Routing ipv6 v3
 

Routing ipv6 v3

on

  • 2,055 views

A huge 4 parts lab to learn the path for a smooth transition.

A huge 4 parts lab to learn the path for a smooth transition.
This is volume one about Dual-Stack
The Volume 2 will be about Tunneling

Statistics

Views

Total Views
2,055
Views on SlideShare
425
Embed Views
1,630

Actions

Likes
1
Downloads
32
Comments
0

14 Embeds 1,630

http://ipv6forlife.com 790
http://www.ipv6forlife.com 448
http://www.fredbovy.com 187
http://fredbovy.com 170
http://www.ipv6forlife.com. 11
http://www.ipv6forlife.co.uk 7
http://www.ipv6forlife.eu 5
http://5.135.164.228 3
http://prlog.ru 2
http://translate.googleusercontent.com 2
http://178.32.220.77 2
https://www.linkedin.com 1
http://www.linkedin.com 1
http://ns3306607.ip-178-32-220.eu 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Routing ipv6 v3 Routing ipv6 v3 Document Transcript

  • . Sunday, March 30, 2014 ROUTING IPv6 v3.0 With Cisco and Quagga PC based Routers using GNS3, Cisco IOS, PC, freeBSD, Quagga, pfSense OSPF v2 for IPv4 & OSPF v3 for IPv6 Version 1.3 http://www.ipv6forlife.com/Tutorial/labDS/ Part 1 By Fred Bovy. Ccie #3013 © Fred Bovy EIRL. IPv6 For Life. Page 1
  • . Sunday, March 30, 2014 Table of Contents 1.Lab Setup................................................................................................................................................7 2.Introduction.............................................................................................................................................7 1.2.instances..........................................................................................................................................8 1.3.Security............................................................................................................................................8 1.4.Database Changes............................................................................................................................9 Two New LSAs.................................................................................................................................9 Two LSAs have a new name..........................................................................................................12 1.5.Router ID.......................................................................................................................................12 2. OSPF Basic Troubleshooting..........................................................................................................14 2.1 Cisco Logging Debug....................................................................................................................15 2.1. OSPF Multicast Addresses...........................................................................................................17 2.2. OSPF Networks Types.................................................................................................................18 3.OSPFv3 Architectures...........................................................................................................................20 4.Type of Area..........................................................................................................................................25 4.1 Stub Area.......................................................................................................................................26 4.2 Totally Stuby Area.........................................................................................................................28 Configuration..................................................................................................................................28 IPv6 route of a Totally Stubby Area Router...................................................................................29 Not So Stubby Area.............................................................................................................................30 Totally Not So Stubby Area.................................................................................................................31 A. Router Configurations.........................................................................................................................32 R1........................................................................................................................................................32 R2........................................................................................................................................................34 R3........................................................................................................................................................36 R4........................................................................................................................................................37 B. GLBP...................................................................................................................................................40 C. BGP Connection..................................................................................................................................42 BGP Lab Topology..............................................................................................................................42 Differences with IPv6..........................................................................................................................43 Some useful commands.......................................................................................................................43 BGP Configuration..............................................................................................................................44 On R3..............................................................................................................................................44 On R2..............................................................................................................................................45 On R5..............................................................................................................................................45 On R6..............................................................................................................................................46 5.Introduction to MP-BGP lab.................................................................................................................49 6.Lab Setup..............................................................................................................................................50 7.Lab BGP Configuration........................................................................................................................51 7.1 Summary.......................................................................................................................................51 7.2 BGP Configuration........................................................................................................................51 R6 BGP Configuration....................................................................................................................51 R8-ISP2 BGP Configuration..........................................................................................................52 R7 BGP Configuration....................................................................................................................53 © Fred Bovy EIRL. IPv6 For Life. Page 2
  • . Sunday, March 30, 2014 R9-ISP1 BGP Configuration..........................................................................................................53 8.BGP Reminder......................................................................................................................................54 8.1 BGP Connection Messages and States..........................................................................................54 8.2 eBGP Sessions...............................................................................................................................56 eBGP Multihop...............................................................................................................................56 eBGP Routes dampening. Increasing Stability...............................................................................56 8.3 iBGP Sessions...............................................................................................................................56 Scaling iBGP..................................................................................................................................56 iBGP Stability.................................................................................................................................56 8.4 BGP Attributes...............................................................................................................................56 8.5 BGP Best Path Selection Algorithm..............................................................................................58 8.6 Scaling BGP .................................................................................................................................61 Route-Reflectors.............................................................................................................................61 Peer-Group......................................................................................................................................61 8.7 Security and MD5 Password.........................................................................................................62 9.Useful Cisco BGP IPv6 Commands Explained....................................................................................64 9.1. Show bgp ipv6 unicast summary..................................................................................................64 9.2. Show bgp ipv6 X:X:X...::X/X .....................................................................................................65 9.3. Show bgp ipv6 neighbor...............................................................................................................66 10.Checking data plane of BGP Recursive routes...................................................................................68 10.1 Mind the BGP Next-hop Rule.....................................................................................................68 R6 Configuration............................................................................................................................68 R7 Configuration............................................................................................................................69 10.2 Check the BGP data path on CISCO Routers (CEFv6)..............................................................70 11.Checking Redundancy.........................................................................................................................73 12.Routers Configurations.......................................................................................................................75 12.1 R1................................................................................................................................................75 12.2 R3................................................................................................................................................76 12.3 R4................................................................................................................................................77 12.4 R5 – BGP Route-Reflector..........................................................................................................79 12.5 R6................................................................................................................................................81 12.6 R7................................................................................................................................................82 12.7 R8-ISP2. AS 64000.....................................................................................................................84 12.8 R9-ISP1. AS 65000.....................................................................................................................85 13.Why a Migration to IS-IS?..................................................................................................................90 14.IS-IS Reminder...................................................................................................................................91 14.1 Introduction and history..............................................................................................................91 14.2 IS-IS Architecture........................................................................................................................92 14.3 Security........................................................................................................................................92 14.4 Neighbor Discovery....................................................................................................................92 14.5 Multipoint Networks...................................................................................................................92 14.6 Point to Point Networks..............................................................................................................94 15.Migration Steps...................................................................................................................................94 15.1. Backbone Configuration.............................................................................................................94 15.2 Verification that ISIS is running OK...........................................................................................94 © Fred Bovy EIRL. IPv6 For Life. Page 3
  • . Sunday, March 30, 2014 Check IS-IS neighbors....................................................................................................................94 Check that all IS-IS are Up from the database...............................................................................95 Remove OSPF for IPv4 and check the IPv4 Routing table............................................................96 Check the Router data plane (CEF and CEFv6) ............................................................................98 Troubleshoot a bug with an Incomplete Adjacency. ......................................................................98 Remove OSPFv3 for IPv6 and check the RIBv6..........................................................................100 15.3. Backbone Migration strategies.................................................................................................101 16.ISIS Troubleshooting........................................................................................................................101 16.1 Optimization for GigabitEthernet P2P......................................................................................103 16.2 MP-BGP Checking....................................................................................................................105 Address-family IPv4.....................................................................................................................105 Address-family IPv6.....................................................................................................................107 17.Moving to Multiarea in the first Area................................................................................................111 17.1 Migration to Multiarea Procedure.............................................................................................111 17.2 IS-IS Multiarea Configuration...................................................................................................112 Configuring Multiarea on R1-R6-R5............................................................................................112 R1 Configuration......................................................................................................................112 R5 Configuration......................................................................................................................114 R6 Configuration......................................................................................................................116 18.Checking configuration ................................................................................................................117 18.1 Checking R5-R6-R1..................................................................................................................117 show clns neighbors......................................................................................................................117 Show ipv6 route ...........................................................................................................................118 Display R1 and R5 LSPs on R6....................................................................................................119 18.2 Configuring Multiarea on R3-R7-R4........................................................................................120 Configure Route Leaking for Loopbacks.....................................................................................121 19.Checking the migration.....................................................................................................................122 19.1 Check IS-IS...............................................................................................................................122 19.2 show ip route.............................................................................................................................122 19.2 show bgp connection to the RR.................................................................................................122 19.3 Checking IS-IS..........................................................................................................................123 19.4 Troubleshooting a bug...............................................................................................................123 19.4 Check BGP Resiliency..............................................................................................................125 19.5 Inspect IS-IS Database..............................................................................................................126 Level 1 Databases.........................................................................................................................126 Level 2 Database...........................................................................................................................128 19.6 Check the BGP Routers Resiliency ........................................................................................130 20.Multiarea final Configurations..........................................................................................................131 20.1 R6..............................................................................................................................................131 20.2 R1..............................................................................................................................................133 20.3 R5..............................................................................................................................................134 20.4 R3..............................................................................................................................................136 20.5 R4..............................................................................................................................................138 20.6 R7..............................................................................................................................................140 20.7 The ISP Routers R9 and R8 Configs.........................................................................................141 © Fred Bovy EIRL. IPv6 For Life. Page 4
