Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
La b 6
IPv4 BGP Sessions Carrying IPv6 Routes – 6PE
Overview
In this lab, you will configure a full mesh of IPv4 iBGP sessions. You will then configure the PE
routers to carry IPv6 routes received from the CE routers over the iBGP IPv4 session (using MP-
BGP). Later on you will enable the forwarding of IPv6 traffic using MPLS.
You have been assigned a POD consisting of 4 devices: two PE routers and two CE routers. Make
sure you understand which devices have been assigned to you. This lab guide takes as a
configuration example POD A but this just a reference. Make sure you adapt your configurations to
your assigned POD, following always the lab diagram.
Note that your lab login (password lab123) grants you all permissions needed to complete this lab.
Please do not delete ge-0/0/0 interface since this is your management interface which grants you
connectivity to the devices. Please be careful, and have fun!
By completing this lab, you will perform the following tasks:
• Operational:
− Use show commands to verify and troubleshooting MP-BGP operation
• Configuration:
− Configure MP-BGP peering between loopback addresses
− Configure support for families inet and inet6
− Modify BGP next hop attribute
− Configure LSPs between your PE router and all other PE routers
− Configure MPLS and RSVP on your PE router
− Transport IPv6 traffic across your LSPs, and tagging of IPv6 traffic with the explicit
IPv6 null label on ingress.
Please refer to the next page lab diagram to perform this exercise and chose the one that refers to
your assigned POD.
1
Juniper IPv6 lab exercise: 6PE
Lab Diagram
MPLS LSP
2001:10:0:4::/64
10.10.1.0/24 10.10.8.0/24 2001:10:0:12::/64
CE-A1 :4::2 ge-0/0/1.0 Tokyo-PE
se-1/0/1 Sydney-P
Denver: ge-0/0/1.0 :4::1 lo0: se-1/0/1
lo0:
se-1/0/0 se-1/0/0 HongKong-PE :12::1 ge-0/0/1.0 CE-A2
::50::1 192.168.21.1 1.2 1.1 8.1 lo0: ge-0/0/1.0 :12::2 SaoPaulo
192.168.5.1 8.2 192.168.28.1 :51::1
AS 65000 eBGP 200.50.0.0/24 eBGP
200.50.1.0/24
200.51.0.0/24 AS 65000
2001:172:16:0::/64 200.50.2.0/24 MP-BGP 200.51.1.0/24
2001:172:16:4::/64
200.51.2.0/24
2001:172:16:1::/64 200.50.3.0/24
2001:172:16:2::/64
ISIS Level 2 200.51.3.0/24 2001:172:16:5::/64
2001:172:16:6::/64
2001:172:16:3::/64 AS 65412 2001:172:16:7::/64
Static Routes
Provider Core
(Virtual Customer Networks)
MPLS LSP
POD B
2001:10:0:6::/64 2001:10:0:14::/64
10.10.2.0/24 10.10.3.0/24
CE-B1 London-PE se-1/0/0
:6::2 se-2/0/0 Sydney-P se-2/0/1 se-1/0/0 Amsterdam-PE :14::1 ge-0/0/1.0 CE-B2
Madrid ge-0/0/1.0 :6::1 lo0: lo0: lo0:
:52::1 192.168.16.1
2.2 2.1 192.168.5.1 3.1 3.2 192.168.24.1 ge-0/0/1.0 :14::2 NewYork
:53::1
Static Routes
Provider Core
(Virtual Customer Networks)
2
Juniper IPv6 lab exercise: 6PE
MPLS LSP
2001:10:0:8::/64 2001:10:0:16::/64
10.10.7.0/24 10.10.4.0/24
CE-C1 :8::2 ge-0/0/1.0 SanJosePE se-1/0/1 se-3/0/1 Sydney-P se-3/0/0 se-1/0/1 Montreal-PE :16::1 fe-0/0/1.0 CE-C2
Rome fe-0/0/1.0 :8::1 lo0: 7.2 7.1 lo0: lo0: ge-0/0/1.0 :16::2 Barcelona
:54::1 192.168.8.1 192.168.5.1
4.1 4.2 192.168.12.1 :55::1
Static Routes
Provider Core
(Virtual Customer Networks)
3
Juniper IPv6 lab exercise: 6PE
Key Commands
Key operational mode commands used in this lab include the following:
show bgp summary
show bgp neighbor
show route
show route table inet6
show route table inet.3
show route table inet6.3
show route advertising-protocol bgp
show route receive-protocol bgp
show route hidden extensive
show rsvp session
ping
traceroute
lab@Tokyo-PE> configure
Entering configuration mode
[edit]
lab@London-PE# load override ipv6/lab6-6pe-start
load complete
Familiarize with the configuration just loaded. You will notice that there are inet and inet6 families
configured on the interfaces with respective IPv4 and IPv6 addresses. There is also an operational
IGP that guarantees reachability to all internal networks within the Provider Autonomous System AS
65412. On top of that, there is an ipv4 iBGP full mesh of sessions, an ipv6 eBGP session with your
peering AS and also some static routes on the CE devices
Once you are satisfied commit your configuration.
