6 interface or sub-interface to the Service Provider (SP) backbone via a PE router. The site can be both IPv4 and IPv6 capable. Each IPv6 VPN has its own address space which means a given address denotes different systems in different VPNs. This is achieved via a new address family- VPN-IPv6 or VPNv6 address-family which prepends a Route Distinguisher (RD) to the IP address.
A VPNv6 address is a 24-byte quantity beginning with a 8-byte RD and ending with a 16-byte IPv6 address. When a site is IPv4 and IPv6 capable, the same RD can be used for the advertisement of IPv4 and IPv6 addresses.
Network topology:
The PE-CE links are IPv6 capable. The MPLS VPN network is IPv4 enabled. 6VPE routers are dual-stack routers.
CE Configuration
CE1 router:
ipv6 unicast-routing
ipv6 cef
!
interface Serial 0/0
ipv6 address 2001:1::1/124
!
interface Loopback 0
ipv6 address ABCD::1/128
!
CE2 router:
ipv6 unicast-routing
ipv6 cef
!
interface Serial 0/0
ipv6 address 2001:2::1/124
!
interface Loopback 0
ipv6 address ABCD::2/128
!
6VPE Configuration
6VPE1 router:
ipv6 unicast-routing
ipv6 cef
!
mpls label protocol ldp
mpls ldp router-id Loopback 0 force
!
!----- The VRF is defined with vrf definition <vrf-name> and is made IPv6 aware --------!
!
vrf definition CUST1
rd 1:1
!
address-family ipv6
route-target import 1:1
route-target export 1:1
exit-address-family
!
interface Serial 0/0
vrf forwarding CUST1
ipv6 address 2001:1::2/124
!
interface Loopback 0
ip address 1.1.1.1 255.255.255.255
ip ospf 1 area 0
!
6VPE2 router:
ipv6 unicast-routing
ipv6 cef
!
mpls label protocol ldp
mpls ldp router-id Loopback 0 force
!
vrf definition CUST1
rd 1:1
!
address-family ipv6
route-target import 1:1
route-target export 1:1
exit-address-family
!
interface Serial 0/0
vrf forwarding CUST1
ipv6 address 2001:2::2/124
!
interface Loopback 0
ip address 3.3.3.3 255.255.255.255
ip ospf 1 area 0
!
MP-BGP Configuration:
Address-family VPNv6 is configured on 6VPE routers for iBGP connection. There is eBGP connection between 6VPE and CE routers.
MP-BGP Configuration on CE1 & 6VPE1
CE1 router:
router bgp 65101
neighbor 2001:1::2 remote-as 100
!
address-family ipv6
neighbor 2001:1::2 activate
network ABCD::1/128
exit-address-family
!
6VPE1 router:
router bgp 100
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback 0
!
address-family vpnv6
neighbor 3.3.3.3 activate
exit-address-family
!
address-family ipv6 vrf CUST1
neighbor 2001:1::1 remote-as 65101
neighbor 2001:1::1 activate
redistribute connected
exit-address-family
!
MP-BGP Configuration on CE2 and 6VPE2
CE2 router:
router bgp 65102
neighbor 2001:2::2 remote-as 100
!
address-family ipv6
neighbor 2001:2::2 activate
network ABCD::2/128
exit-address-family
!
6VPE2 router:
router bgp 100
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback 0
!
address-family vpnv6
neighbor 1.1.1.1 activate
exit-address-family
!
address-family ipv6 vrf CUST1
neighbor 2001:2::1 remote-as 65102
neighbor 2001:2::1 activate
redistribute connected
exit-address-family
!
BGP Capability Negotiation:
The MP-BGP are used to advertise the IPv6 VPN routes in the MP_REACH NLRI. The AFI/SAFI used is 2/128. AFI=2 for IPv6 and SAFI=128 for MPLS labeled VPNv6.
debug ip bgp
21:10:10.387: BGP: 3.3.3.3 went from Active to OpenSent
21:10:10.391: BGP: 3.3.3.3 sending OPEN, version 4, my as: 100, holdtime 180 seconds
21:10:10.395: BGP: 3.3.3.3 send message type 1, length (incl. header) 61
21:10:10.579: BGP: 3.3.3.3 rcv message type 1, length (excl. header) 42
21:10:10.579: BGP: 3.3.3.3 rcv OPEN, version 4, holdtime 180 seconds
21:10:10.583: BGP: 3.3.3.3 rcv OPEN w/ OPTION parameter len: 32
21:10:10.583: BGP: 3.3.3.3 rcvd OPEN w/ optional parameter type 2 (Capability) len 6
21:10:10.583: BGP: 3.3.3.3 OPEN has CAPABILITY code: 1, length 4
21:10:10.587: BGP: 3.3.3.3 OPEN has MP_EXT CAP for afi/safi: 1/1
21:10:10.587: BGP: 3.3.3.3 rcvd OPEN w/ optional parameter type 2 (Capability) len 6
21:10:10.587: BGP: 3.3.3.3 OPEN has CAPABILITY code: 1, length 4
21:10:10.587: BGP: 3.3.3.3 OPEN has MP_EXT CAP for afi/safi: 2/128
21:10:10.591: BGP: 3.3.3.3 rcvd OPEN w/ optional parameter type 2 (Capability) len 2
21:10:10.591: BGP: 3.3.3.3 OPEN has CAPABILITY code: 128, length 0
21:10:10.591: BGP: 3.3.3.3 OPEN has ROUTE-REFRESH capability(old) for all address-families
21:10:10.591: BGP: 3.3.3.3 rcvd OPEN w/ optional parameter type 2 (Capability) len 2