  • . Sunday, March 30, 2014 ISP2-R8........................................................................................................................................141 ISP1-R9........................................................................................................................................142 21.What is Quagga?...............................................................................................................................146 22.Quagga Configurations.....................................................................................................................147 /usr/local/etc/quagga/zebra.conf...................................................................................................148 Telnet to the Zebra daemon..........................................................................................................149 Check IP route .............................................................................................................................149 Check IPv6 Route.........................................................................................................................151 23.Quagga IS-IS Configuration.............................................................................................................151 IS-IS Configuration file................................................................................................................151 Telnet to IS-IS daemon.................................................................................................................153 Two Quagga installed...................................................................................................................158 From R1...................................................................................................................................158 From R1 all IS-IS Neighbors...................................................................................................159 24.Quagga BGP Configuration..............................................................................................................160 BGP Configuration file.................................................................................................................160 Telnet to the BGP daemon............................................................................................................161 25.Verifying the Routing is OK.............................................................................................................162 26.pfSense..............................................................................................................................................166 27.Final Configurations.........................................................................................................................167 27.1 The Core Level-1-2 Routers......................................................................................................167 R1..................................................................................................................................................167 R3..................................................................................................................................................169 R4..................................................................................................................................................171 R5..................................................................................................................................................172 26.2 The Customer Edge Level-1 Routers........................................................................................175 R6..................................................................................................................................................175 R7..................................................................................................................................................176 No change on ISP R8 and R9 see previous configurations..........................................................178 26.3 Quagga Configurations..............................................................................................................178 Quagga1 configuration files from /usr/local/etc/quagga/.............................................................178 Zebra config ...........................................................................................................................178 ISIS config...............................................................................................................................179 BGP Config..............................................................................................................................179 Quagga2 configuration files from /usr/local/etc/quagga/.............................................................180 Zebra Configuration.................................................................................................................180 ISIS Config..............................................................................................................................181 BGP Config..............................................................................................................................182 © Fred Bovy EIRL. IPv6 For Life. Page 5
  • . Sunday, March 30, 2014 Illustration Index Illustration 1: Lab Setup.............................................................................................................................7 Illustration 2: OSPF Troubleshooting......................................................................................................14 Illustration 3: OSPF Network Types........................................................................................................19 Illustration 4: OSPF Regular Area...........................................................................................................25 Illustration 5: OSPF Stub Area.................................................................................................................26 Illustration 6: OSPF Totally Stubby Area................................................................................................29 Illustration 7: BGP Topology...................................................................................................................42 Illustration 8: OSPFv2, OSPFv3 and MP-BGP Setup.............................................................................50 Illustration 9: Show bgp ipv6 unicast xxxx:xxx...::/y Explained.............................................................65 Illustration 10: Final Lab Setup..............................................................................................................90 Illustration 11: IS-IS Architecture............................................................................................................91 Illustration 12: IS-IS 2 levels of Routing.................................................................................................92 Illustration 13: IS-IS Multiarea..............................................................................................................111 Illustration 14: Final Setup free9/Quagga and others PCs.....................................................................147 Illustration 15: My Working Station with GNS3 and Wireshark windows............................................151 © Fred Bovy EIRL. IPv6 For Life. Page 6
  • 1.Lab Setup. Sunday, March 30, 2014 1. Lab Setup The Lab runs OSPFv2 and OSPFv3 it is dual-stacked in Area 0 except R5 which is in Area1. Linux machines can ping each other. We have 3 VLANs and at least one PC in each VLAN. The Left hand side uses only one but I configured two VLANs. I have also configured GLBP for IPv41 and IPv6. Configuration are available at the end of this document and on my web site with GNS3 files to copy it: http://www.ipv6forlife.com/Tutorial/labDS/ 2. Introduction Like IPv6 brought many improvements over IPv4, OSPFv3 also advertise them in the Routing Protocol. OSPFv3 is now fully optimized for IPv6 and adds new features. To summarize for those who don't have time to read more than one page here are the 1 There is a bug in my IOS and the GLBP configured for IPv4 is converted to IPv6 in the running-config. © Fred Bovy EIRL. IPv6 For Life. Page 7 Illustration 1: Lab Setup
  • 2.Introduction. Sunday, March 30, 2014 main changes: 1.2. instances For example, it is possible to run multiple, up to 16 instances of OSPFv3 which do not see each other on the same VLAN. This can be very useful if many customers share a link at some point of the network. The instance number is coded in the Hello so two routers will not form a neighbor relationship if not in the same instance. 1.3. Security As IPv6 should be provided with IPSec, the Authentication has been removed from OSPFv3 and is now supposed to be done by IPSec stack. Cisco has released Authentication and even Encryption of OSPFv3 traffic thanks to IPSec. IPSec is better than MD5 for Authentication as it changes the encryption key on a regular time basis and exchange it safely over the unsafe network thanks to Diffie-Helmann. Otherwise if you can capture enough traffic you can break the key and nobody will change them manually! Example on Cisco Router Interface between R2 and R5: ipv6 ospf encryption ipsec spi 1001 esp 3des  012345678901234567890123456789012345678901234567 sha1  0123456789012345678901234567890123456789 R5#show ipv6 ospf interface g0/0 GigabitEthernet0/0 is up, line protocol is up    Link Local Address FE80::C807:7CFF:FEFB:8, Interface ID 5   Area 1, Process ID 1, Instance ID 0, Router ID 192.168.100.5   Network Type BROADCAST, Cost: 1   3DES encryption SHA­1 auth SPI 1001, secure socket UP (errors: 0)   Transmit Delay is 1 sec, State DR, Priority 1    Designated Router (ID) 192.168.100.5, local address FE80::C807:7CFF:FEFB:8   Backup Designated router (ID) 10.0.0.2, local address FE80::C803:7CFF:FEFB:A8   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5     Hello due in 00:00:05   Index 1/1/1, flood queue length 0   Next 0x0(0)/0x0(0)/0x0(0)   Last flood scan length is 1, maximum is 3   Last flood scan time is 0 msec, maximum is 0 msec   Neighbor Count is 1, Adjacent neighbor count is 1      Adjacent with neighbor 10.0.0.2  (Backup Designated Router) © Fred Bovy EIRL. IPv6 For Life. Page 8
  • 2.Introduction. Sunday, March 30, 2014   Suppress hello for 0 neighbor(s) 1.4. Database Changes Two New LSAs • One new LSA to advertise on the Link Only the Router Link-Local Address. R3>show ipv6 ospf database link adv­router 10.0.0.3             OSPFv3 Router with ID (10.0.0.3) (Process ID 1)                 Link (Type­8) Link States (Area 0)   LS age: 1351   Options: (V6­Bit, E­Bit, R­bit, DC­Bit)   LS Type: Link­LSA (Interface: GigabitEthernet0/0.2)   Link State ID: 15 (Interface ID)   Advertising Router: 10.0.0.3   LS Seq Number: 8000000C   Checksum: 0x5207   Length: 56   Router Priority: 1   Link Local Address: FE80::C805:7CFF:FEFB:8   Number of Prefixes: 1   Prefix Address: 2001:DB8:678:1006::   Prefix Length: 64, Options: None   LS age: 1351   Options: (V6­Bit, E­Bit, R­bit, DC­Bit)   LS Type: Link­LSA (Interface: GigabitEthernet0/0.1)   Link State ID: 14 (Interface ID)   Advertising Router: 10.0.0.3   LS Seq Number: 8000000C   Checksum: 0x3625   Length: 56   Router Priority: 1   Link Local Address: FE80::C805:7CFF:FEFB:8   Number of Prefixes: 1   Prefix Address: 2001:DB8:678:1005::   Prefix Length: 64, Options: None   LS age: 109   Options: (V6­Bit, E­Bit, R­bit, DC­Bit)   LS Type: Link­LSA (Interface: GigabitEthernet1/0) © Fred Bovy EIRL. IPv6 For Life. Page 9
  • 2.Introduction. Sunday, March 30, 2014   Link State ID: 6 (Interface ID)   Advertising Router: 10.0.0.3   LS Seq Number: 8000000D   Checksum: 0x35E0   Length: 44   Router Priority: 1   Link Local Address: FE80::C805:7CFF:FEFB:1C   Number of Prefixes: 0   LS age: 109   Options: (V6­Bit, E­Bit, R­bit, DC­Bit)   LS Type: Link­LSA (Interface: GigabitEthernet2/0)   Link State ID: 7 (Interface ID)   Advertising Router: 10.0.0.3   LS Seq Number: 8000000D   Checksum: 0x9563   Length: 44   Router Priority: 1   Link Local Address: FE80::C805:7CFF:FEFB:38   Number of Prefixes: 0   LS age: 110   Options: (V6­Bit, E­Bit, R­bit, DC­Bit)   LS Type: Link­LSA (Interface: GigabitEthernet3/0)   Link State ID: 8 (Interface ID)   Advertising Router: 10.0.0.3   LS Seq Number: 8000000D   Checksum: 0xF5E5   Length: 44   Router Priority: 1   Link Local Address: FE80::C805:7CFF:FEFB:54   Number of Prefixes: 0 © Fred Bovy EIRL. IPv6 For Life. Page 10
  • 2.Introduction. Sunday, March 30, 2014 • One Intra-Area Prefixes LSA. The Router LSA does not provide any Prefix information anymore, only topological information! So we got a LSA dedicated to advertise prefixes and a LSA to advertise topology like who are our neighbors and the status of our links. It is easier than before to figure out as we do not need to use tricks to advertise a subnet mask of a point-to-point Network like before.         R3>shOW ipv6 ospf database prefix adv­router 10.0.0.3             OSPFv3 Router with ID (10.0.0.3) (Process ID 1)                 Intra Area Prefix Link States (Area 0)   Routing Bit Set on this LSA   LS age: 1686   LS Type: Intra­Area­Prefix­LSA   Link State ID: 14336   Advertising Router: 10.0.0.3   LS Seq Number: 8000000C   Checksum: 0x726D   Length: 44   Referenced LSA Type: 2002   Referenced Link State ID: 14   Referenced Advertising Router: 10.0.0.3   Number of Prefixes: 1   Prefix Address: 2001:DB8:678:1005::   Prefix Length: 64, Options: None, Metric: 0   Routing Bit Set on this LSA   LS age: 1686   LS Type: Intra­Area­Prefix­LSA   Link State ID: 15360   Advertising Router: 10.0.0.3   LS Seq Number: 8000000C   Checksum: 0x6A6F   Length: 44   Referenced LSA Type: 2002   Referenced Link State ID: 15   Referenced Advertising Router: 10.0.0.3   Number of Prefixes: 1   Prefix Address: 2001:DB8:678:1006::   Prefix Length: 64, Options: None, Metric: 0 © Fred Bovy EIRL. IPv6 For Life. Page 11
  • 2.Introduction. Sunday, March 30, 2014 Two LSAs have a new name The ABR Summary LSA (Type 3) is now an Inter-Area Prefixes LSA and the Type 4 Summary-LSA became Inter-Area-Router-LSAs R5#show ipv6 ospf database inter­area router              OSPFv3 Router with ID (192.168.100.5) (Process ID 1)                 Inter Area Router Link States (Area 1)   Routing Bit Set on this LSA   LS age: 61   Options: (V6­Bit, E­Bit, R­bit, DC­Bit)   LS Type: Inter Area Router Links   Link State ID: 167772163   Advertising Router: 10.0.0.2   LS Seq Number: 80000001   Checksum: 0x706F   Length: 32   Metric: 1    Destination Router ID: 10.0.0.3 1.5. Router ID No change with OSPFv2. You still need a Router ID in IPv4 format. The best recommendation is still to configure a loopback 0 interface with an IPv4 Interface. It will be used by many protocols like BGP. So even for an IPv6 Only Router, configure a loopback with a /32 IP address. Eventually you can also configure a /128 IPv6 Address for Router management. R2>show ipv6 ospf  Routing Process "ospfv3 1" with ID 10.0.0.2  It is an area border and autonomous system boundary router  Redistributing External Routes from,     static with metric 5  SPF schedule delay 5 secs, Hold time between two SPFs 10 secs  Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs  LSA group pacing timer 240 secs  Interface flood pacing timer 33 msecs  Retransmission pacing timer 66 msecs  Number of external LSA 2. Checksum Sum 0x00F2FA  Number of areas in this router is 2. 2 normal 0 stub 0 nssa  Reference bandwidth unit is 100 mbps © Fred Bovy EIRL. IPv6 For Life. Page 12
  • 2.Introduction. Sunday, March 30, 2014     Area BACKBONE(0)         Number of interfaces in this area is 6         SPF algorithm executed 804 times         Number of LSA 20. Checksum Sum 0x0AD206         Number of DCbitless LSA 0         Number of indication LSA 0         Number of DoNotAge LSA 0         Flood list length 0     Area 1         Number of interfaces in this area is 1         SPF algorithm executed 4 times         Number of LSA 12. Checksum Sum 0x063391         Number of DCbitless LSA 0         Number of indication LSA 0         Number of DoNotAge LSA 0         Flood list length 0 © Fred Bovy EIRL. IPv6 For Life. Page 13
  • 2.Introduction. Sunday, March 30, 2014 2. OSPF Basic Troubleshooting © Fred Bovy EIRL. IPv6 For Life. Page 14 Illustration 2: OSPF Troubleshooting