[edit]
lab@Tokyo-PE# commit and-quit
commit complete
Now login into your CE assigned device and load the ipv6/lab6-6pe-start file. This will give us
back a working baseline configuration.
lab@Denver-CE_A1> configure
Entering configuration mode
[edit]
lab@Denver-CE_A1# load override ipv6/lab6-6pe-start
load complete
4
Juniper IPv6 lab exercise: 6PE
Familiarize with the configuration just loaded. Like in the PE case, you will notice that there are inet
and inet6 families configured on the interfaces with respective IPv4 and IPv6 addresses. There are
also some IPv4 & IPv6 static routes in there and an eBGP peering session with AS65412
Once you are satisfied with your inspection go ahead and commit your configuration.
[edit]
lab@Denver-CE_A1# commit and-quit
commit complete
Step 1.2
On your PE device, remove your iBGP sessions using IPv6 so you no longer use Native IPv6 BGP.
To do so, get rid of the protocols bgp group ibgp section of your configuration:
[edit]
lab@Tokyo-PE# delete protocols bgp group ibgp
Please ensure that your ebgp group to your CE neighboring router remains configured.
Create a new bgp group called v4-peers on your PE device and configure a full mesh of IPv4
sessions with all other PEs assigned to your POD. In this case, since you have been given only 2x
5
Juniper IPv6 lab exercise: 6PE
PE routers, you will have to configure just one session to your other PE.. The following example has
been taken from the Tokyo router:
[edit]
lab@Tokyo-PE# edit protocols bgp group v4-peers
[edit protocols bgp group v4-peers]
lab@Tokyo-PE# set type internal
[edit protocols bgp group v4-peers]
lab@Tokyo-PE# set local-address 192.168.21.1
[edit protocols bgp group v4-peers]
lab@Tokyo-PE# set neighbor 192.168.28.1
Your configuration should look like the following output taken from Tokyo:
Step 2.2
Verify that all your IBGP sessions have been established.
6
Juniper IPv6 lab exercise: 6PE
♦ Check the neighbor details for your IBGP session. Which route family can your IBGP
sessions carry at this point?
The NLRI that has been negotiated is inet (IPv4) unicast, which is the address family
being used to establish the session.
7
Juniper IPv6 lab exercise: 6PE
Step 2.3
Configure the IPv4 static routes shown on the IPv4 addressing lab diagram, on your PE router. A
reject next hop is suggested because the resulting ICMP destination unreachable error messages
help to validate connectivity to the prefixes encompassed by the static route.
Please refer to the following table and diagram to configure your static routes on each router:
[edit routing-options]
lab@Tokyo-PE# show
static {
route 200.50.0.0/24 reject;
route 200.50.1.0/24 reject;
route 200.50.2.0/24 reject;
route 200.50.3.0/24 reject;
}
autonomous-system 65412;
8
Juniper IPv6 lab exercise: 6PE
Step 2.4
Configure a policy to advertise these statics routes via IBGP.