21:10:10.595: BGP: 3.3.3.3 OPEN has CAPABILITY code: 2, length 0
21:10:10.595: BGP: 3.3.3.3 OPEN has ROUTE-REFRESH capability(new) for all address-families
21:10:10.595: BGP: 3.3.3.3 rcvd OPEN w/ optional parameter type 2 (Capability) len 6
21:10:10.595: BGP: 3.3.3.3 OPEN has CAPABILITY code: 65, length 4
21:10:10.599: BGP: 3.3.3.3 OPEN has 4-byte ASN CAP for: 100
BGP: 3.3.3.3 rcvd OPEN w/ remote AS 100, 4-byte remote AS 100
21:10:10.599: BGP: 3.3.3.3 went from OpenSent to OpenConfirm
21:10:10.603: BGP: 3.3.3.3 went from OpenConfirm to Established
21:10:10.603: %BGP-5-ADJCHANGE: neighbor 3.3.3.3 Up
21:10:11.547: %BGP-5-ADJCHANGE: neighbor 2001:1::1 vpn vrf CUST1 Up
6VPE1# show bgp vpnv6 unicast all neighbors
BGP neighbor is 3.3.3.3, remote AS 100, internal link
BGP version 4, remote router ID 3.3.3.3
BGP state = Established, up for 00:05:32
Last read 00:00:30, last write 00:00:20, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(new)
New ASN Capability: advertised and received
Address family IPv4 Unicast: advertised and received
Address family VPNv6 Unicast: advertised and received
!
!---output ommitted
!
BGP neighbor is 2001:1::1, vrf CUST1, remote AS 65101, external link
BGP version 4, remote router ID 10.210.0.1
BGP state = Established, up for 00:05:54
Last read 00:00:54, last write 00:00:43, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(new)
New ASN Capability: advertised
Address family IPv6 Unicast: advertised and received
!
!---output ommitted
!
Since the IPv6 VPN traffic is to be transported to the BGP speaker using IPv4 tunneling, the BGP speaker advertises to its peer a next-hop network address field containing a VPNv6 address- the 8-byte RD is set to 0, while the 16-byte IPv6 address is the IPv4-mapped IPv6 address of the advertising BGP speaker.
BGP Next-Hop address
6VPE2# show bgp vpnv6 unicast vrf CUST1
BGP table version is 30, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf CUST1)
*>i2001:1::/124 ::FFFF:1.1.1.1 0 100 0 ?
*> 2001:2::/124 :: 0 32768 ?
*>iABCD::1/128 ::FFFF:1.1.1.1 0 100 0 65101 i
*> ABCD::2/128 2001:2::1 0 0 65102 i
6VPE2# show bgp vpnv6 unicast vrf CUST1 ABCD::1/128
BGP routing table entry for [1:1]ABCD::1/128, version 30
Paths: (1 available, best #1, table CUST1)
Advertised to update-groups:
2
65101
::FFFF:1.1.1.1 (metric 3) from 1.1.1.1 (1.1.1.1)
Origin IGP, metric 0, localpref 100, valid, internal, best
Extended Community: RT:1:1
mpls labels in/out nolabel/20
Notice that the RD of VPNv6 prefixes is printed between []. This is done to differentiate between RD and IPv6 address.
Label imposition:
When a 6VPE router receives a packet from an attached CE router, it looks up the packet IPv6 destination address in the VRF table corresponding to that CE router. This enables it to find a VPNv6 route. The VPNv6 route has an associated MPLS label (top label) and an associated BGP Next Hop label (bottom label).
Label imposition
6VPE2# show bgp vpnv6 unicast vrf CUST1 ABCD::1/128
BGP routing table entry for [1:1]ABCD::1/128, version 30
Paths: (1 available, best #1, table CUST1)
Advertised to update-groups:
2
65101
::FFFF:1.1.1.1 (metric 3) from 1.1.1.1 (1.1.1.1)
Origin IGP, metric 0, localpref 100, valid, internal, best
Extended Community: RT:1:1
mpls labels in/out nolabel/20
6VPE2# show ip cef 1.1.1.1
1.1.1.1/32
nexthop 10.2.2.1 FastEthernet2/0 label 16
6VPE2# show ipv6 cef vrf CUST1 ABCD::1/128 detail
ABCD::1/128, epoch 0
recursive via 1.1.1.1 label 20
nexthop 10.2.2.1 FastEthernet2/0 label 16
IPv6 Prefixes advertised to CE routers:
The show ipv6 route bgp command displays the BGP routes learnt by the router.
IPv6 prefixes
CE1# show ipv6 route bgp
IPv6 Routing Table - 6 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route, M - MIPv6
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
B 2001:2::/124 [20/0]
via FE80::C808:17FF:FE2C:0, Serial0/0
B ABCD::2/128 [20/0]
via FE80::C808:17FF:FE2C:0, Serial0/0
CE2# show ipv6 route bgp
IPv6 Routing Table - 6 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route, M - MIPv6
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
B 2001:1::/124 [20/0]
via FE80::C809:14FF:FEB4:0, Serial0/0
B ABCD::1/128 [20/0]
via FE80::C809:14FF:FEB4:0, Serial0/0
The following packet capture indicates the labels imposed on the ICMPv6 packet when a PING is initialized from CE2 router to ABCD::1/128.