  • 2.Introduction. Sunday, March 30, 2014 2.1 Cisco Logging Debug debug ipv6 ospf adjacency output of a session restarting after IPSec configuration *Mar 14 18:54:09.919: OSPFv3: Rcv DBD from 10.0.0.2 on GigabitEthernet0/0 seq 0x534 opt 0x0013 flag 0x7  len 28  mtu 1500 state INIT *Mar 14 18:54:09.919: OSPFv3: 2 Way Communication to 10.0.0.2 on GigabitEthernet0/0, state 2WAY *Mar 14 18:54:09.919: OSPFv3: Neighbor change Event on interface GigabitEthernet0/0 *Mar 14 18:54:09.919: OSPFv3: DR/BDR election on GigabitEthernet0/0  *Mar 14 18:54:09.919: OSPFv3: Elect BDR 0.0.0.0 *Mar 14 18:54:09.919: OSPFv3: Elect DR 192.168.100.5 *Mar 14 18:54:09.919:        DR: 192.168.100.5 (Id)   BDR: none  *Mar 14 18:54:09.919: OSPFv3: GigabitEthernet0/0 Nbr 10.0.0.2: Prepare dbase exchange *Mar 14 18:54:09.919: OSPFv3: Send DBD to 10.0.0.2 on GigabitEthernet0/0 seq 0x112D opt 0x0013 flag 0x7  len 28 *Mar 14 18:54:09.923: OSPFv3: First DBD and we are not SLAVE *Mar 14 18:54:09.931: OSPFv3: Neighbor change Event on interface GigabitEthernet0/0 *Mar 14 18:54:09.931: OSPFv3: DR/BDR election on GigabitEthernet0/0  *Mar 14 18:54:09.931: OSPFv3: Elect BDR 10.0.0.2 *Mar 14 18:54:09.931: OSPFv3: Elect DR 192.168.100.5 *Mar 14 18:54:09.931:        DR: 192.168.100.5 (Id)   BDR: 10.0.0.2 (Id) *Mar 14 18:54:09.939: OSPFv3: Rcv DBD from 10.0.0.2 on GigabitEthernet0/0 seq 0x112D opt 0x0013 flag  0x2 len 328  mtu 1500 state EXSTART *Mar 14 18:54:09.939: OSPFv3: NBR Negotiation Done. We are the MASTER *Mar 14 18:54:09.939: OSPFv3: GigabitEthernet0/0 Nbr 10.0.0.2: Summary list built, size 13 *Mar 14 18:54:09.939: OSPFv3: Send DBD to 10.0.0.2 on GigabitEthernet0/0 seq 0x112E opt 0x0013 flag 0x1  len 288 *Mar 14 18:54:09.959: OSPFv3: Rcv LS REQ from 10.0.0.2 on GigabitEthernet0/0 length 40 LSA count 2 *Mar 14 18:54:09.959: OSPFv3: Send UPD to FE80::C803:7CFF:FEFB:A8 on GigabitEthernet0/0 length 72 LSA  count 2 *Mar 14 18:54:09.971: OSPFv3: Rcv DBD from 10.0.0.2 on GigabitEthernet0/0 seq 0x112E opt 0x0013 flag  0x0 len 28  mtu 1500 state EXCHANGE *Mar 14 18:54:09.971: OSPFv3: Exchange Done with 10.0.0.2 on GigabitEthernet0/0 *Mar 14 18:54:09.971: OSPFv3: Send LS REQ to 10.0.0.2 length 156 LSA count 13 *Mar 14 18:54:09.991: OSPFv3: Rcv LS UPD from 10.0.0.2 on GigabitEthernet0/0 length 496 LSA count 13 *Mar 14 18:54:09.991: OSPFv3: Synchronized with 10.0.0.2 on GigabitEthernet0/0, state FULL *Mar 14 18:54:09.991: %OSPFv3­5­ADJCHG: Process 1, Nbr 10.0.0.2 on GigabitEthernet0/0 from LOADING to  FULL, Loading Done *Mar 14 18:54:09.991: OSPFv3: GigabitEthernet0/0 Nbr 10.0.0.2: Clean­up dbase exchange You first need to be neighbor which means that you've got a bi-directional communication. You know it because you see your Router ID in the Hello sent by your Neighbor. So the first commands you need are show ip ospf interface and show ip ospf  © Fred Bovy EIRL. IPv6 For Life. Page 15
  • 2.Introduction. Sunday, March 30, 2014 neighbors. The same command exist with ipv6 instead of ip which is for IPv4. R3>sh ip ospf neighbor         Neighbor ID     Pri   State           Dead Time   Address         Interface 10.0.0.4          1   FULL/BDR        00:00:39    10.0.6.2        GigabitEthernet0/0.2 10.0.0.4          1   FULL/BDR        00:00:39    10.0.5.2        GigabitEthernet0/0.1 10.0.0.4          1   FULL/DR         00:00:34    10.0.100.14     GigabitEthernet1/0 10.0.0.2          1   FULL/BDR        00:00:33    10.0.100.6      GigabitEthernet3/0 R3>show ip ospf neighbor detail   Neighbor 10.0.0.4, interface address 10.0.6.2    In the area 0 via interface GigabitEthernet0/0.2     Neighbor priority is 1, State is FULL, 6 state changes     DR is 10.0.6.1 BDR is 10.0.6.2     Options is 0x12 in Hello (E­bit, L­bit)     Options is 0x52 in DBD (E­bit, L­bit, O­bit)     LLS Options is 0x1 (LR)     Dead timer due in 00:00:39     Neighbor is up for 06:50:25     Index 5/5, retransmission queue length 0, number of retransmission 0     First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)     Last retransmission scan length is 0, maximum is 0     Last retransmission scan time is 0 msec, maximum is 0 msec R3>show ipv6 ospf interface g0/0.1     GigabitEthernet0/0.1 is up, line protocol is up    Link Local Address FE80::C805:7CFF:FEFB:8, Interface ID 14   Area 0, Process ID 1, Instance ID 0, Router ID 10.0.0.3   Network Type BROADCAST, Cost: 1   Transmit Delay is 1 sec, State DR, Priority 1    Designated Router (ID) 10.0.0.3, local address FE80::C805:7CFF:FEFB:8   Backup Designated router (ID) 10.0.0.4, local address FE80::C806:7CFF:FEFB:8   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5     Hello due in 00:00:06   Index 1/4/4, flood queue length 0   Next 0x0(0)/0x0(0)/0x0(0)   Last flood scan length is 1, maximum is 7   Last flood scan time is 0 msec, maximum is 0 msec   Neighbor Count is 1, Adjacent neighbor count is 1      Adjacent with neighbor 10.0.0.4  (Backup Designated Router)   Suppress hello for 0 neighbor(s) R3>show ipv6 ospf neighbor  Neighbor ID     Pri   State           Dead Time   Interface ID    Interface 10.0.0.4          1   FULL/BDR        00:00:31    15              GigabitEthernet0/0.2 10.0.0.4          1   FULL/BDR        00:00:32    14              GigabitEthernet0/0.1 10.0.0.4          1   FULL/BDR        00:00:34    6               GigabitEthernet1/0 10.0.0.2          1   FULL/BDR        00:00:32    8               GigabitEthernet3/0 R3>show ipv6 ospf neighbor detail  Neighbor 10.0.0.4     In the area 0 via interface GigabitEthernet0/0.2  © Fred Bovy EIRL. IPv6 For Life. Page 16
  • 2.Introduction. Sunday, March 30, 2014     Neighbor: interface­id 15, link­local address FE80::C806:7CFF:FEFB:8     Neighbor priority is 1, State is FULL, 6 state changes     DR is 10.0.0.3 BDR is 10.0.0.4     Options is 0x000013 in Hello (V6­Bit, E­Bit, R­bit)     Options is 0x000013 in DBD (V6­Bit, E­Bit, R­bit)     Dead timer due in 00:00:36     Neighbor is up for 05:58:34     Index 1/4/4, retransmission queue length 0, number of retransmission 24     First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)     Last retransmission scan length is 1, maximum is 2     Last retransmission scan time is 0 msec, maximum is 0 msec  Neighbor 10.0.0.4     In the area 0 via interface GigabitEthernet0/0.1      Neighbor: interface­id 14, link­local address FE80::C806:7CFF:FEFB:8     Neighbor priority is 1, State is FULL, 6 state changes     DR is 10.0.0.3 BDR is 10.0.0.4     Options is 0x000013 in Hello (V6­Bit, E­Bit, R­bit)     Options is 0x000013 in DBD (V6­Bit, E­Bit, R­bit)     Dead timer due in 00:00:38     Neighbor is up for 05:58:49     Index 1/3/3, retransmission queue length 0, number of retransmission 16     First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)     Last retransmission scan length is 1, maximum is 2     Last retransmission scan time is 0 msec, maximum is 0 msec  Neighbor 10.0.0.4     In the area 0 via interface GigabitEthernet1/0      Neighbor: interface­id 6, link­local address FE80::C806:7CFF:FEFB:1C     Neighbor priority is 1, State is FULL, 6 state changes     DR is 10.0.0.3 BDR is 10.0.0.4     Options is 0x000013 in Hello (V6­Bit, E­Bit, R­bit)     Options is 0x000013 in DBD (V6­Bit, E­Bit, R­bit)     Dead timer due in 00:00:38     Neighbor is up for 06:10:38     Index 1/2/2, retransmission queue length 0, number of retransmission 23     First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)     Last retransmission scan length is 0, maximum is 2     Last retransmission scan time is 0 msec, maximum is 0 msec  Neighbor 10.0.0.2     In the area 0 via interface GigabitEthernet3/0      Neighbor: interface­id 8, link­local address FE80::C803:7CFF:FEFB:54     Neighbor priority is 1, State is FULL, 12 state changes     DR is 10.0.0.3 BDR is 10.0.0.2     Options is 0x000013 in Hello (V6­Bit, E­Bit, R­bit)     Options is 0x000013 in DBD (V6­Bit, E­Bit, R­bit)     Dead timer due in 00:00:35     Neighbor is up for 04:20:30     Index 1/1/1, retransmission queue length 0, number of retransmission 7     First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)     Last retransmission scan length is 2, maximum is 5     Last retransmission scan time is 0 msec, maximum is 0 msec 2.1. OSPF Multicast Addresses Then you may be Adjacent if you synchronize your database with your neighbor. On a Point-to-Point all the neighbors need to be Adjacent. © Fred Bovy EIRL. IPv6 For Life. Page 17
  • 2.Introduction. Sunday, March 30, 2014 On a LAN interface, you only need to be adjacent with the Designated Router or DR and its Backup or BDR. With the other neighbors of the multipoint network you are Two-Way. On a Multipoint Network you are Adjacent with the DR and the BDR who have got a dedicated multicast address so you can send them a packet without having to duplicate. All OSPF routers use 224.0.0.5 and ff02::5. The DR and BDR have 224.0.0.6 for IPv4 and ff02::6 for IPv6 Multicast Addresses.. OSPF makes a difference between transit Networks and Stub Networks. When the hello is not successful to form a relationship, check the timers .It can often occurs when you mix interface type for instance having a Point-to-point interface in front of a Non-Broadcast interface. LAN interface Timers are 10/40 when WAN interfaces timers are 30/120. The first number is the HELLO interval and the second number is the DEAD interval. Interface with different timers will not form Neighbor relationship and will never be Adjacent. 2.2. OSPF Networks Types Many problems come from the ignorance of the different interface type that OSPF can deal with. The benefit and drawbacks from each. The two basics Network type for OSPF are Point-to-Point and Multipoint. The Multipoint Networks supports Broadcast and Multicast or Not (NBMA). They need a DR and a BDR to optimize the flooding and generates one LSA on the behalf of all nodes instead of repeating the same thing by all nodes. The Point-to-Point have CISCO modes to take the most of any partiaal meshed Architectures easily. This is Point-to-Multipoint and Point-to-Multipoint Non- Broadcast. The default for LAN interface is BROADCAST and for Serial Interface is Non-Broadcast. The Multipoint Interfaces needs a DR, the point-to-point don't. The Gigabit Interfaces are configured as Multipoints Interfaces by OSPF. I recommend if you use your Gig or 10Gig interface as a dedicated p2p between two routers to set them as Point-to-Point, the interface will not wait 40 Seconds before being activated when you do a no shut. Don't do it if the Gig interface is on a VLAN with multiple neighbors. © Fred Bovy EIRL. IPv6 For Life. Page 18
  • 2.Introduction. Sunday, March 30, 2014 On a Point-to-Point we must be adjacent with all the neighbors. On a Multipoint we must be adjacent with the DR and the BDR and two-Way neighbors with the others. When we are adjacent and neighbors with the right routers. We can check the Network LSA for each Multipoint interfaces: Broadcast or NBMA2 . Example: R3#show ipv6 ospf database network adv­router 10.0.0.2             OSPFv3 Router with ID (10.0.0.3) (Process ID 1)                 Net Link States (Area 0)   LS age: 62   Options: (V6­Bit, E­Bit, R­bit, DC­Bit)   LS Type: Network Links   Link State ID: 8 (Interface ID of Designated Router) 2 Non Broadcast Multiple Access © Fred Bovy EIRL. IPv6 For Life. Page 19 Illustration 3: OSPF Network Types DR and BDR
  • 2.Introduction. Sunday, March 30, 2014   Advertising Router: 10.0.0.2   LS Seq Number: 80000001   Checksum: 0x2DAE   Length: 32         Attached Router: 10.0.0.2         Attached Router: 10.0.0.3 3. OSPFv3 Architectures There is no difference with OSPFv2 on the OSPF Architectures. The full topology is only available in the current Area with Router (Type 1) and Network (Type 2) LSA. R3#sh ipv6 ospf database router adv­router 10.0.0.4             OSPFv3 Router with ID (10.0.0.3) (Process ID 1)                 Router Link States (Area 0)   LS age: 1372   Options: (V6­Bit, E­Bit, R­bit, DC­Bit)   LS Type: Router Links   Link State ID: 0   Advertising Router: 10.0.0.4   LS Seq Number: 80000020   Checksum: 0xEC1F   Length: 88   Number of Links: 4     Link connected to: a Transit Network       Link Metric: 1       Local Interface ID: 15       Neighbor (DR) Interface ID: 15       Neighbor (DR) Router ID: 10.0.0.4     Link connected to: a Transit Network       Link Metric: 1       Local Interface ID: 14       Neighbor (DR) Interface ID: 14       Neighbor (DR) Router ID: 10.0.0.4     Link connected to: a Transit Network       Link Metric: 1       Local Interface ID: 7       Neighbor (DR) Interface ID: 7       Neighbor (DR) Router ID: 10.0.0.4     Link connected to: a Transit Network       Link Metric: 1       Local Interface ID: 6 © Fred Bovy EIRL. IPv6 For Life. Page 20
  • 3.OSPFv3 Architectures. Sunday, March 30, 2014       Neighbor (DR) Interface ID: 6       Neighbor (DR) Router ID: 10.0.0.4 R3#show ipv6 ospf database network adv­router 10.0.0.4             OSPFv3 Router with ID (10.0.0.3) (Process ID 1)                 Net Link States (Area 0)   LS age: 1579   Options: (V6­Bit, E­Bit, R­bit, DC­Bit)   LS Type: Network Links   Link State ID: 6 (Interface ID of Designated Router)   Advertising Router: 10.0.0.4   LS Seq Number: 80000002   Checksum: 0x4791   Length: 32         Attached Router: 10.0.0.4         Attached Router: 10.0.0.3   LS age: 1823   Options: (V6­Bit, E­Bit, R­bit, DC­Bit)   LS Type: Network Links   Link State ID: 7 (Interface ID of Designated Router)   Advertising Router: 10.0.0.4   LS Seq Number: 80000012   Checksum: 0xFB9   Length: 32         Attached Router: 10.0.0.4         Attached Router: 10.0.0.2   LS age: 1579   Options: (V6­Bit, E­Bit, R­bit, DC­Bit)   LS Type: Network Links   Link State ID: 14 (Interface ID of Designated Router)   Advertising Router: 10.0.0.4   LS Seq Number: 80000002   Checksum: 0xF6D9   Length: 32         Attached Router: 10.0.0.4         Attached Router: 10.0.0.3   LS age: 1580   Options: (V6­Bit, E­Bit, R­bit, DC­Bit)   LS Type: Network Links   Link State ID: 15 (Interface ID of Designated Router)   Advertising Router: 10.0.0.4   LS Seq Number: 80000002   Checksum: 0xECE2   Length: 32 © Fred Bovy EIRL. IPv6 For Life. Page 21
  • 3.OSPFv3 Architectures. Sunday, March 30, 2014         Attached Router: 10.0.0.4         Attached Router: 10.0.0.3 The ABR summarize the routes when they can or send each route one by one as a Distance-Vector Protocol with Inter Area LSA (Type 3). This is why all Areas MUST be connected to Area 0. If it is impossible it is possible to connect the remote Area across a Transit Area using a Virtual Link. R5>show ipv6 ospf database inter­area prefix              OSPFv3 Router with ID (192.168.100.5) (Process ID 1)                 Inter Area Prefix Link States (Area 1)   Routing Bit Set on this LSA   LS age: 1388   LS Type: Inter Area Prefix Links   Link State ID: 0   Advertising Router: 10.0.0.2   LS Seq Number: 80000008   Checksum: 0x6505   Length: 36   Metric: 1    Prefix Address: 2001:DB8:678:1003::   Prefix Length: 64, Options: None   Routing Bit Set on this LSA   LS age: 1388   LS Type: Inter Area Prefix Links   Link State ID: 1   Advertising Router: 10.0.0.2   LS Seq Number: 80000008   Checksum: 0x4921   Length: 36   Metric: 1    Prefix Address: 2001:DB8:678:1002::   Prefix Length: 64, Options: None   Routing Bit Set on this LSA   LS age: 1391   LS Type: Inter Area Prefix Links   Link State ID: 2   Advertising Router: 10.0.0.2   LS Seq Number: 80000008   Checksum: 0x2D3D   Length: 36   Metric: 1  © Fred Bovy EIRL. IPv6 For Life. Page 22
  • 3.OSPFv3 Architectures. Sunday, March 30, 2014   Prefix Address: 2001:DB8:678:1001::   Prefix Length: 64, Options: None   Routing Bit Set on this LSA   LS age: 1397   LS Type: Inter Area Prefix Links   Link State ID: 3   Advertising Router: 10.0.0.2   LS Seq Number: 80000008   Checksum: 0x83DF   Length: 36   Metric: 2    Prefix Address: 2001:DB8:678:1006::   Prefix Length: 64, Options: None   Routing Bit Set on this LSA   LS age: 1398   LS Type: Inter Area Prefix Links   Link State ID: 4   Advertising Router: 10.0.0.2   LS Seq Number: 80000008   Checksum: 0x67FB   Length: 36   Metric: 2    Prefix Address: 2001:DB8:678:1005::   Prefix Length: 64, Options: None An Autonomous System Border Router connect your OSPF domain to another domain. For instance, a partner or the Internet. The ASBR generates a LSA Type 5 for each route that it advertizes and these LSA are flooded across the whole domain.To compute the route to the external route outside of the Area where the ASBR sits, the router needs the Inter- Area Router LSA to know how to reach the gateway. So, the ABR generates an Inter-Area Router LSA (Type 4) flooded across the whole domain for the other Area router to reach the Gateway. R5>show ipv6 ospf database inter­area router              OSPFv3 Router with ID (192.168.100.5) (Process ID 1)                 Inter Area Router Link States (Area 1)   Routing Bit Set on this LSA   LS age: 732   Options: (V6­Bit, E­Bit, R­bit, DC­Bit)   LS Type: Inter Area Router Links   Link State ID: 167772163   Advertising Router: 10.0.0.2 © Fred Bovy EIRL. IPv6 For Life. Page 23
  • 3.OSPFv3 Architectures. Sunday, March 30, 2014   LS Seq Number: 80000002   Checksum: 0x6E70   Length: 32   Metric: 1    Destination Router ID: 10.0.0.3 R5#show ipv6 ospf data external              OSPFv3 Router with ID (192.168.100.5) (Process ID 1)                 Type­5 AS External Link States   Routing Bit Set on this LSA   LS age: 291   LS Type: AS External Link   Link State ID: 0   Advertising Router: 10.0.0.2   LS Seq Number: 80000009   Checksum: 0x777D   Length: 32   Prefix Address: 2001:DB8::   Prefix Length: 32, Options: None   Metric Type: 2 (Larger than any link state path)   Metric: 5    LS age: 26   LS Type: AS External Link   Link State ID: 0   Advertising Router: 10.0.0.3   LS Seq Number: 8000000B   Checksum: 0x6D84   Length: 32   Prefix Address: 2001:DB8::   Prefix Length: 32, Options: None   Metric Type: 2 (Larger than any link state path)   Metric: 5  © Fred Bovy EIRL. IPv6 For Life. Page 24
  • 4.Type of Area. Sunday, March 30, 2014 4. Type of Area The same types of Area exist in OSPFv3 from OSPFv2. Regular Area receives Type 3, 4 and 5 LSA. © Fred Bovy EIRL. IPv6 For Life. Page 25 Illustration 4: OSPF Regular Area
  • 4.Type of Area. Sunday, March 30, 2014 4.1 Stub Area Then you got the Stub area which filter the External Routes related LSAs:Type 4 and 5. We still receive the Inter-Area LSA (Type 3). Below is a configuration and a Routing table of such Area. “default-information originate always” inject a default route in the Area. ipv6 router ospf 1  log­adjacency­changes  area 7 stub  default­information originate always © Fred Bovy EIRL. IPv6 For Life. Page 26 Illustration 5: OSPF Stub Area