[edit routing-options]
lab@Tokyo-PE# top
[edit]
lab@Tokyo-PE# edit policy-options policy-statement send-statics-v4
[edit policy-options policy-statement send-statics-v4]
lab@Tokyo-PE# set term 1 from protocol static
[edit policy-options policy-statement send-statics-v4]
lab@Tokyo-PE# set term 1 then accept
Apply the newly created send-statics-v4 policy into your bgp group v4-peers. Also, apply the
next-hop self policy NH that you created on the previous lab. Ensure that the two policies are applied
under your v4-peers group:
Your configuration should look like the following output taken from Tokyo:
[edit]
lab@Tokyo-PE# show protocols bgp
group ebgp {
type external;
peer-as 65000;
as-override;
neighbor 2001:10:0:4::2;
}
group v4-peers {
type internal;
local-address 192.168.21.1;
9
Juniper IPv6 lab exercise: 6PE
export [ send-statics-v4 NH ];
neighbor 192.168.28.1;
}
Once satisfied with your changes go ahead and commit your candidate configuration:
[edit]
lab@Tokyo-PE# commit
commit complete
Step 2.5
Once completed these last two steps you should have all the 200.x.y/24 routes in your routing table.
♦ Do you have all the 200.x.y/24 routes in your routing table? If so, how many?
[edit]
lab@Tokyo-PE# run show route 200/8 terse | match /24 | count
Count: 24 lines
[edit]
lab@Tokyo-PE# run show route 200/8 terse
inet.0: 22 destinations, 22 routes (22 active, 0 holddown, 0 hidden)+ = Active
Route, - = Last Active, * = Both
A Destination P Prf Metric 1 Metric 2 Next hop AS path
* 200.50.0.0/24 S 5 Reject
* 200.50.1.0/24 S 5 Reject
* 200.50.2.0/24 S 5 Reject
* 200.50.3.0/24 S 5 Reject
* 200.51.0.0/24 B 170 100 >10.10.1.1 I
* 200.51.1.0/24 B 170 100 >10.10.1.1 I
* 200.51.2.0/24 B 170 100 >10.10.1.1 I
* 200.51.3.0/24 B 170 100 >10.10.1.1 I
10
Juniper IPv6 lab exercise: 6PE
Step 3.1
Configure your PE router to carry IPv6 NLRI across the IBGP over IPv4 session. After you have
added the required command, check the IBGP neighbor status and details again. Also check your
IPv4 routing table again.
As the family inet6 unicast is added under the IBGP group, your sessions will gradually get
reestablished.
[edit]
lab@Tokyo-PE# edit protocols bgp group v4-peers
[edit protocols bgp group v4-peers]
lab@Tokyo-PE# set family inet6 unicast
Your configuration should look like this example taken from Tokyo-PE. Commit your configuration.
Step 3.2
Display the status of the bgp sessions. Notice that they now show the inet6.0 routing table as the
routing table were routes are to be installed.
11
Juniper IPv6 lab exercise: 6PE
If you now try the show BGP neighbor command and look for the address families and
NLRI negotiated you find that only inet6-unicast is active. This may cause confusion
since in Step 2.2 we confirmed that IPv4-unicast was enabled automatically based on
the use of IPv4 address to establish the peers. The problem arises from the manual
configuration of family inet6-unicast. The router is now expecting all address families
to be supported on each IBGP session to also be manually configured.
The same command we used on Step 2.5 reports that only 4x 200.x.y/24 routes are
12
Juniper IPv6 lab exercise: 6PE
now on the routing table. An inspection of the actual routes shows us that the four
routes currently in the routing table are the local static routes.
Step 3.3
Reconfigure your PE router to carry IPv4 NLRI across the IBGP sessions again. To solve the
problem all is needed is the addition of family inet unicast under the IBGP group v4-peers:
Your configuration should look like this example taken from Tokyo-PE. Commit your configuration.
After this change check the IBGP neighbor details as well as your routing table.
13
Juniper IPv6 lab exercise: 6PE
♦ Does your session now carry both inet unicast and inet6 unicast NLRI?