  • 4.Type of Area. Sunday, March 30, 2014 R7#show ipv6 route IPv6 Routing Table ­ Default ­ 20 entries Codes: C ­ Connected, L ­ Local, S ­ Static, U ­ Per­user Static route        B ­ BGP, M ­ MIPv6, R ­ RIP, I1 ­ ISIS L1        I2 ­ ISIS L2, IA ­ ISIS interarea, IS ­ ISIS summary, D ­ EIGRP        EX ­ EIGRP external        O ­ OSPF Intra, OI ­ OSPF Inter, OE1 ­ OSPF ext 1, OE2 ­ OSPF ext 2        ON1 ­ OSPF NSSA ext 1, ON2 ­ OSPF NSSA ext 2 OI  ::/0 [110/2]      via FE80::C803:DFF:FE03:70, GigabitEthernet1/0 OI  2001:678:ABC:1000::/64 [110/3]      via FE80::C803:DFF:FE03:70, GigabitEthernet1/0 C   2001:678:ABC:7000::/64 [0/0]      via GigabitEthernet1/0, directly connected L   2001:678:ABC:7000::7/128 [0/0]      via GigabitEthernet1/0, receive OI  2001:DB8:678::1/128 [110/3]      via FE80::C803:DFF:FE03:70, GigabitEthernet1/0 OI  2001:DB8:678::2/128 [110/2]      via FE80::C803:DFF:FE03:70, GigabitEthernet1/0 OI  2001:DB8:678::3/128 [110/2]      via FE80::C803:DFF:FE03:70, GigabitEthernet1/0 OI  2001:DB8:678::4/128 [110/1]      via FE80::C803:DFF:FE03:70, GigabitEthernet1/0 OI  2001:DB8:678:ABC:5::5/128 [110/3]      via FE80::C803:DFF:FE03:70, GigabitEthernet1/0 OI  2001:DB8:678:1001::/64 [110/4]      via FE80::C803:DFF:FE03:70, GigabitEthernet1/0 OI  2001:DB8:678:1002::/64 [110/3]      via FE80::C803:DFF:FE03:70, GigabitEthernet1/0 OI  2001:DB8:678:1003::/64 [110/3]      via FE80::C803:DFF:FE03:70, GigabitEthernet1/0 OI  2001:DB8:678:1005::/64 [110/2]      via FE80::C803:DFF:FE03:70, GigabitEthernet1/0 OI  2001:DB8:678:1006::/64 [110/2]      via FE80::C803:DFF:FE03:70, GigabitEthernet1/0 C   2001:DB8:678:7200::/64 [0/0]      via GigabitEthernet1/0, directly connected L   2001:DB8:678:7200::7/128 [0/0]      via GigabitEthernet1/0, receive OI  2001:DB8:678:8200::/64 [110/4]      via FE80::C803:DFF:FE03:70, GigabitEthernet1/0 LC  2001:DB8:ABC:7::7/128 [0/0]      via Loopback0, receive OI  2001:DB8:ABC:8::8/128 [110/4]      via FE80::C803:DFF:FE03:70, GigabitEthernet1/0 L   FF00::/8 [0/0]      via Null0, receive © Fred Bovy EIRL. IPv6 For Life. Page 27
  • 4.Type of Area. Sunday, March 30, 2014 This is the Inter Area Prefix generated by the ABR for the default route: R8>sh ipv6 ospf database inter­area prefix              OSPFv3 Router with ID (10.0.0.8) (Process ID 1)                 Inter Area Prefix Link States (Area 8)   Routing Bit Set on this LSA   LS age: 1370   LS Type: Inter Area Prefix Links   Link State ID: 16   Advertising Router: 10.0.0.1   LS Seq Number: 80000003   Checksum: 0xA878   Length: 28   Metric: 1    Prefix Address: ::   Prefix Length: 0, Options: None And this is the Link LSA of R1: R8#sh ipv6 ospf data link adv­router 10.0.0.1             OSPFv3 Router with ID (10.0.0.8) (Process ID 1)                 Link (Type­8) Link States (Area 8)   LS age: 1741   Options: (V6­Bit, R­bit, DC­Bit)   LS Type: Link­LSA (Interface: GigabitEthernet1/0)   Link State ID: 9 (Interface ID)   Advertising Router: 10.0.0.1   LS Seq Number: 80000003   Checksum: 0xBA5B   Length: 56   Router Priority: 1   Link Local Address: FE80::C802:CFF:FEF0:70   Number of Prefixes: 1   Prefix Address: 2001:DB8:678:8200::   Prefix Length: 64, Options: None 4.2 Totally Stuby Area In these area, the ABR also filters the Inter-Area Prefixes and injecst a default route. Configuration ipv6 router ospf 1  area 8 stub no­summary © Fred Bovy EIRL. IPv6 For Life. Page 28
  • 4.Type of Area. Sunday, March 30, 2014 IPv6 route of a Totally Stubby Area Router R8>show ipv6 route IPv6 Routing Table ­ Default ­ 5 entries Codes: C ­ Connected, L ­ Local, S ­ Static, U ­ Per­user Static route        B ­ BGP, M ­ MIPv6, R ­ RIP, I1 ­ ISIS L1        I2 ­ ISIS L2, IA ­ ISIS interarea, IS ­ ISIS summary, D ­ EIGRP        EX ­ EIGRP external        O ­ OSPF Intra, OI ­ OSPF Inter, OE1 ­ OSPF ext 1, OE2 ­ OSPF ext 2        ON1 ­ OSPF NSSA ext 1, ON2 ­ OSPF NSSA ext 2 OI  ::/0 [110/2] © Fred Bovy EIRL. IPv6 For Life. Page 29 Illustration 6: OSPF Totally Stubby Area
  • 4.Type of Area. Sunday, March 30, 2014      via FE80::C802:CFF:FEF0:70, GigabitEthernet1/0 C   2001:DB8:678:8200::/64 [0/0]      via GigabitEthernet1/0, directly connected L   2001:DB8:678:8200::8/128 [0/0]      via GigabitEthernet1/0, receive LC  2001:DB8:ABC:8::8/128 [0/0]      via Loopback0, receive L   FF00::/8 [0/0]      via Null0, receive Here is the LSA for the default Route, R1 Loopback. #show ipv6 ospf data inter­area prefix              OSPFv3 Router with ID (10.0.0.8) (Process ID 1)                 Inter Area Prefix Link States (Area 8)   Routing Bit Set on this LSA   LS age: 1498   LS Type: Inter Area Prefix Links   Link State ID: 16   Advertising Router: 10.0.0.1   LS Seq Number: 80000002   Checksum: 0xAA77   Length: 28   Metric: 1    Prefix Address: ::   Prefix Length: 0, Options: None Not So Stubby Area Now, what if I have a Stub Area since I do not want to receive a long routing table made of External routes but I want to redistribute in my Area a couple of Networks because a group of users have a VSAT appliance only running RIP in their Lab for instance? In this case you can configure it as a NSSA or a Not So Stubby Area. In this case the redistributed routes will be LSA Type 7 because Type 5 are forbidden in a Stub Area. One ABR3 will be responsible to translate the LSA Type 7 to type 5 to connect the small group to the rest of the planet. The NSSA also permit the Inter-Area Prefix LSAa (Type 3) to see routes in other Area. If this is a Problem you can configure your area as a Totally Not So Stubby Area! 3 Area Border Router © Fred Bovy EIRL. IPv6 For Life. Page 30
  • 4.Type of Area. Sunday, March 30, 2014 R8#conf t R8(config)#ipv6 router ospf 1 R8(config­rtr)#no area 8 stub R8(config­rtr)#area 8 nssa R8(config­rtr)#redistribute connected Totally Not So Stubby Area And if you do not want to receive the Inter-Area Prefix (LSA Type 3) it is posssible to configure the area with tge no auto-summary option and have a TOTALLY Not So Stubby Area with “area 8 nssa no­summary” R8#conf t R8(config)#ipv6 router ospf 1 R8(config­rtr)#no area 8 nssa stub R8(config­rtr)#area 8 nssa no auto­summary R8(config­rtr)#redistribute connected © Fred Bovy EIRL. IPv6 For Life. Page 31
  • A. Router Configurations. Sunday, March 30, 2014 A. Router Configurations see http://www.ipv6forlife.com/Tutorial/labDS/ R1 ! ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password­encryption ! hostname R1 ! boot­start­marker boot­end­marker ! logging message­counter syslog ! no aaa new­model ip source­route ip cef ipv6 unicast­routing ipv6 cef ! multilink bundle­name authenticated archive  log config   hidekeys !  ! ! interface Loopback0  ip address 10.0.0.1 255.255.255.255  ipv6 address 2001:DB8:678::1/128 ! interface GigabitEthernet1/0.1  encapsulation dot1Q 1 native  ip address 10.0.1.1 255.255.255.0  ipv6 address 2001:DB8:678:1001::1/64  ipv6 ospf 1 area 0  glbp 1 ip 10.0.1.100  glbp 11 ipv6 autoconfig ! interface GigabitEthernet1/0.2 © Fred Bovy EIRL. IPv6 For Life. Page 32
  • A. Router Configurations. Sunday, March 30, 2014  encapsulation dot1Q 2  ip address 10.0.2.1 255.255.255.0  ipv6 address 2001:DB8:678:1002::1/64  ipv6 ospf 1 area 0  glbp 2 ip 10.0.2.100  glbp 12 ipv6 autoconfig ! interface GigabitEthernet1/0.3  encapsulation dot1Q 3  ip address 10.0.3.1 255.255.255.0  ipv6 address 2001:DB8:678:1003::1/64  ipv6 ospf 1 area 0  glbp 3 ip 10.0.3.100  glbp 13 ipv6 autoconfig ! interface GigabitEthernet3/0  ip address 10.0.100.10 255.255.255.252  negotiation auto router ospf 1  log­adjacency­changes  network 10.0.0.0 0.255.255.255 area 0 ! ip forward­protocol nd no ip http server no ip http secure­server ! ipv6 router ospf 1  log­adjacency­changes ! control­plane ! gatekeeper  shutdown ! line con 0  stopbits 1 line aux 0  stopbits 1 line vty 0 4  login ! end © Fred Bovy EIRL. IPv6 For Life. Page 33
  • A. Router Configurations. Sunday, March 30, 2014 R2 ! ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password­encryption ! hostname R2 ! boot­start­marker boot­end­marker ! logging message­counter syslog ! no aaa new­model ip source­route ip cef ! ipv6 unicast­routing ipv6 cef ! multilink bundle­name authenticated ! archive  log config   hidekeys ! interface Loopback0  ip address 10.0.0.2 255.255.255.255  ipv6 address 2001:DB8:678::2/128 interface GigabitEthernet1/0.1  encapsulation dot1Q 1 native  ip address 10.0.1.2 255.255.255.0  ipv6 address 2001:DB8:678:1001::2/64  ipv6 ospf 1 area 0  Glbp 1 10.0.1.100  glbp 11 ipv6 autoconfig ! interface GigabitEthernet1/0.2  encapsulation dot1Q 2  ip address 10.0.2.2 255.255.255.0  ipv6 address 2001:DB8:678:1002::2/64  ipv6 ospf 1 area 0  glbp 2 ip 10.0.2.100  glbp 12 ipv6 autoconfig © Fred Bovy EIRL. IPv6 For Life. Page 34
  • A. Router Configurations. Sunday, March 30, 2014 ! interface GigabitEthernet1/0.3  encapsulation dot1Q 3  ip address 10.0.3.2 255.255.255.0  ipv6 address 2001:DB8:678:1003::2/64  ipv6 ospf 1 area 0  glbp 3 ip 10.0.3.100  glbp 13 ipv6 autoconfig ! interface GigabitEthernet2/0  ip address 10.0.100.2 255.255.255.252  negotiation auto  ipv6 enable  ipv6 ospf 1 area 0 ! interface GigabitEthernet3/0  ip address 10.0.100.6 255.255.255.252  negotiation auto  ipv6 enable  ipv6 ospf 1 area 0 ! interface GigabitEthernet4/0  ip address 10.0.100.17 255.255.255.252  negotiation auto  ipv6 enable  ipv6 ospf 1 area 0 ! router ospf 1  log­adjacency­changes  network 10.0.0.0 0.255.255.255 area 0 ! ip forward­protocol nd no ip http server no ip http secure­server ! ipv6 router ospf 1  log­adjacency­changes ! control­plane gatekeeper  shutdown ! line con 0  stopbits 1 line aux 0  stopbits 1 line vty 0 4  login ! End © Fred Bovy EIRL. IPv6 For Life. Page 35
  • A. Router Configurations. Sunday, March 30, 2014 R3 upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password­encryption ! hostname R3 ! boot­start­marker boot­end­marker ! logging message­counter syslog ! no aaa new­model ip source­route ip cef ! ipv6 unicast­routing ipv6 cef ! multilink bundle­name authenticated ! archive  log config   hidekeys ! interface Loopback0  ip address 10.0.0.3 255.255.255.255  ipv6 address 2001:DB8:678::3/128  ipv6 enable ! interface GigabitEthernet0/0.1  encapsulation dot1Q 1 native  ip address 10.0.5.1 255.255.255.0  ipv6 address 2001:DB8:678:1005::3/64  ipv6 ospf 1 area 0  glbp 1 ip 10.0.5.100  glbp 11 ipv6 autoconfig ! interface GigabitEthernet0/0.2  encapsulation dot1Q 2  ip address 10.0.6.1 255.255.255.0  ipv6 address 2001:DB8:678:1006::3/64  ipv6 ospf 1 area 0  glbp 2 ip 10.0.6.100  glbp 22 ipv6 autoconfig © Fred Bovy EIRL. IPv6 For Life. Page 36
  • A. Router Configurations. Sunday, March 30, 2014 ! interface GigabitEthernet1/0  ip address 10.0.100.13 255.255.255.252  negotiation auto  ipv6 enable  ipv6 ospf 1 area 0 ! interface GigabitEthernet2/0  ip address 10.0.100.9 255.255.255.252  negotiation auto  ipv6 enable  ipv6 ospf 1 area 0 ! interface GigabitEthernet3/0  ip address 10.0.100.5 255.255.255.252  negotiation auto  ipv6 enable  ipv6 ospf 1 area 0 ! router ospf 1  log­adjacency­changes  network 10.0.0.0 0.255.255.255 area 0 ! ip local pool fred 10.0.5.100 10.0.5.140 ip forward­protocol nd no ip http server no ip http secure­server ipv6 router ospf 1  log­adjacency­changes ! control­plane ! gatekeeper  shutdown ! ! line con 0  stopbits 1 line aux 0  stopbits 1 line vty 0 4  login ! End R4 ! upgrade fpd auto © Fred Bovy EIRL. IPv6 For Life. Page 37
  • A. Router Configurations. Sunday, March 30, 2014 version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password­encryption ! hostname R4 ! boot­start­marker boot­end­marker ! logging message­counter syslog ! no aaa new­model ip source­route ip cef ! ipv6 unicast­routing ipv6 cef ! multilink bundle­name authenticated archive  log config   hidekeys !  interface Loopback0  ip address 10.0.0.4 255.255.255.255  ipv6 address 2001:DB8:678::4/128 ! interface GigabitEthernet0/0  no ip address  duplex full  speed 1000  media­type gbic  negotiation auto ! interface GigabitEthernet0/0.1  encapsulation dot1Q 1 native  ip address 10.0.5.2 255.255.255.0  ipv6 address 2001:DB8:678:1005::4/64  ipv6 ospf 1 area 0  glbp 1 ip 10.0.5.100  glbp 11 ipv6 autoconfig ! interface GigabitEthernet0/0.2  encapsulation dot1Q 2  ip address 10.0.6.2 255.255.255.0  ipv6 address 2001:DB8:678:1006::4/64  ipv6 ospf 1 area 0   glbp 2 ip 10.0.6.100 © Fred Bovy EIRL. IPv6 For Life. Page 38
  • A. Router Configurations. Sunday, March 30, 2014  glbp 22 ipv6 autoconfig ! interface GigabitEthernet1/0  ip address 10.0.100.14 255.255.255.252  negotiation auto  ipv6 enable  ipv6 ospf 1 area 0 ! interface GigabitEthernet2/0  ip address 10.0.100.18 255.255.255.252  negotiation auto  ipv6 enable  ipv6 ospf 1 area 0 ! router ospf 1  log­adjacency­changes  network 10.0.0.0 0.255.255.255 area 0 ! ip forward­protocol nd no ip http server no ip http secure­server ! ipv6 router ospf 1  log­adjacency­changes ! control­plane ! gatekeeper  shutdown ! line con 0  stopbits 1 line aux 0  stopbits 1 line vty 0 4  login © Fred Bovy EIRL. IPv6 For Life. Page 39
  • B. GLBP. Sunday, March 30, 2014 B. GLBP GLBP enable more redundancy and load-balancing as up to 4 Forwarders can be active at the same time. It is just one line of command on the interface and the work station next hop will be a virtual address with a virtual MAC Address. With GLBP, the Active forwarders is based on a Weigth parameter. It is possible to track an object like a routing entry and decrement the Weigth if the route is gone for another router to take over. Show glbp …. GigabitEthernet1/0.2 ­ Group 2   State is Standby     1 state change, last state change 00:01:11   Virtual IP address is 10.0.2.100   Hello time 3 sec, hold time 10 sec     Next hello sent in 0.864 secs   Redirect time 600 sec, forwarder timeout 14400 sec   Preemption disabled   Active is 10.0.2.1, priority 100 (expires in 7.904 sec)   Standby is local   Priority 100 (default)   Weighting 100 (default 100), thresholds: lower 1, upper 100   Load balancing: round­robin   Group members:     ca04.0e68.001c (10.0.2.1)     ca06.0e77.001c (10.0.2.2) local   There are 2 forwarders (1 active)   Forwarder 1     State is Listen     MAC address is 0007.b400.0201 (learnt)     Owner ID is ca04.0e68.001c     Time to live: 14397.312 sec (maximum 14400 sec)     Preemption enabled, min delay 30 sec     Active is 10.0.2.1 (primary), weighting 100 (expires in 8.864 sec)   Forwarder 2     State is Active       1 state change, last state change 00:01:04     MAC address is 0007.b400.0202 (default)     Owner ID is ca06.0e77.001c     Preemption enabled, min delay 30 sec     Active is local, weighting 100 GigabitEthernet1/0.2 ­ Group 12   State is Active     2 state changes, last state change 00:12:05 © Fred Bovy EIRL. IPv6 For Life. Page 40
  • B. GLBP. Sunday, March 30, 2014   Virtual IP address is FE80::7:B4FF:FE00:C00 (auto­configured)   Hello time 3 sec, hold time 10 sec     Next hello sent in 0.864 secs   Redirect time 600 sec, forwarder timeout 14400 sec   Preemption disabled   Active is local   Standby is FE80::C804:EFF:FE68:1C, priority 100 (expires in 9.408 sec)   Priority 100 (default)   Weighting 100 (default 100), thresholds: lower 1, upper 100   Load balancing: round­robin   Group members:     ca04.0e68.001c (FE80::C804:EFF:FE68:1C)     ca06.0e77.001c (FE80::C806:EFF:FE77:1C) local   There are 2 forwarders (1 active)   Forwarder 1     State is Listen       4 state changes, last state change 00:10:31     MAC address is 0007.b400.0c01 (learnt)     Owner ID is ca04.0e68.001c     Redirection enabled, 598.400 sec remaining (maximum 600 sec)     Time to live: 14398.400 sec (maximum 14400 sec)     Preemption enabled, min delay 30 sec     Active is FE80::C804:EFF:FE68:1C (primary), weighting 100 (expires in 8.608 sec)   Forwarder 2     State is Active       1 state change, last state change 03:08:52     MAC address is 0007.b400.0c02 (default)     Owner ID is ca06.0e77.001c     Redirection enabled     Preemption enabled, min delay 30 sec     Active is local, weighting 100 © Fred Bovy EIRL. IPv6 For Life. Page 41
  • C. BGP Connection. Sunday, March 30, 2014 C. BGP Connection BGP Lab Topology A new Neighbor has been added to simulate another AS Advertising the same routes. R2 and R5 are directly connected with an IPv4 and an IPv6 Session, same for R3 and R6. The same routes are learned by R2 from AS 65000 and R3 from AS 64000. This is specific case with a few routes so redistribution of BGPv6 in OSPFv3 is possible. In the real life when BGP is used to learn a lot of routes like the Internet Routing Tables, there is no redistribution in OSPF. OSPF is only used to resolve the BGP next-hop. iBGP sessions are responsible to dispatch the routes into the backbone. We would use a pair of BGP Route Reflector to avoid a full mesh of iBGP sessions between all core routers. © Fred Bovy EIRL. IPv6 For Life. Page 42 Illustration 7: BGP Topology
  • C. BGP Connection. Sunday, March 30, 2014 Usually we choose the Route Reflectors out of the forwarding path to act as routes servers but here we could also choose to use R1 and R4 if they have enough resources of CPU and RAM to manage Internet Routing Tables processing. In our case there is an iBGP session between R2 and R3 only. I will make another guide for BGP and IPV6. Differences with IPv6 We can use a different session to carry each protocol. Like here we have an IPv6 session to carry IPv6 routes and an IPv4 session to carry IPv4. In the lab for R5-R2 there are two sessions one IPv4 for IPv4 routes and one IPv6 for IPV6 routes. On R6-R3 we only have an IPv6 session. We can also use Link-Local Addresses for eBGP sessions. Some useful commands The commands are the same than IPv4 with the addition of IPv6 in the CLI commands like: R2#show bgp ipv6 unicast summary  BGP router identifier 10.0.0.2, local AS number 100 BGP table version is 211, main routing table version 211 14 network entries using 2184 bytes of memory 28 path entries using 2128 bytes of memory 3/1 BGP path/bestpath attribute entries using 504 bytes of memory 2 BGP AS­PATH entries using 48 bytes of memory 0 BGP route­map cache entries using 0 bytes of memory 0 BGP filter­list cache entries using 0 bytes of memory Bitfield cache entries: current 1 (at peak 1) using 32 bytes of memory BGP using 4896 total bytes of memory BGP activity 84/70 prefixes, 126/98 paths, scan interval 60 secs Neighbor        V          AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down   State/PfxRcd 2001:678:ABC:1000::5                 4      65000     271     266      211    0    0 00:54:46       14 2001:DB8:678::3 4        100      37      37      211    0    0 00:34:06       14 This is how a routes is learned from R2 and R3. One connect to AS 64000 and the other to AS 65000. For the connection to AS 65000 we did not touch the next-hop 2001:678:ABC:1000::5  which is learned by OSPFv3. For AS64000 we do not run OSPFv3 and could not reach the next-hop so we used the bgp router command next-hop-self to change it to our Router. © Fred Bovy EIRL. IPv6 For Life. Page 43