It is easy to see that now you can now exchange both IPv4 and IPv6 routes with your
neighbors just by looking at the output of the show bgp summary command:
♦ Do you have both IPv4 and IPv6 BGP routes in your routing table?
You should be seeing IPv4 routes to the remote PE router’s static routes. You should
also be seeing IPv6 routes to your CE router’s static routes. You can see that the router
in the example is receiving and activating 4x IPv4 routes from each of its peers. The
router is also receiving and activating 5 routes from the CE router (2001:10:0:4::2 ).
Remember that previously you added the next-hop self policy to your IBGP group. You
can use the show route advertising-protocol command to determine
whether you are sending routes. The following example shows you that effectively the
14
Juniper IPv6 lab exercise: 6PE
router is sending both IPv4 and IPv6 routes and in both cases, the next-hop for the
routes is self which should make all routes valid in the receiving router.
♦ Are you receiving any IPv6 routes from your IBGP peers?
By the looks you are not receiving any IPv6 route from your PE neighbors. However,
do notice that you have quite a few hidden routes. By entering the show route hidden
table inet6 you can check if you have hidden routes.
15
Juniper IPv6 lab exercise: 6PE
Unusable
2001:172:16:6::/64 [BGP/170] 00:07:11, localpref 100, from 192.168.28.1
AS path: 65000 I
Unusable
2001:172:16:7::/64 [BGP/170] 00:07:11, localpref 100, from 192.168.28.1
AS path: 65000 I
Unusable
2001:192:168:51::/64
[BGP/170] 00:07:11, localpref 100, from 192.168.28.1
AS path: 65000 I
Unusable
If you use the extensive switch and check the details for one of your hidden routes you will discover
the reason it is hidden
No route was found! Therefore, next-hop reachability fails, and the route becomes unusable and
hidden.
16
Juniper IPv6 lab exercise: 6PE
____________________________ Note__________________________
The next-hop ::ffff:192.168.28.1 in the example, is the IPv4-mapped
representation of the IPv4 address of HongKong’s loopback interface. The next
hop is automatically converted by the router when an IPv6 route is transported
over an IPv4 session. The problem is the router has no route in inet6 to resolve
this next hop.
__________________________________________________________________
Amsterdam ::ffff:192.168.24.1
Montreal ::ffff:192.168.12.1
17
Juniper IPv6 lab exercise: 6PE
Your configuration should look like this output taken from the Tokyo router. Go ahead and commit
your changes.
Yes, the new loopback address is now advertised on your ISIS LSP
♦ Once all PE routers have done the above changes, do you still see hidden routes in
your router?
18
Juniper IPv6 lab exercise: 6PE
♦ Do you have IPv4 BGP routes to all the static routes from all PE routers across the
network?
♦ Do you have IPv6 BGP routes to all the static routes from all CE routers across the
network?
19
Juniper IPv6 lab exercise: 6PE
At last, Verify the advertisement of routes from your CE router to other CE routers.
♦ Is your CE router receiving all IPv6 routes from the other CEs?
lab@Denver-CE_A1> show route table inet6 terse 2001:172::/32 | match /64 | count
Count: 8 lines
20
Juniper IPv6 lab exercise: 6PE
♦ Looking good, right?? As a definitive test, can your CE router reach all IPv6 routes
from the other CEs? Can you ping for example the IPv6 address of the remote CE?
No you can’t!! There seem to be a forwarding problem in the Provider core network.
The destination route from the remote CE (i.e. the loopback) is present on the routing
table, however forwarding doesn’t seem to work
Go ahead and add support for the family mpls in your serial interface. This enables the processing of
labels in and out of the interface:
lab@Tokyo-PE> configure
Entering configuration mode
[edit]
lab@Tokyo-PE# set interfaces se-1/0/1 unit 0 family mpls
[edit]
lab@Tokyo-PE# set protocols mpls interface se-1/0/1
21
Juniper IPv6 lab exercise: 6PE
And at last you also need to enable RSVP, but only at the protocol level. Commit your changes
[edit]
lab@Tokyo-PE# set protocols rsvp interface se-1/0/1
[edit]
lab@Tokyo-PE# commit
commit complete
Step 5.2
Verify your interface is running both RSVP and MPLS. You can use the commands shown in the
example below to verify proper MPLS and RSVP configuration.
[edit]
lab@Tokyo-PE# run show mpls interface
Interface State Administrative groups
se-1/0/1.0 Up <none>
[edit]
lab@Tokyo-PE# run show rsvp interface
RSVP interface: 1 active
Active Subscr- Static Available Reserved Highwater
Interface State resv iption BW BW BW mark
se-1/0/1.0 Up 0 100% 8Mbps 8Mbps 0bps 0bps
Step 5.3
Create LSPs from your PE router to your other PE router in the network. You will have a total of one
LSPs. The loopback addresses of all PE routers are listed below. Use these addresses as the
egress for your LSPs.
22
Juniper IPv6 lab exercise: 6PE
To create an LSP you need to define a name for it under protocols MPLS and specify the address of
the egress of the router.
The following example shows the LSPs created in Tokyo:
[edit]
lab@Tokyo-PE# edit protocols mpls
[edit protocols mpls]
lab@Tokyo-PE# set label-switched-path TKY-to-HKG to 192.168.28.1
Your configuration should look like this. Commit your changes when satisfied:
Step 5.4
Verify that your LSPs have been established.
♦ Are your RSVP LSPs established?
Yes. You should have one LSP as ingress and one LSPs as egress established.
23
Juniper IPv6 lab exercise: 6PE
Yes, as expected the loopback addresses of the terminating point of your LSP have
been installed into inet.3. RSVP, which is the protocol used in the lab to signal your
LSPs, installs routes to the egress router’s address in inet.3.
♦ Now look at your inet.0 routing table. What is the next hop of the IPv4 routes you
are receiving from other iBGP peers? Is this next-hop being resolved through inet.3? is
the route bounded to the LSP?
You will find that after creating your LSP the next hop for the static routes on the other
PE routers is now the LSP to the corresponding PE router. This is the result of BGP
resolving the BGP next hop for the route which is the loopback address of the other PE
router
When BGP performs next-hop resolution it can look at both inet.0 and inet.3 and choose the route
with the lowest preference, in this case the RSVP route in inet.3.
24
Juniper IPv6 lab exercise: 6PE
____________________________ Note__________________________
When the routing process tries to determine the best forwarding path to the BGP
next hop (which is also the LSP’s egress address in this example), it has the
option to resolve the BGP next hop through the inet.0 or the inet.3 routing tables.
Because the global preference for the entries in inet.3 is less than the preference
for the same route in inet.0 table, the BGP entity prefers the entries found in
inet.3. The result is that the LSP is installed into the forwarding table as the next
hop for all routes whose BGP next hop resolves to the egress address
associated with the LSP.
__________________________________________________________________
After next-hop resolution is completed, BGP installs a BGP route in inet.0 using the LSP as the next
hop. You can observe the process in the following example:
25
Juniper IPv6 lab exercise: 6PE
As a result, traffic destined to 200.51.0.0/24 will use the TKY-to-HKG LSP. You could test that by
conducting a traceroute to any of the ip addresses you are receiving via BGP from other PE peers:
Step 5.5
♦ Can the router forward IPv6 across your LSPs the same way? Why or why not?
(Check the routing table for routes to the static IPv6 routes of remote CE routers.)
If you check the routing table for IPv6 routes coming from a remote peer, you will find
that these routes do not use the LSP as a next hop like the IPv4 routes. Just pick one
IPv6 route being received from another PE
26
Juniper IPv6 lab exercise: 6PE
A quick look at the extensive option reveals what the issue is::
The only route available for BGP to resolve the next hop is the IS-IS route for the IPV4-mapped
configured in the previous lab under the loopback interface
27
Juniper IPv6 lab exercise: 6PE
To resolve this next hop BGP through the LSP between Tokyo and HongKong, BGP would need to
find a route for ::ffff:192.168.28.1 in the equivalent inet.3 routing table for IPv6, pointing to the
LSP.