  • C. BGP Connection. Sunday, March 30, 2014 R3#show bgp ipv6 unicast 2001:DB8:678:AB2::/64 BGP routing table entry for 2001:DB8:678:AB2::/64, version 27 Paths: (2 available, best #2, table Default)   Advertised to update­groups:         1   65000     2001:678:ABC:1000::5 (metric 2) from 2001:DB8:678::2 (10.0.0.2)       Origin incomplete, metric 0, localpref 100, valid, internal   64000     2001:678:ABC:1001::6 (FE80::C80A:FFF:FE4D:1C) from 2001:678:ABC:1001::6 (10.0.0.6)       Origin incomplete, metric 0, localpref 100, valid, external, best R2#show bgp ipv6 unicast 2001:DB8:678:AB1::/64 BGP routing table entry for 2001:DB8:678:AB1::/64, version 210 Paths: (2 available, best #2, table Default)   Advertised to update­groups:         2   64000     2001:DB8:678::3 (metric 1) from 2001:DB8:678::3 (10.0.0.3)       Origin incomplete, metric 0, localpref 100, valid, internal   65000     2001:678:ABC:1000::5 (FE80::C809:FFF:FE4D:1C) from 2001:678:ABC:1000::5  (192.168.105.5)       Origin incomplete, metric 0, localpref 100, valid, external, best BGP Configuration On R3 router bgp 100  no synchronization  bgp log­neighbor­changes  neighbor 2001:678:ABC:1001::6 remote­as 64000  no neighbor 2001:678:ABC:1001::6 activate  neighbor 2001:DB8:678::2 remote­as 100  neighbor 2001:DB8:678::2 update­source Loopback0  no neighbor 2001:DB8:678::2 activate  no auto­summary  !  address­family ipv6   neighbor 2001:678:ABC:1001::6 activate   neighbor 2001:DB8:678::2 activate   neighbor 2001:DB8:678::2 next­hop­self  exit­address­family ! © Fred Bovy EIRL. IPv6 For Life. Page 44
  • C. BGP Connection. Sunday, March 30, 2014 On R2 router bgp 100  bgp log­neighbor­changes  neighbor 2001:678:ABC:1000::5 remote­as 65000  neighbor 2001:DB8:678::3 remote­as 100  neighbor 192.168.1.2 remote­as 65000  !  address­family ipv4   no neighbor 2001:678:ABC:1000::5 activate   no neighbor 2001:DB8:678::3 activate   neighbor 192.168.1.2 activate   no auto­summary   no synchronization  exit­address­family  !  address­family ipv6   neighbor 2001:678:ABC:1000::5 activate   neighbor 2001:DB8:678::3 activate  exit­address­family On R5 router bgp 65000  bgp log­neighbor­changes  neighbor 2001:678:ABC:1000::2 remote­as 100  neighbor 192.168.1.1 remote­as 100  !  address­family ipv4   no neighbor 2001:678:ABC:1000::2 activate   neighbor 192.168.1.1 activate   no auto­summary   no synchronization  exit­address­family  !  address­family ipv6   neighbor  activate   redistribute static   no synchronization  exit­address­family ! © Fred Bovy EIRL. IPv6 For Life. Page 45
  • C. BGP Connection. Sunday, March 30, 2014 On R6 router bgp 64000  no synchronization  bgp log­neighbor­changes  neighbor 2001:678:ABC:1001::4 remote­as 100  no neighbor 2001:678:ABC:1001::4 activate  no auto­summary  !  address­family ipv6   neighbor 2001:678:ABC:1001::4 activate   redistribute static   no synchronization  exit­address­family © Fred Bovy EIRL. IPv6 For Life. Page 46
  • C. BGP Connection. Sunday, March 30, 2014 © Fred Bovy EIRL. IPv6 For Life. Page 47
  • C. BGP Connection. Sunday, March 30, 2014 ROUTING IPv6 MP-BGPv6 Version 1.1 Routing IPv6 Part 2 http://www.ipv6forlife.com/Tutorial/labBGP By Fred Bovy CCIE #3013 © Fred Bovy EIRL. IPv6 For Life. Page 48
  • 5.Introduction to MP-BGP lab. Sunday, March 30, 2014 5. Introduction to MP-BGP lab http://www.ipv6forlife.com/Tutorial/labBGP After the OSPF lab, there was an annex about BGP. In this document, this will be the opposite. I will focus on BGP and just explain the OSPF Setup. The Backbone is built on OSPFv2 for IPv4 and OSPFv3 for IPv6. There are 3 Area: 0, 1 and 2.Area 0 is in the Core: R1, R3, R4 and R5. R3, R4 are ABR for Area 1, R1 and R5 are ABR for Area 2 R1>show ipv6 ospf  Routing Process "ospfv3 1" with ID 10.0.0.1  It is an area border router  SPF schedule delay 5 secs, Hold time between two SPFs 10 secs  Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs  LSA group pacing timer 240 secs  Interface flood pacing timer 33 msecs  Retransmission pacing timer 66 msecs  Number of external LSA 1. Checksum Sum 0x00B177  Number of areas in this router is 2. 2 normal 0 stub 0 nssa  Reference bandwidth unit is 100 mbps     Area BACKBONE(0)         Number of interfaces in this area is 4         SPF algorithm executed 28 times         Number of LSA 37. Checksum Sum 0x0E9EB2         Number of DCbitless LSA 0         Number of indication LSA 0         Number of DoNotAge LSA 0         Flood list length 0     Area 2         Number of interfaces in this area is 1         SPF algorithm executed 6 times         Number of LSA 31. Checksum Sum 0x10ABAA         Number of DCbitless LSA 0         Number of indication LSA 0         Number of DoNotAge LSA 0         Flood list length 0 R6 and R7 are OSPF ASBR4 and connect the Internet via AS64000 and 65000. Then they relay the eBGP Update to the BGP Route-Reflector R5 which propagate the best BGP path to all the other BGP backbone routers. In the lab we set the BGP Local Preference of the BGP routes coming from AS65000 to 150 which is more than default 100. So, the exit point to the Internet will be AS65000 unless the route is no more learned from this path, then it will be using AS64000. 4 Autonomous System Border Router © Fred Bovy EIRL. IPv6 For Life. Page 49
  • 6.Lab Setup. Sunday, March 30, 2014 6. Lab Setup © Fred Bovy EIRL. IPv6 For Life. Page 50 Illustration 8: OSPFv2, OSPFv3 and MP-BGP Setup
  • 7.Lab BGP Configuration. Sunday, March 30, 2014 7. Lab BGP Configuration 7.1 Summary For R6, IPv6 eBGP Session uses the interface Global Unicast Addresses. For R7, IPv6 eBGP Session uses the interfaces Link-Local Addresses. On R6 and R7, we use two eBGP sessions with R8 and R9. One for IPv4 and one for IPv6. We use the same IPv4 iBGP Session to advertize IPv4 and IPv6 Routes to the BGP Route- Reflector and for all iBGP Sessions. As we do not want to advertize the IPv6 route to the R8 ISP Router into the backbone, the ISP Interface to resolve the BGP route, we use a Route-Map to advertize the route to the Route- Reflector using R6 Gateway loopback ipv6 address as the next-hop. For IPv4, using next-hop- self is enough. So, if we do not tweak the BGP IPv6 next-hop, as IPv6 route are learned over IPv4 session the IPv6 Next-hop are ::ffff:10.0.0.6 and ::ffff:10.0.0.7 which are Unreachable on remote peers. 7.2 BGP Configuration R6 BGP Configuration router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 update­source Loopback0  neighbor 2001:DB8:5A:F6::8 remote­as 64000  neighbor 172.16.1.2 remote­as 64000  !  address­family ipv4   neighbor 10.0.0.5 activate   neighbor 10.0.0.5 next­hop­self   no neighbor 2001:DB8:5A:F6::8 activate   neighbor 172.16.1.2 activate   no auto­summary   no synchronization  exit­address­family  !  address­family ipv6   neighbor 10.0.0.5 activate   neighbor 10.0.0.5 route­map fred out   neighbor 2001:DB8:5A:F6::8 activate  exit­address­family ! route­map fred permit 10 © Fred Bovy EIRL. IPv6 For Life. Page 51
  • 7.Lab BGP Configuration. Sunday, March 30, 2014  set ipv6 next­hop 2001:DB8:678:C000::6 !          R8-ISP2 BGP Configuration router bgp 64000  bgp log­neighbor­changes  neighbor 2001:DB8:5A:F6::6 remote­as 100  neighbor 172.16.1.1 remote­as 100  !  address­family ipv4   redistribute static   no neighbor 2001:DB8:5A:F6::6 activate   neighbor 172.16.1.1 activate   no auto­summary   no synchronization  exit­address­family  !          address­family ipv6   neighbor 2001:DB8:5A:F6::6 activate   redistribute static   no synchronization  exit­address­family !          ip route 202.3.0.0 255.255.255.0 Null0 ip route 202.3.1.0 255.255.255.0 Null0 ip route 202.3.2.0 255.255.255.0 Null0 ip route 202.3.3.0 255.255.255.0 Null0 ip route 202.3.4.0 255.255.255.0 Null0 ip route 202.3.5.0 255.255.255.0 Null0 ip route 202.3.6.0 255.255.255.0 Null0 ip route 202.3.7.0 255.255.255.0 Null0 ip route 202.3.8.0 255.255.255.0 Null0 ip route 202.3.9.0 255.255.255.0 Null0 ! ipv6 route 2001:DB8:ABC0::/48 Null0 ipv6 route 2001:DB8:ABC1::/48 Null0 ipv6 route 2001:DB8:ABC2::/48 Null0 ipv6 route 2001:DB8:ABC3::/48 Null0 ipv6 route 2001:DB8:ABC4::/48 Null0 ipv6 route 2001:DB8:ABC5::/48 Null0 ipv6 route 2001:DB8:ABC6::/48 Null0 ipv6 route 2001:DB8:ABC7::/48 Null0 ipv6 route 2001:DB8:ABC8::/48 Null0 ipv6 route 2001:DB8:ABC9::/48 Null0 ipv6 route 2001:DB8:ABCA::/48 Null0 !          © Fred Bovy EIRL. IPv6 For Life. Page 52
  • 7.Lab BGP Configuration. Sunday, March 30, 2014 R7 BGP Configuration router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 update­source Loopback0  neighbor 172.16.1.6 remote­as 65000  neighbor FE80::9%GigabitEthernet3/0 remote­as 65000  !  address­family ipv4   neighbor 10.0.0.5 activate    neighbor 10.0.0.5 next­hop­self   neighbor 172.16.1.6 activate   no neighbor FE80::9%GigabitEthernet3/0 activate   no auto­summary   no synchronization  exit­address­family  !          address­family ipv6   neighbor 10.0.0.5 activate   neighbor 10.0.0.5 route­map fred out   neighbor FE80::9%GigabitEthernet3/0 activate   neighbor FE80::9%GigabitEthernet3/0 route­map setloc in  Exit­address­family ! route­map setloc permit 10  set local­preference 150 ! route­map fred permit 10  set ipv6 next­hop 2001:DB8:678:B000::1 ! R9-ISP1 BGP Configuration router bgp 65000  bgp log­neighbor­changes  neighbor 172.16.1.5 remote­as 100  neighbor FE80::7%GigabitEthernet1/0 remote­as 100  !  address­family ipv4   redistribute static metric 5   neighbor 172.16.1.5 activate   no neighbor FE80::7%GigabitEthernet1/0 activate   no auto­summary   no synchronization   redistribute static  exit­address­family  !  address­family ipv6    neighbor FE80::7%GigabitEthernet1/0 activate © Fred Bovy EIRL. IPv6 For Life. Page 53
  • 7.Lab BGP Configuration. Sunday, March 30, 2014   redistribute static   no synchronization  exit­address­family ! ip route 202.3.0.0 255.255.255.0 Null0 ip route 202.3.1.0 255.255.255.0 Null0 ip route 202.3.2.0 255.255.255.0 Null0 ip route 202.3.3.0 255.255.255.0 Null0 ip route 202.3.4.0 255.255.255.0 Null0 ip route 202.3.5.0 255.255.255.0 Null0 ip route 202.3.6.0 255.255.255.0 Null0 ip route 202.3.7.0 255.255.255.0 Null0 ip route 202.3.8.0 255.255.255.0 Null0 ip route 202.3.9.0 255.255.255.0 Null0                 ipv6 route 2001:DB8:ABC0::/48 Null0 ipv6 route 2001:DB8:ABC1::/48 Null0 ipv6 route 2001:DB8:ABC2::/48 Null0 ipv6 route 2001:DB8:ABC3::/48 Null0 ipv6 route 2001:DB8:ABC4::/48 Null0 ipv6 route 2001:DB8:ABC5::/48 Null0 ipv6 route 2001:DB8:ABC6::/48 Null0 ipv6 route 2001:DB8:ABC7::/48 Null0 ipv6 route 2001:DB8:ABC8::/48 Null0 ipv6 route 2001:DB8:ABC9::/48 Null0 ipv6 route 2001:DB8:ABCA::/48 Null0 8. BGP Reminder 8.1 BGP Connection Messages and States BGP connection takes place over TCP port 179. When the connection Open it uses an OPEN Message to start a session with its own AS number, its Router-ID and the Hold Time which is how long you consider a session active without hearing from a neighbor. If you have nothing to say you should send a KEEPALIVE to keep the session open. When the session has not hear anything when the Hold time expires, the BGP speaker sends a NOTIFICATION message which is an abort message telling the reason for the end of the session. If there is a parameter mismatch during the OPEN, the partner will also send a NOTIFICATION like wrong AS number. The routes are advertised or withdrawn in UPDATES Messages which must received an ACKNOWLEDGEMENT. © Fred Bovy EIRL. IPv6 For Life. Page 54
  • 8.BGP Reminder. Sunday, March 30, 2014 For IPv6, the UPDATES send the IPv6 Prefixes in MP_REACH_NLRI or MP_UNREACH_NLRI. No.     Time        Source                Destination           Protocol Length Info     677 1209.406565 2001:db8:5a:f6::8     2001:db8:5a:f6::6     BGP      234    UPDATE Message Frame 677: 234 bytes on wire (1872 bits), 234 bytes captured (1872 bits) Ethernet II, Src: ca:0c:1b:4f:00:1c (ca:0c:1b:4f:00:1c), Dst: ca:0a:1b:64:00:54 (ca:0a:1b:64:00:54) Internet Protocol Version 6, Src: 2001:db8:5a:f6::8 (2001:db8:5a:f6::8), Dst: 2001:db8:5a:f6::6  (2001:db8:5a:f6::6) Transmission Control Protocol, Src Port: 62129 (62129), Dst Port: bgp (179), Seq: 73, Ack: 73, Len: 160 Border Gateway Protocol     UPDATE Message         Marker: 16 bytes         Length: 160 bytes         Type: UPDATE Message (2)         Unfeasible routes length: 0 bytes         Total path attribute length: 137 bytes         Path attributes             ORIGIN: INCOMPLETE (4 bytes)                 Flags: 0x40 (Well­known, Transitive, Complete)                 Type code: ORIGIN (1)                 Length: 1 byte                 Origin: INCOMPLETE (2)             AS_PATH: 64000 (9 bytes)                 Flags: 0x40 (Well­known, Transitive, Complete)                 Type code: AS_PATH (2)                 Length: 6 bytes                 AS path: 64000             MULTI_EXIT_DISC: 0 (7 bytes)                 Flags: 0x80 (Optional, Non­transitive, Complete)                 Type code: MULTI_EXIT_DISC (4)                 Length: 4 bytes                 Multiple exit discriminator: 0             MP_REACH_NLRI (117 bytes)                 Flags: 0x80 (Optional, Non­transitive, Complete)                 Type code: MP_REACH_NLRI (14)                 Length: 114 bytes                 Address family: IPv6 (2)                 Subsequent address family identifier: Unicast (1)                 Next hop network address (32 bytes)                     Next hop: 2001:db8:5a:f6::8 (16)                     Next hop: fe80::c80c:1bff:fe4f:1c (16)                 Subnetwork points of attachment: 0                 Network layer reachability information (77 bytes)                     2001:db8:abca::/48                     2001:db8:abc9::/48                     2001:db8:abc8::/48                     2001:db8:abc7::/48                     2001:db8:abc6::/48                     2001:db8:abc5::/48                     2001:db8:abc4::/48                     2001:db8:abc3::/48                     2001:db8:abc2::/48                     2001:db8:abc1::/48                     2001:db8:abc0::/48 © Fred Bovy EIRL. IPv6 For Life. Page 55
  • 8.BGP Reminder. Sunday, March 30, 2014 There are two possible neighbor relationship with BGP: eBGP and iBGP. 8.2 eBGP Sessions The two neighbors are in different Autonomous System. eBGP neighbor MUST be directly connected. BGP OPEN is sent with a TTL=2 to make sure that it will be dropped if it is routed. eBGP Multihop If you want to have more than one hop like doing loopback to loopback peering and have multiple parallel links for Load-balancing you need a neighbor multihop configuration. eBGP Routes dampening. Increasing Stability. To fight Internet instability we can use BGP Dampening for eBGP session. When a link flap the routes which are flapping got penalties. When a down level is reached the routes will not be advertise anymore even if the link comes back up. If the link stop flapping for long enough the route is advertized again. 8.3 iBGP Sessions The two neighbors are in the same Autonomous System. Scaling iBGP. iBGP MUST speakers MUST be fully meshed. This can be avoided with the use of Route Reflectors (RR) as full mesh does not scale. All the routers are usually neighbors with two RRs for redundancy. In the past Confederations were also used instead of RR. In a Confederation you have subAS that are connected together by iBGP session which behave like eBGP but does not change the Next-hop. This was another mean to avoid iBGP full mesh. It is no more popular as it is more complex than RR. iBGP Stability We always use a loopback interface for iBGP peering as we must use an interface which is always UP. The loopback interface address must then be advertize by the IGP5 . 8.4 BGP Attributes All the BGP Path information are called Attributes. The BGP Routes are called NLRI. The IPv6 NLRI are coded in MP_REACH_NLRI6 or MP_UNREACH_NLRI Attributes with other information like the Next- hop, the Address family.. The AS_PATH which contains the list of all the AS that have been crossed by these NLRI UPDATE is another Attribute. 5 IGP or Interior Gateway Protocol like IS-IS or OSPF. BGP is an EGP or External Gateway Protocol. 6 Network Layer Reachable Information © Fred Bovy EIRL. IPv6 For Life. Page 56
  • 8.BGP Reminder. Sunday, March 30, 2014 The BGP Attributes can be: • Well-known mandatory: Must be implemented and in all BGP UPDATES. • Well-known discretionary: Must be implemented but may not be in all UPDATES. • Optional Transitive: It is forwarded to BGP neighbors if the implementation don't recognize it. • Optional nontransitives: It is dropped if the implementation don't know it. No.     Time        Source                Destination           Protocol Length Info     210 288.449968  2001:db8:5a:f6::8     2001:db8:5a:f6::6     BGP      234    UPDATE Message Frame 210: 234 bytes on wire (1872 bits), 234 bytes captured (1872 bits) Ethernet II, Src: ca:0c:1b:4f:00:1c (ca:0c:1b:4f:00:1c), Dst: ca:0a:1b:64:00:54 (ca:0a:1b:64:00:54) Internet Protocol Version 6, Src: 2001:db8:5a:f6::8 (2001:db8:5a:f6::8), Dst: 2001:db8:5a:f6::6  (2001:db8:5a:f6::6) Transmission Control Protocol, Src Port: 37648 (37648), Dst Port: bgp (179), Seq: 73, Ack: 73, Len: 160 Border Gateway Protocol     UPDATE Message         Marker: 16 bytes         Length: 160 bytes         Type: UPDATE Message (2)         Unfeasible routes length: 0 bytes         Total path attribute length: 137 bytes         Path attributes             ORIGIN: INCOMPLETE (4 bytes)                 Flags: 0x40 (Well­known, Transitive, Complete)                 Type code: ORIGIN (1)                 Length: 1 byte                 Origin: INCOMPLETE (2)             AS_PATH: 64000 (9 bytes)                 Flags: 0x40 (Well­known, Transitive, Complete)                 Type code: AS_PATH (2)                 Length: 6 bytes                 AS path: 64000             MULTI_EXIT_DISC: 0 (7 bytes)                 Flags: 0x80 (Optional, Non­transitive, Complete)                 Type code: MULTI_EXIT_DISC (4)                 Length: 4 bytes                 Multiple exit discriminator: 0             MP_REACH_NLRI (117 bytes)                 Flags: 0x80 (Optional, Non­transitive, Complete)                 Type code: MP_REACH_NLRI (14)                 Length: 114 bytes                 Address family: IPv6 (2)                 Subsequent address family identifier: Unicast (1)                 Next hop network address (32 bytes)                     Next hop: 2001:db8:5a:f6::8 (16)                     Next hop: fe80::c80c:1bff:fe4f:1c (16)                 Subnetwork points of attachment: 0                 Network layer reachability information (77 bytes) © Fred Bovy EIRL. IPv6 For Life. Page 57
  • 8.BGP Reminder. Sunday, March 30, 2014                     2001:db8:abca::/48                     2001:db8:abc9::/48                     2001:db8:abc8::/48                     2001:db8:abc7::/48                     2001:db8:abc6::/48                     2001:db8:abc5::/48                     2001:db8:abc4::/48                     2001:db8:abc3::/48                     2001:db8:abc2::/48                     2001:db8:abc1::/48                     2001:db8:abc0::/48 We can see in this UPDATE that the NLRI have two possible Next-hop. One is for the eBGP Path and one for the iBGP path. 8.5 BGP Best Path Selection Algorithm To explain this algorithm is out of the scope of this document as it is a well known information . BGP uses many Attributes to select the best Path starting by checking if the Next-hop is reachable and then it starts its selection preferring the higher Local Preference. Cisco has a Weight parameter which has the highest precedence. To get the full BGP Best Path Selection algorithm just make a search on CISCO CCO and you will get the full Selection Path which is more than one page long! If you do not like CISCO you will find this document everywhere! CISCO Link: http://www.cisco.com/c/en/us/support/docs/ip/border­gateway­protocol­bgp/13753­25.html It is possible to advertise IPv6 Routes to a BGP IPv4 peer and you can also use next-hop self but the next-hop will use the IPv4 address of the loopback and put it in IPv6 mode like ::ffff:x.x.x.x. Let us see an example: This is the Route Origin, R7 Configuration: Current configuration : 103 bytes ! interface Loopback0  ip address 10.0.0.7 255.255.255.255  ipv6 address 2001:DB8:678:B000::1/128 end ! router isis fred  net 39.d000.0000.0000.0007.00 © Fred Bovy EIRL. IPv6 For Life. Page 58
  • 8.BGP Reminder. Sunday, March 30, 2014  is­type level­1  metric­style wide  passive­interface Loopback0 ! router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 update­source Loopback0  neighbor 10.0.0.200 remote­as 100  neighbor 10.0.0.200 update­source Loopback0  neighbor 10.0.0.201 remote­as 100  neighbor 10.0.0.201 update­source Loopback0  neighbor 172.16.1.6 remote­as 65000  neighbor FE80::9%GigabitEthernet3/0 remote­as 65000  !          address­family ipv4   neighbor 10.0.0.5 activate   neighbor 10.0.0.5 next­hop­self   neighbor 10.0.0.200 activate   neighbor 10.0.0.200 next­hop­self   neighbor 10.0.0.201 activate   neighbor 172.16.1.6 activate   neighbor 172.16.1.6 route­map setloc in   no neighbor FE80::9%GigabitEthernet3/0 activate   no auto­summary   no synchronization  exit­address­family  !        address­family ipv6   neighbor 10.0.0.5 activate   neighbor 10.0.0.5 route­map fred out   neighbor 10.0.0.200 activate   neighbor 10.0.0.200 route­map setloc in   neighbor 10.0.0.200 route­map fred out   neighbor 10.0.0.201 activate   neighbor FE80::9%GigabitEthernet3/0 activate   neighbor FE80::9%GigabitEthernet3/0 route­map setloc in  exit­address­family R1>show bgp ipv6 unicast  2001:DB8:ABC2::/48 BGP routing table entry for 2001:DB8:ABC2::/48, version 159 Paths: (3 available, best #2, table Default)   Not advertised to any peer   65000     2001:DB8:678:B000::1 (metric 20) from 10.0.0.200 (10.0.0.201)       Origin incomplete, metric 0, localpref 150, valid, internal       Originator: 10.0.0.7, Cluster list: 10.0.0.201   65000     2001:DB8:678:B000::1 (metric 20) from 10.0.0.5 (10.0.0.5)       Origin incomplete, metric 0, localpref 150, valid, internal, best © Fred Bovy EIRL. IPv6 For Life. Page 59
  • 8.BGP Reminder. Sunday, March 30, 2014       Originator: 10.0.0.7, Cluster list: 10.0.0.5   65000     ::FFFF:10.0.0.7 (inaccessible) from 10.0.0.201 (10.201.0.1)       Origin incomplete, metric 0, localpref 150, valid, internal       Originator: 10.0.0.7, Cluster list: 10.201.0.1 The R7 configuration is missing the route-map out so the next hop is 10.0.0.7 coded in an IPv6 address ::FFFF:10.0.0.7. R7#conf t Enter configuration commands, one per line.  End with CNTL/Z. R7(config)#router bgp 100 R7(config­router)#address­family ipv6 R7(config­router­af)# neighbor 10.0.0.201  route­map fred out R7(config­router­af)# neighbor 10.0.0.201 route­map setloc in R7(config­router­af)# This is the route map: route­map setloc permit 10  set local­preference 150 ! route­map fred permit 10  set ipv6 next­hop 2001:DB8:678:B000::1 !  Now let's check the same path on R1 R1>show bgp ipv6 unicast  2001:DB8:ABC2::/48 BGP routing table entry for 2001:DB8:ABC2::/48, version 159 Paths: (3 available, best #3, table Default)   Not advertised to any peer   65000     2001:DB8:678:B000::1 (metric 20) from 10.0.0.201 (10.201.0.1)       Origin incomplete, metric 0, localpref 150, valid, internal       Originator: 10.0.0.7, Cluster list: 10.201.0.1   65000     2001:DB8:678:B000::1 (metric 20) from 10.0.0.200 (10.0.0.201)       Origin incomplete, metric 0, localpref 150, valid, internal       Originator: 10.0.0.7, Cluster list: 10.0.0.201   65000     2001:DB8:678:B000::1 (metric 20) from 10.0.0.5 (10.0.0.5)       Origin incomplete, metric 0, localpref 150, valid, internal, best       Originator: 10.0.0.7, Cluster list: 10.0.0.5 Now the next hop is 2001:DB8:678:B000::1 instead of ::ffff:10.0.0.7  © Fred Bovy EIRL. IPv6 For Life. Page 60
  • 8.BGP Reminder. Sunday, March 30, 2014 8.6 Scaling BGP Route-Reflectors The Route-Reflectors are used to scale BGP, the confederation can also be used but it is more complex for the same result. With Route-Reflectors you can make multiple levels of hierarchy to consolidate all the Networks in some cases. Peer-Group It is possible to group a number of neighbors in a peer-group. Then any configuration on the group will apply all the group routers. It consumes also less CPU as it group the effort to apply something to a known group having the same policy. Example below on the Route-Reflector R5 BGP Configuration before peer group: router bgp 100   bgp log­neighbor­changes   neighbor 10.0.0.1 remote­as 100   neighbor 10.0.0.1 update­source Loopback0   neighbor 10.0.0.3 remote­as 100   neighbor 10.0.0.3 update­source Loopback0   neighbor 10.0.0.4 remote­as 100   neighbor 10.0.0.4 update­source Loopback0   neighbor 10.0.0.6 remote­as 100   neighbor 10.0.0.6 update­source Loopback0   neighbor 10.0.0.7 remote­as 100   neighbor 10.0.0.7 update­source Loopback0   neighbor 10.0.0.200 remote­as 100   neighbor 10.0.0.200 update­source Loopback0   neighbor 10.0.0.201 remote­as 100   neighbor 10.0.0.201 update­source Loopback0   !   address­family ipv4    neighbor 10.0.0.1 activate    neighbor 10.0.0.1 route­reflector­client    neighbor 10.0.0.3 activate    neighbor 10.0.0.3 route­reflector­client    neighbor 10.0.0.4 activate    neighbor 10.0.0.4 route­reflector­client    neighbor 10.0.0.6 activate    neighbor 10.0.0.6 route­reflector­client    neighbor 10.0.0.7 activate    neighbor 10.0.0.7 route­reflector­client    neighbor 10.0.0.200 activate    neighbor 10.0.0.200 route­reflector­client    neighbor 10.0.0.201 activate    no auto­summary    no synchronization   exit­address­family   !   address­family ipv6    neighbor 10.0.0.1 activate    neighbor 10.0.0.1 route­reflector­client    neighbor 10.0.0.3 activate    neighbor 10.0.0.3 route­reflector­client    neighbor 10.0.0.4 activate    neighbor 10.0.0.4 route­reflector­client    neighbor 10.0.0.6 activate    neighbor 10.0.0.6 route­reflector­client    neighbor 10.0.0.7 activate    neighbor 10.0.0.7 route­reflector­client  © Fred Bovy EIRL. IPv6 For Life. Page 61
  • 8.BGP Reminder. Sunday, March 30, 2014   neighbor 10.0.0.200 activate    neighbor 10.0.0.200 route­reflector­client    neighbor 10.0.0.201 activate    no synchronization    maximum­paths 2   exit­address­family  !  Now let's configure a Peer­Group for all CISCO IOS Neighbors and configure it:  router bgp 100   bgp log­neighbor­changes   neighbor fred peer­group   neighbor fred remote­as 100   neighbor fred description all clients   neighbor fred update­source Loopback0   neighbor 10.0.0.1 peer­group fred   neighbor 10.0.0.3 peer­group fred   neighbor 10.0.0.4 peer­group fred   neighbor 10.0.0.6 peer­group fred   neighbor 10.0.0.7 peer­group fred   neighbor 10.0.0.200 peer­group fred   neighbor 10.0.0.201 peer­group fred   !   address­family ipv4    neighbor fred route­reflector­client    neighbor fred maximum­prefix 5000 warning­only    neighbor 10.0.0.1 activate    neighbor 10.0.0.3 activate    neighbor 10.0.0.4 activate    neighbor 10.0.0.7 activate    neighbor 10.0.0.200 activate    neighbor 10.0.0.201 activate    no auto­summary    no synchronization   exit­address­family   !   address­family ipv6    neighbor fred route­reflector­client    neighbor fred maximum­prefix 5000 warning­only    neighbor 10.0.0.1 activate    neighbor 10.0.0.3 activate    neighbor 10.0.0.4 activate    neighbor 10.0.0.7 activate    neighbor 10.0.0.200 activate    neighbor 10.0.0.201 activate    no synchronization    maximum­paths 2   Exit­address­family  R5(config)#router bgp 100  R5(config­router)#address­family ipv6  R5(config­router­af)#neighbor fred activate  % Peergroups are automatically activated when parameters are configured  The version I used did not let me enter the command neighbor fred activate ! May be a problem  now fixed in a newer release of IOS. 8.7 Security and MD5 Password. On CISCO IOS, you can limit the maximum number of prefixes that you accept to receive because when a router runs out of memory it crashes! You use the command to set a limit which only send a console message. But in this case you need to monitor your © Fred Bovy EIRL. IPv6 For Life. Page 62
  • 8.BGP Reminder. Sunday, March 30, 2014 messages! Adding a password to all the neighbors is easy now that we have configured a peer group on the Route-Reflector. Only apply the password to the peer-group! R5(config­router­af)#neighbor fred password 1 secret Now I need to configure the secret passwor everywhere ! R6#conf t Enter configuration commands, one per line.  End with CNTL/Z. R6(config)#router bgp 100 R6(config­router)#neighbor 10.0.0.5 password 1 secret R6(config­router)# *Mar 29 14:30:06.988: %TCP­6­BADAUTH: No MD5 digest from 10.0.0.5(179) to 10.0.0.6(20968) (RST) *Mar 29 14:30:08.984: %TCP­6­BADAUTH: No MD5 digest from 10.0.0.5(179) to 10.0.0.6(20968) (RST) *Mar 29 14:30:12.988: %TCP­6­BADAUTH: No MD5 digest from 10.0.0.5(179) to 10.0.0.6(20968) (RST) *Mar 29 14:30:20.988: %TCP­6­BADAUTH: No MD5 digest from 10.0.0.5(179) to 10.0.0.6(20968) (RST) *Mar 29 14:30:58.272: %BGP­5­ADJCHANGE: neighbor 10.0.0.5 Up  © Fred Bovy EIRL. IPv6 For Life. Page 63
  • 9.Useful Cisco BGP IPv6 Commands Explained. Sunday, March 30, 2014 9. Useful Cisco BGP IPv6 Commands Explained 9.1. Show bgp ipv6 unicast summary This is the first command to check the status of a router. R6#show bgp ipv6 unicast summary  BGP router identifier 10.0.0.6, local AS number 100 BGP table version is 80, main routing table version 80 11 network entries using 1716 bytes of memory 11 path entries using 836 bytes of memory 3/1 BGP path/bestpath attribute entries using 504 bytes of memory 1 BGP AS­PATH entries using 24 bytes of memory 0 BGP route­map cache entries using 0 bytes of memory 0 BGP filter­list cache entries using 0 bytes of memory Bitfield cache entries: current 2 (at peak 3) using 64 bytes of memory BGP using 3144 total bytes of memory BGP activity 51/25 prefixes, 115/89 paths, scan interval 60 secs Neighbor        V          AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  )   10.0.0.5        4        100     266     272       80    0    0 02:58:23        0 2001:DB8:5A:F6::8                 4      64000     255     252       80    0    0 02:58:25       11 The first lines gives you a quick status on the resources consumed by the router. Then the last lines gives a status for each neighbor, the BGP Version (V), which AS it belongs to, The number of messages received and sent. Each time the BGP table is updated the Table Version increases, so the TblVer column gives you an indication of BGP stability. Then the Input and Output Queues will tell you if the router is clear to process all the messages. Finally and may be the most important. Up/Down tells you for how long the link is Up or Down. If Up it tells in the next column (State/PfxRcd) how many prefixes are received and sent. If it is not Up, it gives the state and for how long it is Down. Be careful, the state Active means that it is Actively trying to set the connection up. Remember, BGP session takes place over TCP. The same command with a prefix instead of summary is very useful to troubleshoot BGP and the CISCO documentation is not very detailed about each field. So I tried to make it clear in the next chapter. © Fred Bovy EIRL. IPv6 For Life. Page 64
  • 9.Useful Cisco BGP IPv6 Commands Explained. Sunday, March 30, 2014 9.2. Show bgp ipv6 X:X:X...::X/X R6#show bgp ipv6 unicast BGP table version is 102, local router ID is 10.0.0.6 Status codes: s suppressed, d damped, h history, * valid, > best, i ­ internal,               r RIB­failure, S Stale Origin codes: i ­ IGP, e ­ EGP, ? ­ incomplete    Network          Next Hop            Metric LocPrf Weight Path *> 2001:DB8:ABC0::/48                     2001:DB8:5A:F6::8                                              0             0 64000 ? *> 2001:DB8:ABC1::/48                     2001:DB8:5A:F6::8                                              0             0 64000 ? …...... © Fred Bovy EIRL. IPv6 For Life. Page 65 Illustration 9: Show bgp ipv6 unicast xxxx:xxx...::/y Explained
  • . Sunday, March 30, 2014 9.3. Show bgp ipv6 neighbor This is a very detailed command that is not very often needed as the summary is more than enough to resolve most cases. R6#show bgp ipv6 neighbor BGP neighbor is 10.0.0.5,  remote AS 100, internal link   BGP version 4, remote router ID 10.0.0.5   BGP state = Established, up for 05:37:10   Last read 00:00:42, last write 00:00:42, hold time is 180, keepalive interval is 60  seconds   Neighbor capabilities:     Route refresh: advertised and received(new)     New ASN Capability: advertised and received     Address family IPv4 Unicast: advertised and received     Address family IPv6 Unicast: advertised and received   Message statistics:     InQ depth is 0     OutQ depth is 0                               Sent       Rcvd     Opens:                  5          5     Notifications:          0          0     Updates:               33         32     Keepalives:           392        388     Route Refresh:          0          0     Total:                430        425   Default minimum time between advertisement runs is 0 seconds  For address family: IPv4 Unicast   BGP table version 81, neighbor version 81/0   Output queue size : 0   Index 2, Offset 0, Mask 0x4   2 update­group member   NEXT_HOP is always this router                                  Sent       Rcvd   Prefix activity:               ­­­­       ­­­­     Prefixes Current:              10          5 (Consumes 260 bytes)     Prefixes Total:                10          5     Implicit Withdraw:              0          0     Explicit Withdraw:              0          0     Used as bestpath:             n/a          5     Used as multipath:            n/a          0                                    Outbound    Inbound   Local Policy Denied Prefixes:    ­­­­­­­­    ­­­­­­­     ORIGINATOR loop:                    n/a         10     Bestpath from this peer:              5        n/a     Total:                                5         10 © Fred Bovy EIRL. IPv6 For Life. Page 66
  • . Sunday, March 30, 2014   Number of NLRIs in the update sent: max 10, min 10  For address family: IPv6 Unicast   BGP table version 102, neighbor version 102/0   Output queue size : 0   Index 2, Offset 0, Mask 0x4   2 update­group member   Outbound path policy configured   Route map for outgoing advertisements is fred                                  Sent       Rcvd   Prefix activity:               ­­­­       ­­­­     Prefixes Current:              11          0 ….. …... To be Continued © Fred Bovy EIRL. IPv6 For Life. Page 67
  • 10.Checking data plane of BGP Recursive routes. Sunday, March 30, 2014 10. Checking data plane of BGP Recursive routes IPv6 BGP Routes often have two levels of Recursion for forwarding as the next hop is a Remote Global Unicast Address which can be recursively resolved with a local Global Unicast Address which is recursively resolved by a Link-Local Address. 10.1 Mind the BGP Next-hop Rule All the BGP routes learned from an iBGP session are Recursive so you must check that the BGP next hop is reachable. This is the first condition for a BGP remote route to get used. Remember the Next hop rule for BGP. eBGP speakers change the Next-hop to the interfaces addresses which advertize their routes. iBGP never changes the Next-Hop. So the remote BGP speaker which receives the iBGP update MUST be able to reach the eBGP neighbor interface. This is a problem if we use Link-Local addresses for peering as these addresses are not routable. So it must be changed by a route-map when we transmit the path to the Route-Reflector. In the configuration below next-hop-self is used for IPv4 and a route-map for IPv6. If we don't change the next-hop for IPv6 with this route-map it would have used the loopback IPv4 address written in IPv6 format ::ffff:10.0.0.6 for R6 and ::ffff:10.0.0.7 for R7. The  address used by the next­hop is the loopback address and is advertized by  OSPFv3. R6 Configuration router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 update­source Loopback0  neighbor 2001:DB8:5A:F6::8 remote­as 64000  neighbor 172.16.1.2 remote­as 64000  !  address­family ipv4   neighbor 10.0.0.5 activate   neighbor 10.0.0.5 next­hop­self   no neighbor 2001:DB8:5A:F6::8 activate   neighbor 172.16.1.2 activate   no auto­summary   no synchronization  exit­address­family  !  address­family ipv6   neighbor 10.0.0.5 activate   neighbor 10.0.0.5 route­map fred out © Fred Bovy EIRL. IPv6 For Life. Page 68