At this point there is not such a route
♦ What is the effect of this command? Enter the show route summary command. Are
there any new routing tables?
When you enter the show route summary command look towards the bottom of the
output. A new routing table called inet6.3 was created by the IPv6-tunneling command.
28
Juniper IPv6 lab exercise: 6PE
This statement allows IPv6 routes to be resolved over an MPLS network by converting all routes
stored in the inet.3 routing table to IPv4-mapped IPv6 addresses and then copying them into the
inet6.3 routing table. This routing table can be used to resolve next hops for both inet6 and inet6-
vpn routes. The routes are added to inet6.3
♦ You can check the contents of inet6.3 by entering the show route table inet6.3
command. What routes do you see in there?
♦ Is BGP able to resolve the next hop of the IPv6 routes using this routing table?
Check the next hop of these routes and compare it with the entries in inet6.3
29
Juniper IPv6 lab exercise: 6PE
Now that inet6.3 exists, and is being populated with routes by RSVP, BGP should
be able to use the LSPs to perform next-hop resolution for IPv6 routes ☺
Looking good!!! It seems that now the IPv6 learned route uses the LSP for the fowarding! This is
because the BGP next-hop of the route could now be resolved through inet6.3
30
Juniper IPv6 lab exercise: 6PE
So, does it work at all? Knowing that a CE router has a BGP learned route to the loopback (actually
a /64 route that encompasses the loopback) of the remote CE, then a ping or traceroute should work
end-to-end CE to CE
31
Juniper IPv6 lab exercise: 6PE
We look now in the next hop router along the path which happens to the the Sydney P router. An
inspection on its mpls.0 table indicates that when a labeled packet with a value of 300880 comes in,
the operation to be taken is Pop:
Things fail when the packet arrives at Sydney-P and the label is popped. Now Sydney has an IPv6
packet in its hands and doesn’t know what to do with it. In our lab, the P routers have some internal
IPv6 routes, but only because one of our test scenarios was native IPv6 BGP. In a real service
provider scenario, it is unlikely that the P routers will have any IPv6 configuration at all. To solve the
problem, a second label must be added to the packet. After popping the outer label, Sydney would
still have a labeled packet to be forwarded to HongKong. HongKong will then pop this additional
label and perform a Layer 3 lookup in inet6.
In other words, the outer label will allow forwarding the traffic to the appropriate PE router, and the
inner label will identify a packet as IPv6. This inner label is called the explicit-null label for IPv6.
Appending this label must be configured under protocols BGP. You must make these modifications
under protocols BGP for your IBGP group and confirm that the explicit null label and the inet6
labeled unicast address family have been negotiated between you and your IBGP peers.
You must delete family inet6 unicast as both labeled-unicast and unicast families cannot be enabled
at the same time.
lab@Tokyo-PE> configure
Entering configuration mode
32
Juniper IPv6 lab exercise: 6PE
[edit]
lab@Tokyo-PE# edit protocols bgp group v4-peers
[edit protocols bgp group v4-peers]
lab@Tokyo-PE# delete family inet6 unicast
[edit protocols bgp group v4-peers]
lab@Tokyo-PE# set family inet6 labeled-unicast explicit-null
[edit protocols bgp group v4-peers]
lab@Tokyo-PE# commit and-quit
commit complete
Exiting configuration mode
____________________________ Note__________________________
Routes will not be seen until the remote PE side does performs this step.
__________________________________________________________________
Step 7.2
Once the session is restored after your previous change, check the address families that your peer
has negotiated to other iBGP peers:
♦ After changing your configuration, check the same route you checked on the
previous part, using again the extensive switch to observe the details. What label
would be used to send traffic to that destination?
33
Juniper IPv6 lab exercise: 6PE
The following example shows the next-hop resolution details and highlights the labels
that will be used to reach the PE router advertising the route.
34
Juniper IPv6 lab exercise: 6PE
STOP
You have completed IPv6 6PE lab !
35