  • 10.Checking data plane of BGP Recursive routes. Sunday, March 30, 2014   neighbor 2001:DB8:5A:F6::8 activate  exit­address­family ! route­map fred permit 10  set ipv6 next­hop 2001:DB8:678:C000::6 !          R7 Configuration router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 update­source Loopback0  neighbor 172.16.1.6 remote­as 65000  neighbor FE80::9%GigabitEthernet3/0 remote­as 65000  !  address­family ipv4   neighbor 10.0.0.5 activate   neighbor 172.16.1.6 activate   no neighbor FE80::9%GigabitEthernet3/0 activate   no auto­summary   no synchronization  exit­address­family  !  address­family ipv6   neighbor 10.0.0.5 activate   neighbor 10.0.0.5 route­map fred out   neighbor FE80::9%GigabitEthernet3/0 activate   neighbor FE80::9%GigabitEthernet3/0 route­map setloc in  exit­address­family ! route­map setloc permit 10  set local­preference 150 !          route­map fred permit 10  set ipv6 next­hop 2001:DB8:678:B000::1 !     © Fred Bovy EIRL. IPv6 For Life. Page 69
  • 10.Checking data plane of BGP Recursive routes. Sunday, March 30, 2014 10.2 Check the BGP data path on CISCO Routers (CEFv6) In our lab the exit point to the Internet is set via R7 even for R6 which has a local connection to the Internet because we set the Local Preference to a higher value (150) for the routes coming in R7 than the default (100). This preempt Administrative distance which would have preferred an eBGP route (20) over an iBGP (200). This is a breakdown of the data path via IPv6 CEF7 . R6#show ipv6 route 2001:DB8:ABC7::/48 Routing entry for 2001:DB8:ABC7::/48   Known via "bgp 100", distance 200, metric 0, type internal   Route count is 1/1, share count 0   Routing paths:     2001:DB8:678:B000::12001:DB8:678:B000::1       Last updated 00:16:37 ago There are two parallel paths to reach the next-hop: 2001:DB8:678:B000::12001:DB8:678:B000::1 R6#show ipv6 cef 2001:DB8:ABC7::/48           2001:DB8:ABC7::/48   nexthop FE80::C805:1BFF:FE4F:70 GigabitEthernet1/0   nexthop FE80::C809:1BFF:FE64:70 GigabitEthernet2/0 R6#show ipv6 cef 2001:DB8:ABC7::/48 internal  2001:DB8:ABC7::/48, epoch 0, RIB[B], refcount 4, per­destination sharing   sources: RIB    feature space:    IPRM: 0x00018000   ifnums:    GigabitEthernet1/0(6): FE80::C805:1BFF:FE4F:70    GigabitEthernet2/0(7): FE80::C809:1BFF:FE64:70   path 6825F4B0, path list 6825E4B0, share 1/1, type recursive nexthop, for IPv6, flags  resolved, eos indirection   recursive via 2001:DB8:678:B000::1[IPv6:Default], fib 682618A8, 1 terminal fib     path 6825FB7C, path list 6825E88C, share 1/1, type attached nexthop, for IPv6     nexthop FE80::C805:1BFF:FE4F:70 GigabitEthernet1/0, adjacency IPV6 adj out of  GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 66F19CC0     path 6825FB08, path list 6825E88C, share 0/1, type attached nexthop, for IPv6     nexthop FE80::C809:1BFF:FE64:70 GigabitEthernet2/0, adjacency IPV6 adj out of  GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80   output chain:     loadinfo 682F62CC, per­session, 2 choices, flags 0005, 15 locks     flags: Per­session, for­rx­IPv6 7 Cisco Express Forwarding, the CISCO data path engine. When a packet get into the router, an interrupt is sent to the CPU and a decision is made if the packet can be switched in interrupt mode by CEFv6 or be Queued and sent when the IPv6 Queue Manager will have the its processor time shared slice. © Fred Bovy EIRL. IPv6 For Life. Page 70
  • 10.Checking data plane of BGP Recursive routes. Sunday, March 30, 2014     16 hash buckets       < 0 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 66F19CC0       < 1 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80       < 2 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 66F19CC0       < 3 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80       < 4 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 66F19CC0       < 5 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80       < 6 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 66F19CC0       < 7 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80       < 8 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 66F19CC0       < 9 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80       <10 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 66F19CC0       <11 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80       <12 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 66F19CC0       <13 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80       <14 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 66F19CC0       <15 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80     Subblocks:      None These hash buckets are pointing to the two IPv6 CEF Adjacencies. If something is broken there you can have routes and all seems good from the control plane level but there will be no correct forwarding or no forwarding at all! R6#show adjacency GigabitEthernet1/0 internal Protocol Interface                 Address IP       GigabitEthernet1/0        10.2.0.1(20)                                    0 packets, 0 bytes                                    epoch 0                                    sourced in sev­epoch 0                                    Encap length 14                                    CA051B4F0070CA0A1B64001C0800                                    ARP                                    Fast adjacency enabled [OK]                                    L3 mtu 1500                                    Flags (0x88E)                                    Fixup disabled                                    HWIDB/IDB pointers 0x66BDEEFC/0x66BDFA78                                    IP redirect disabled                                    Switching vector: IPv4 no fixup, no redirect adj oce                                    Adjacency pointer 0x68273000                                    Next­hop 10.2.0.1 IPV6     GigabitEthernet1/0        FE80::C805:1BFF:FE4F:70(32)                                    0 packets, 0 bytes                                    epoch 0                                    sourced in sev­epoch 0                                    Encap length 14 Protocol Interface                 Address                                    CA051B4F0070CA0A1B64001C86DD © Fred Bovy EIRL. IPv6 For Life. Page 71
  • 10.Checking data plane of BGP Recursive routes. Sunday, March 30, 2014                                    IPv6 ND                                    Fast adjacency enabled [OK]                                    L3 mtu 1500                                    Flags (0x1189E)                                    Fixup disabled                                    HWIDB/IDB pointers 0x66BDEEFC/0x66BDFA78                                    IP redirect enabled                                    Switching vector: IPv6 adjacency oce                                    Adjacency pointer 0x66F19CC0                                    Next­hop FE80::C805:1BFF:FE4F:70 R6#show adjacency GigabiEthernet2/0 internal Protocol Interface                 Address IP       GigabitEthernet2/0        10.2.0.5(20)                                    0 packets, 0 bytes                                    epoch 0                                    sourced in sev­epoch 0                                    Encap length 14                                    CA091B640070CA0A1B6400380800                                    ARP                                    Fast adjacency enabled [OK]                                    L3 mtu 1500                                    Flags (0x88E)                                    Fixup disabled                                    HWIDB/IDB pointers 0x66C06CC4/0x66C07840                                    IP redirect disabled                                    Switching vector: IPv4 no fixup, no redirect adj oce                                    Adjacency pointer 0x68272EC0                                    Next­hop 10.2.0.5 IPV6     GigabitEthernet2/0        FE80::C809:1BFF:FE64:70(31)                                    0 packets, 0 bytes                                    epoch 0                                    sourced in sev­epoch 0                                    Encap length 14 Protocol Interface                 Address                                    CA091B640070CA0A1B64003886DD                                    IPv6 ND                                    Fast adjacency enabled [OK]                                    L3 mtu 1500                                    Flags (0x1189E)                                    Fixup disabled                                    HWIDB/IDB pointers 0x66C06CC4/0x66C07840                                    IP redirect enabled                                    Switching vector: IPv6 adjacency oce                                    Adjacency pointer 0x66F19B80                                    Next­hop FE80::C809:1BFF:FE64:70 © Fred Bovy EIRL. IPv6 For Life. Page 72
  • 11.Checking Redundancy. Sunday, March 30, 2014 11. Checking Redundancy Let's check a BGP Internet route entry on R6. R6#show ipv6 route 2001:DB8:ABC0::/48  Routing entry for 2001:DB8:ABC0::/48   Known via "bgp 100", distance 200, metric 0, type internal   Route count is 1/1, share count 0   Routing paths:     2001:DB8:678:B000::1       Last updated 00:35:18 ago Now, the BGP entry: R6#show bgp ipv6 unicast 2001:DB8:ABC0::/48  BGP routing table entry for 2001:DB8:ABC0::/48, version 69 Paths: (2 available, best #1, table Default)   Advertised to update­groups:         1   65000     2001:DB8:678:B000::1 (metric 3) from 10.0.0.5 (10.0.0.5)       Origin incomplete, metric 0, localpref 150, valid, internal, best       Originator: 10.0.0.7, Cluster list: 10.0.0.5   64000     2001:DB8:5A:F6::8 (FE80::C80C:1BFF:FE4F:1C) from 2001:DB8:5A:F6::8 (10.0.0.8)       Origin incomplete, metric 0, localpref 100, valid, external Now, let's shutdown the R7-R9 Link, R6 uses the local eBGP path to the Internet. R6#show bgp ipv6 unicast 2001:DB8:ABC0::/48  BGP routing table entry for 2001:DB8:ABC0::/48, version 70 Paths: (1 available, best #1, table Default)   Advertised to update­groups:         2   64000     2001:DB8:5A:F6::8 (FE80::C80C:1BFF:FE4F:1C) from 2001:DB8:5A:F6::8 (10.0.0.8)       Origin incomplete, metric 0, localpref 100, valid, external, best R6#show ipv6 route 2001:DB8:ABC0::/48                        Routing entry for 2001:DB8:ABC0::/48   Known via "bgp 100", distance 20, metric 0, type external   Route count is 1/1, share count 0   Routing paths:     FE80::C80C:1BFF:FE4F:1C, GigabitEthernet3/0       Last updated 00:02:09 ago When we do a no shutdown on the R7-R9 Link the exit point is back to normal on R6 and other © Fred Bovy EIRL. IPv6 For Life. Page 73
  • 11.Checking Redundancy. Sunday, March 30, 2014 routers.  R7(config)#interface GigabitEthernet 3/0 R7(config­if)#no shutdown  R7(config­if)# *Mar 16 07:06:37.055: %BGP­5­ADJCHANGE: neighbor 172.16.1.6 Up  *Mar 16 07:06:37.475: %LINK­3­UPDOWN: Interface GigabitEthernet3/0, changed state to up *Mar 16 07:06:38.475: %LINEPROTO­5­UPDOWN: Line protocol on Interface GigabitEthernet3/0,  changed state to up *Mar 16 07:06:40.715: %BGP­5­ADJCHANGE: neighbor FE80::9%GigabitEthernet3/0 Up  R6#show ipv6 route 2001:DB8:ABC0::/48  Routing entry for 2001:DB8:ABC0::/48   Known via "bgp 100", distance 200, metric 0, type internal   Route count is 1/1, share count 0   Routing paths:     2001:DB8:678:B000::1       Last updated 00:01:17 ago R6#show bgp ipv6 2001:DB8:ABC0::/48 BGP routing table entry for 2001:DB8:ABC0::/48, version 91 Paths: (2 available, best #1, table Default)   Advertised to update­groups:         1   65000     2001:DB8:678:B000::1 (metric 3) from 10.0.0.5 (10.0.0.5)       Origin incomplete, metric 0, localpref 150, valid, internal, best       Originator: 10.0.0.7, Cluster list: 10.0.0.5   64000     2001:DB8:5A:F6::8 (FE80::C80C:1BFF:FE4F:1C) from 2001:DB8:5A:F6::8 (10.0.0.8)       Origin incomplete, metric 0, localpref 100, valid, external © Fred Bovy EIRL. IPv6 For Life. Page 74
  • 12.Routers Configurations. Sunday, March 30, 2014 12. Routers Configurations 12.1 R1 Current configuration : 2001 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password­encryption ! hostname R1 ip cef ! ipv6 unicast­routing ipv6 cef ! interface Loopback0  ip address 10.0.0.1 255.255.255.255  ipv6 address 2001:DB8:678:9000::1/128  ipv6 ospf 1 area 0 !interface GigabitEthernet1/0  ip address 10.0.1.1 255.255.255.252  negotiation auto  ipv6 address 2001:DB8:678:1::1/64  ipv6 ospf 1 area 0 !          interface GigabitEthernet2/0  ip address 10.0.1.9 255.255.255.252  negotiation auto  ipv6 address 2001:DB8:678:3::1/64  ipv6 ospf 1 area 0 !          interface GigabitEthernet3/0  ip address 10.0.1.5 255.255.255.252  negotiation auto  ipv6 address 2001:DB8:678:2::1/64  ipv6 ospf 1 area 0 !          interface GigabitEthernet4/0  ip address 10.2.0.1 255.255.255.252  negotiation auto  ipv6 address 2001:DB8:678:D004::7/64  ipv6 ospf 1 area 2 !          router ospf 1  log­adjacency­changes © Fred Bovy EIRL. IPv6 For Life. Page 75
  • 12.Routers Configurations. Sunday, March 30, 2014  network 10.2.0.0 0.0.255.255 area 2  network 10.0.0.0 0.255.255.255 area 0 !          router ospf 100  log­adjacency­changes !          router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 update­source Loopback0  !          address­family ipv4   neighbor 10.0.0.5 activate   no auto­summary   no synchronization  exit­address­family  !          address­family ipv6   neighbor 10.0.0.5 activate  exit­address­family        !          ipv6 router ospf 1  log­adjacency­changes 12.2 R3 service timestamps debug datetime msec service timestamps log datetime msec no service password­encryption ! hostname R3 ip cef ipv6 unicast­routing ipv6 cef ! ! interface Loopback0  ip address 10.0.0.3 255.255.255.255  ipv6 address 2001:DB8:678:9003::3/128  ipv6 ospf 1 area 0 !            interface GigabitEthernet0/0  ip address 10.1.0.6 255.255.255.252  duplex full  speed 1000  media­type gbic  negotiation auto  ipv6 address 2001:DB8:678:3::3/64 © Fred Bovy EIRL. IPv6 For Life. Page 76
  • 12.Routers Configurations. Sunday, March 30, 2014  ipv6 ospf 1 area 1 !          interface GigabitEthernet1/0  ip address 10.0.1.18 255.255.255.252  negotiation auto  ipv6 address 2001:DB8:678:17::3/64  ipv6 enable  ipv6 ospf 1 area 0 !          interface GigabitEthernet2/0  ip address 10.0.1.21 255.255.255.252  negotiation auto  ipv6 address 2001:DB8:678:33::3/64  ipv6 enable  ipv6 ospf 1 area 0 !          interface GigabitEthernet3/0  ip address 10.0.1.6 255.255.255.252  negotiation auto  ipv6 address 2001:DB8:678:2::3/64  ipv6 enable  ipv6 ospf 1 area 0 !          router ospf 1  log­adjacency­changes  network 10.0.0.0 0.0.255.255 area 0  network 10.1.0.0 0.0.255.255 area 1  network 10.0.0.0 0.255.255.255 area 0 !          router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 update­source Loopback0  !          address­family ipv4   neighbor 10.0.0.5 activate   no auto­summary   no synchronization  exit­address­family  !          address­family ipv6   neighbor 10.0.0.5 activate  exit­address­family !          12.3 R4 service timestamps debug datetime msec service timestamps log datetime msec © Fred Bovy EIRL. IPv6 For Life. Page 77
  • 12.Routers Configurations. Sunday, March 30, 2014 service password­encryption ! hostname R4 ! ! ip cef ipv6 unicast­routing ipv6 cef ! interface Loopback0  ip address 10.0.0.4 255.255.255.255  ipv6 address 2001:DB8:678:9004::4/128 ! interface GigabitEthernet0/0  ip address 10.0.1.2 255.255.255.252  duplex full  speed 1000  media­type gbic  negotiation auto  ipv6 address 2001:DB8:678:1::4/64  ipv6 ospf 1 area 0 !          interface GigabitEthernet1/0  ip address 10.0.1.17 255.255.255.252  negotiation auto  ipv6 address 2001:DB8:678:17::4/64  ipv6 ospf 1 area 0 !          interface GigabitEthernet2/0  ip address 10.0.1.13 255.255.255.252  negotiation auto  ipv6 address 2001:DB8:678:22::3/64  ipv6 ospf 1 area 0 !          interface GigabitEthernet3/0  ip address 10.1.0.1 255.255.255.252  negotiation auto  ipv6 address 2001:DB8:678:A000::1/64  ipv6 ospf 1 area 1 !       router ospf 1  log­adjacency­changes  network 10.0.0.0 0.0.255.255 area 0  network 10.1.0.0 0.0.255.255 area 1 !          router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 update­source Loopback0  !         © Fred Bovy EIRL. IPv6 For Life. Page 78
  • 12.Routers Configurations. Sunday, March 30, 2014  address­family ipv4   neighbor 10.0.0.5 activate   no auto­summary   no synchronization  exit­address­family  !          address­family ipv6   neighbor 10.0.0.5 activate  exit­address­family       !          ipv6 router ospf 1  log­adjacency­changes !          !  12.4 R5 – BGP Route-Reflector    service timestamps debug datetime msec service timestamps log datetime msec service password­encryption ! hostname R5 ! ip cef ipv6 unicast­routing ipv6 cef ! ! interface Loopback0  ip address 10.0.0.5 255.255.255.255  ipv6 address 2001:DB8:678:9005::5/128 ! interface GigabitEthernet0/0  ip address 10.0.1.22 255.255.255.252  duplex full  speed 1000  media­type gbic  negotiation auto  ipv6 address 2001:DB8:678:33::5/64  ipv6 ospf 1 area 0 ! interface GigabitEthernet1/0  ip address 10.0.1.10 255.255.255.252  negotiation auto  ipv6 address 2001:DB8:678:3::5/64  ipv6 ospf 1 area 0 ! interface GigabitEthernet2/0  ip address 10.0.1.14 255.255.255.252 © Fred Bovy EIRL. IPv6 For Life. Page 79
  • 12.Routers Configurations. Sunday, March 30, 2014  negotiation auto  ipv6 address 2001:DB8:678:22::5/64  ipv6 ospf 1 area 0 ! interface GigabitEthernet4/0  ip address 10.2.0.5 255.255.255.252  negotiation auto  ipv6 address 2001:DB8:678:D005::5/64  ipv6 ospf 1 area 2 !          router ospf 1  log­adjacency­changes  network 10.2.0.0 0.0.255.255 area 2  network 10.0.0.0 0.255.255.255 area 0 !          router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.1 remote­as 100  neighbor 10.0.0.1 update­source Loopback0  neighbor 10.0.0.3 remote­as 100  neighbor 10.0.0.3 update­source Loopback0  neighbor 10.0.0.4 remote­as 100  neighbor 10.0.0.4 update­source Loopback0  neighbor 10.0.0.6 remote­as 100  neighbor 10.0.0.6 update­source Loopback0  neighbor 10.0.0.7 remote­as 100  neighbor 10.0.0.7 update­source Loopback0  !          !          address­family ipv4   redistribute connected   neighbor 10.0.0.1 activate   neighbor 10.0.0.1 route­reflector­client   neighbor 10.0.0.3 activate   neighbor 10.0.0.3 route­reflector­client   neighbor 10.0.0.4 activate   neighbor 10.0.0.4 route­reflector­client   neighbor 10.0.0.6 activate   neighbor 10.0.0.6 route­reflector­client   neighbor 10.0.0.7 activate   neighbor 10.0.0.7 route­reflector­client   no auto­summary   no synchronization  exit­address­family  !          address­family ipv6   neighbor 10.0.0.1 activate   neighbor 10.0.0.1 route­reflector­client   neighbor 10.0.0.3 activate   neighbor 10.0.0.3 route­reflector­client © Fred Bovy EIRL. IPv6 For Life. Page 80
  • 12.Routers Configurations. Sunday, March 30, 2014   neighbor 10.0.0.4 activate   neighbor 10.0.0.4 route­reflector­client   neighbor 10.0.0.6 activate   neighbor 10.0.0.6 route­reflector­client   neighbor 10.0.0.7 activate   neighbor 10.0.0.7 route­reflector­client  exit­address­family !          ipv6 router ospf 1  log­adjacency­changes !           12.5 R6 service timestamps debug datetime msec service timestamps log datetime msec service password­encryption ! hostname R6 ip cef ipv6 unicast­routing ipv6 cef ! interface Loopback0  ip address 10.0.0.6 255.255.255.255  ipv6 address 2001:DB8:678:C000::6/128 ! interface GigabitEthernet1/0  ip address 10.2.0.2 255.255.255.252  negotiation auto  ipv6 address 2001:DB8:678:D004::6/64  ipv6 ospf 1 area 2 !          interface GigabitEthernet2/0  ip address 10.2.0.6 255.255.255.252  negotiation auto  ipv6 address 2001:DB8:678:D005::6/64  ipv6 ospf 1 area 2 !          interface GigabitEthernet3/0  ip address 172.16.1.1 255.255.255.252  negotiation auto  ipv6 address 2001:DB8:5A:F6::6/64  ipv6 ospf 1 area 1 !        router ospf 1  log­adjacency­changes © Fred Bovy EIRL. IPv6 For Life. Page 81
  • 12.Routers Configurations. Sunday, March 30, 2014  network 10.0.0.0 0.255.255.255 area 2 !          router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 update­source Loopback0  neighbor 2001:DB8:5A:F6::8 remote­as 64000  neighbor 172.16.1.2 remote­as 64000  !          address­family ipv4   neighbor 10.0.0.5 activate   neighbor 10.0.0.5 next­hop­self   no neighbor 2001:DB8:5A:F6::8 activate   neighbor 172.16.1.2 activate   no auto­summary   no synchronization  exit­address­family  !          address­family ipv6   neighbor 10.0.0.5 activate   neighbor 10.0.0.5 route­map fred out   neighbor 2001:DB8:5A:F6::8 activate  exit­address­family !                !          ipv6 router ospf 1  log­adjacency­changes  passive­interface GigabitEthernet3/0  redistribute connected !                route­map fred permit 10  set ipv6 next­hop 2001:DB8:678:C000::6 !          !          12.6 R7 service timestamps debug datetime msec service timestamps log datetime msec service password­encryption ! hostname R7 ! boot­start­marker boot­end­marker ! logging message­counter syslog ! no aaa new­model ip source­route © Fred Bovy EIRL. IPv6 For Life. Page 82
  • 12.Routers Configurations. Sunday, March 30, 2014 ip cef ipv6 unicast­routing ipv6 cef ! ! interface Loopback0  ip address 10.0.0.7 255.255.255.255  ipv6 address 2001:DB8:678:B000::1/128  ipv6 ospf 1 area 1 ! interface GigabitEthernet0/0  ip address 10.1.0.2 255.255.255.252  duplex full  speed 1000  media­type gbic  negotiation auto  ipv6 address 2001:DB8:678:A000::7/64  ipv6 ospf 1 area 1 ! interface GigabitEthernet1/0  ip address 10.1.0.5 255.255.255.252  negotiation auto  ipv6 address 2001:DB8:678:A001::7/64  ipv6 ospf 1 area 1 ! interface GigabitEthernet3/0  ip address 172.16.1.5 255.255.255.252  negotiation auto  ipv6 address FE80::7 link­local  ipv6 address 2001:DB8:5A:F7::6/64 ! router ospf 1  log­adjacency­changes  network 10.0.0.0 0.255.255.255 area 1 ! router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 update­source Loopback0  neighbor 172.16.1.6 remote­as 65000  neighbor FE80::9%GigabitEthernet3/0 remote­as 65000  !  address­family ipv4   neighbor 10.0.0.5 activate    neighbor 10.0.0.5 next­hop­self   neighbor 172.16.1.6 activate   no neighbor FE80::9%GigabitEthernet3/0 activate   no auto­summary   no synchronization  exit­address­family © Fred Bovy EIRL. IPv6 For Life. Page 83
  • 12.Routers Configurations. Sunday, March 30, 2014  !          address­family ipv6   neighbor 10.0.0.5 activate   neighbor 10.0.0.5 route­map fred out   neighbor FE80::9%GigabitEthernet3/0 activate   neighbor FE80::9%GigabitEthernet3/0 route­map setloc in  exit­address­family       !          ipv6 router ospf 1  log­adjacency­changes !                 route­map setloc permit 10  set local­preference 150 !          route­map fred permit 10  set ipv6 next­hop 2001:DB8:678:B000::1 !          12.7 R8-ISP2. AS 64000 service timestamps debug datetime msec service timestamps log datetime msec service password­encryption ! hostname ISP2­R8 ! ip cef ipv6 unicast­routing ipv6 cef ! interface Loopback0  ip address 10.0.0.8 255.255.255.255 !     !          interface GigabitEthernet1/0  ip address 172.16.1.2 255.255.255.252  negotiation auto  ipv6 address 2001:DB8:5A:F6::8/64 !  !          router bgp 64000  bgp log­neighbor­changes  neighbor 2001:DB8:5A:F6::6 remote­as 100  neighbor 172.16.1.1 remote­as 100  !          address­family ipv4   redistribute static   no neighbor 2001:DB8:5A:F6::6 activate   neighbor 172.16.1.1 activate © Fred Bovy EIRL. IPv6 For Life. Page 84
  • 12.Routers Configurations. Sunday, March 30, 2014   no auto­summary   no synchronization  exit­address­family  !          address­family ipv6   neighbor 2001:DB8:5A:F6::6 activate   redistribute static   no synchronization  exit­address­family !          ip route 202.3.0.0 255.255.255.0 Null0 ip route 202.3.1.0 255.255.255.0 Null0 ip route 202.3.2.0 255.255.255.0 Null0 ip route 202.3.3.0 255.255.255.0 Null0 ip route 202.3.4.0 255.255.255.0 Null0 ip route 202.3.5.0 255.255.255.0 Null0 ip route 202.3.6.0 255.255.255.0 Null0 ip route 202.3.7.0 255.255.255.0 Null0 ip route 202.3.8.0 255.255.255.0 Null0 ip route 202.3.9.0 255.255.255.0 Null0 no ip http server no ip http secure­server !          !          !          ipv6 route 2001:DB8:ABC0::/48 Null0 ipv6 route 2001:DB8:ABC1::/48 Null0 ipv6 route 2001:DB8:ABC2::/48 Null0 ipv6 route 2001:DB8:ABC3::/48 Null0 ipv6 route 2001:DB8:ABC4::/48 Null0 ipv6 route 2001:DB8:ABC5::/48 Null0 ipv6 route 2001:DB8:ABC6::/48 Null0 ipv6 route 2001:DB8:ABC7::/48 Null0 ipv6 route 2001:DB8:ABC8::/48 Null0 ipv6 route 2001:DB8:ABC9::/48 Null0 ipv6 route 2001:DB8:ABCA::/48 Null0 !          12.8 R9-ISP1. AS 65000 service timestamps debug datetime msec service timestamps log datetime msec service password­encryption ! hostname ISP1­R9 ip source­route ip cef ipv6 unicast­routing © Fred Bovy EIRL. IPv6 For Life. Page 85
  • 12.Routers Configurations. Sunday, March 30, 2014 ipv6 cef ! interface Loopback0  ip address 10.0.0.9 255.255.255.255 ! !          interface GigabitEthernet1/0  ip address 172.16.1.6 255.255.255.252  negotiation auto  ipv6 address FE80::9 link­local  ipv6 address 2001:DB8:5A:F7::9/64 !      router bgp 65000  bgp log­neighbor­changes  neighbor 172.16.1.5 remote­as 100  neighbor FE80::7%GigabitEthernet1/0 remote­as 100  !          address­family ipv4   redistribute static metric 5   neighbor 172.16.1.5 activate   no neighbor FE80::7%GigabitEthernet1/0 activate   no auto­summary   no synchronization  exit­address­family  !          address­family ipv6   neighbor FE80::7%GigabitEthernet1/0 activate   redistribute static   no synchronization  exit­address­family !          ip forward­protocol nd ip route 202.3.0.0 255.255.255.0 Null0 ip route 202.3.1.0 255.255.255.0 Null0 ip route 202.3.2.0 255.255.255.0 Null0 ip route 202.3.3.0 255.255.255.0 Null0 ip route 202.3.4.0 255.255.255.0 Null0 ip route 202.3.5.0 255.255.255.0 Null0 ip route 202.3.6.0 255.255.255.0 Null0 ip route 202.3.7.0 255.255.255.0 Null0 ip route 202.3.8.0 255.255.255.0 Null0 ip route 202.3.9.0 255.255.255.0 Null0     !          ipv6 route 2001:DB8:ABC0::/48 Null0 ipv6 route 2001:DB8:ABC1::/48 Null0 ipv6 route 2001:DB8:ABC2::/48 Null0 ipv6 route 2001:DB8:ABC3::/48 Null0 ipv6 route 2001:DB8:ABC4::/48 Null0 ipv6 route 2001:DB8:ABC5::/48 Null0 ipv6 route 2001:DB8:ABC6::/48 Null0 © Fred Bovy EIRL. IPv6 For Life. Page 86
  • 12.Routers Configurations. Sunday, March 30, 2014 ipv6 route 2001:DB8:ABC7::/48 Null0 ipv6 route 2001:DB8:ABC8::/48 Null0 ipv6 route 2001:DB8:ABC9::/48 Null0 ipv6 route 2001:DB8:ABCA::/48 Null0 !            © Fred Bovy EIRL. IPv6 For Life. Page 87
  • 12.Routers Configurations. Sunday, March 30, 2014     © Fred Bovy EIRL. IPv6 For Life. Page 88
  • 12.Routers Configurations. Sunday, March 30, 2014 Migration of a Dual-Stack Backbone from OSPFv3 and OSPFv2 to IS-IS Version 1.4 From Fred Bovy ccie #3013 Routing IPv6 Part 3 http://www.ipv6forlife.com/Tutorial/labISIS/ © Fred Bovy EIRL. IPv6 For Life. Page 89
  • 13.Why a Migration to IS-IS?. Sunday, March 30, 2014 13. Why a Migration to IS-IS? The benefits running ISIS instead of OSPF are: • That you only run one Routing Protocol for both IPv4 and IPv6. You can run the same SPF for both IPv4 and IPv6 or have Multiple Topologies. • IS-IS database is far more easy to read than OSPF and you do not need to study the protocol in depth to understand it. • ISIS run over CLNS, an OSI protocol and implement safety protocols which make it a bit harder to hack than OSPFv2. • For the refreshment of the Database, for each LSA OSPF counts from zero up to 1800 seconds, 30 minutes and refresh it because MaxAge is one hour after which the LSA is removed from consideration when computing routes. • With IS-IS we count from zero to a configurable MaxAge that can be different for each link. To minimize the traffic overhead in a stable Network we can set it up to more than 18 hours. • A migration to IS-IS is a very easy process and transparent for the users as we can run both protocols, then we can make the Admin distance of OSPF higher than its default to get IS-IS routes in the tables rather than OSPFv2 and OSPFv3. Obviously it is recommended to check each protocol one at a time. • People familiar with OSPF don't have any problem to switch to OSPF. It makes their life easier. I decided to start with all routers in the same Area Level-2. This is what most people do but for extremely large IS-IS Networks you may need multiarea. Then we do a migration to multiarea.http://www.ipv6forlife.com/Tutorial/labISIS/ © Fred Bovy EIRL. IPv6 For Life. Page 90 Illustration 10: Final Lab Setup
  • 14.IS-IS Reminder. Sunday, March 30, 2014 14. IS-IS Reminder 14.1 Introduction and history IS-IS is a Link State Routing Protocol like OSPF which was designed to route OSI protocol CLNS. In the early 90s we had hit the IPv4 lack of address problems and OSI was a candidate to replace IPv4 with a 20 bytes maximum long address. Only Digital followed and Decnet Phase V was OSI protocols. Later came ATM which brought some confusion. Which one to choose. IBM made the ATM 25 Mbps choice for the desktop LAN connection. ATM was sounding great as it was proposing to unified all networks in one: Data, Video, Voice Traffic could live together and each one was receiving the Quality of Service that it wanted. Many IP QoS and others are using some parts of ATM that were great for IP too. IS-IS do not run over IPv4 or IPv6 but CLNS, this is why you need to set the NET. The NET is also used to identify an area. The NET use the lower 48 bit to identify the host, the rest which is the highest bits of the address is the area address. In our lab we are using area 39.b000.0000.0000.000x.00, where x is the Router number. When we will split the domain in 3 Area we will use 3 NET area 39.c000 and 39.d000 will be the additional Area. IS-IS sees two different LSP8 , the LSA9 counterpart of OSPF. The Router LSP and the Network LSP generated by the Designated Intermediate System (DIS). You have a Database for Level-1 and a database for Level-2 Routeing. It is not a fault, in OSI papers you will read Routeing instead of Routing. It must have been written by a French having a problem with English language. So it makes 4 different LSPs instead of 9 and more for OSPF. IS-IS LSP can be interpreted directly it is in a clear format. OSPF LSAs needs some study to be understood. The hierarchy in IS-IS is made with 2 Levels of Routing. Level-2 Routers are Backbone Area Routers while Level-1 Area Routers are Internal non backbone routers. To connect an Area with the Backbone you need a Level-1-2 Router. The Level-1 routers only see the local Routes and have a default route to a Level-1-2 routers. 8 Link-State Packet 9 Link-State Advertisement © Fred Bovy EIRL. IPv6 For Life. Page 91 Illustration 11: IS-IS Architecture
  • 14.IS-IS Reminder. Sunday, March 30, 2014 14.2 IS-IS Architecture As OSPF, it also has a 2 level routing. Level-2 Routers are the Backbone. The backbone must be continuous. Area can connect to the backbone with Level-1-210 Routers. Router which are in only one area are Level 1 except for the backbone which are Level-2. FOR THE SAKE OF SIMPLICITY, IN THE LAB WE START WITH ONE AREA If we follow the same Architecture that we used for OSPF in previous Volume and multiple Area we would need to do Route Leaking for the eBGP routers for BGP Next-hop to be resolved in BGP Paths. The metric-style is by default narrow which means that it is limited to 63 max, it can be set to wide and be coded with 32 bits! 14.3 Security ISIS can be secured with Passwords which is highly recommended. 14.4 Neighbor Discovery For each Level, routers sends IS to IS Hello (IIH) on a regular basis. To make sure that MTU matches, the Hello are sent at MTU. 14.5 Multipoint Networks The neighbors discovers themselves as they send Level-2-IIH and or Level-1-IIH. IIH stands for IS-IS Hello Packets. For the Multipoint networks, IS-IS has an approach similar to OSPF. It elects a Designated Intermediate System (DIS). There is no backup DIS as it is not needed, any router can take over immediately the DIS role if it fails. 10 The equivalent of an OSPF ABR. © Fred Bovy EIRL. IPv6 For Life. Page 92 Illustration 12: IS-IS 2 levels of Routing
  • 14.IS-IS Reminder. Sunday, March 30, 2014 As for the OSPF DR, the DIS helps for two things: • It generates a Pseudonode LSP to which it is also connected to on the behalf of all the Neighbors of the Network. • It helps Neighbors Synchronization by sending a CSNP2 message on a regular time basis. This CSNP11 advertises the headers of all the LSP12 s of the Database. If a Neighbor noticed that it has a missing or out-of-date LSP, it sends a PSNP Request to get the Last LSP. No.     Time        Source                Destination           Protocol Length Info      13 8.726791    ca:07:1b:4f:00:54     ISIS­all­level­2­IS's ISIS     310    L2 CSNP, Source­ID: 0000.0000.0003.00,  Start LSP­ID: 0000.0000.0000.00­00, End LSP­ID: ffff.ffff.ffff.ff­ff Frame 13: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) IEEE 802.3 Ethernet  Logical­Link Control     DSAP: ISO Network Layer (0xfe)     IG Bit: Individual     SSAP: ISO Network Layer (0xfe)     CR Bit: Command     Control field: U, func=UI (0x03) ISO 10589 ISIS InTRA Domain Routeing Information Exchange Protocol     Intra Domain Routing Protocol Discriminator: ISIS (0x83)     PDU Header Length: 33     Version (==1): 1     System ID Length: 0     PDU Type           : L2 CSNP (R:000)     Version2 (==1): 1     Reserved (==0): 0     Max.AREAs: (0==3): 0     ISO 10589 ISIS Complete Sequence Numbers Protocol Data Unit         PDU length: 293         Source­ID:    0000.0000.0003.00         Start LSP­ID: 0000.0000.0000.00­00         End LSP­ID: ffff.ffff.ffff.ff­ff         LSP entries (240)             LSP­ID: 0000.0000.0001.00­00, Sequence: 0x00000022, Lifetime:   918s, Checksum: 0xe12c             LSP­ID: 0000.0000.0003.00­00, Sequence: 0x0000001e, Lifetime:  1151s, Checksum: 0xa480             LSP­ID: 0000.0000.0003.04­00, Sequence: 0x00000018, Lifetime:   481s, Checksum: 0xd0ec             LSP­ID: 0000.0000.0004.00­00, Sequence: 0x00000020, Lifetime:   599s, Checksum: 0xe42a             LSP­ID: 0000.0000.0004.01­00, Sequence: 0x00000019, Lifetime:   725s, Checksum: 0xe9d3             LSP­ID: 0000.0000.0004.02­00, Sequence: 0x00000019, Lifetime:   619s, Checksum: 0x15a5             LSP­ID: 0000.0000.0005.00­00, Sequence: 0x0000001e, Lifetime:   739s, Checksum: 0x7eeb             LSP­ID: 0000.0000.0005.01­00, Sequence: 0x00000019, Lifetime:   414s, Checksum: 0x2297             LSP­ID: 0000.0000.0005.02­00, Sequence: 0x00000019, Lifetime:   545s, Checksum: 0xe8d1             LSP­ID: 0000.0000.0005.03­00, Sequence: 0x0000001a, Lifetime:  1127s, Checksum: 0x2b8a             LSP­ID: 0000.0000.0006.00­00, Sequence: 0x00000015, Lifetime:   763s, Checksum: 0xab64             LSP­ID: 0000.0000.0006.01­00, Sequence: 0x00000012, Lifetime:   781s, Checksum: 0x04bc             LSP­ID: 0000.0000.0006.02­00, Sequence: 0x00000012, Lifetime:   843s, Checksum: 0x615a             LSP­ID: 0000.0000.0007.00­00, Sequence: 0x00000014, Lifetime:   461s, Checksum: 0xb2f9             LSP­ID: 0000.0000.0007.01­00, Sequence: 0x00000012, Lifetime:   677s, Checksum: 0x5566         LSP entries (16)             LSP­ID: 0000.0000.0007.02­00, Sequence: 0x00000012, Lifetime:   661s, Checksum: 0x3586 The CSNP are used on Point to Point at initialization only to make sure that the two ends are in synchronization. On Broadcast Networks, on a regular basis, every 10 seconds with a variation of about 3 seconds max to avoid synchronization. 11 Complete Sequence Number Packet 12 Link State Packet or LSP which populate the IS-IS database. © Fred Bovy EIRL. IPv6 For Life. Page 93
  • 14.IS-IS Reminder. Sunday, March 30, 2014 14.6 Point to Point Networks On the Point-to-Point Networks we also use CSNP but only just after we discovered the neighbor with the P2P IIH for Point-to-Point IS-IS to IS-IS Hello message. 15. Migration Steps 15.1. Backbone Configuration Configuration of the Core routers is very straightforward. You need to give a unique NET for each router 39.b000.0000.0000.000X.00 , x is the router number. The NET is the CLNS Address of the Router, it defines the Area, here 39.b000 is the Area Address and 0003 is the Router number. router isis fred   is­type level­2­only   net 39.b000.0000.0000.0003.00   passive­interface lo0  interface GigabitEthernet0/0  ip router isis fred  ipv6 router isis fred  Repeat the same for each core interface... 15.2 Verification that ISIS is running OK. Check IS-IS neighbors The easiest way is to run the command “show clns neighbor” on each node and check that the old OSPF neighbors are now also IS-IS neighbor. R4> show clns neighbors  System Id      Interface   SNPA                State  Holdtime  Type Protocol R7             Gi3/0       ca0b.1b64.0008      Up     9         L2   IS­IS R1             Gi0/0       ca05.1b4f.001c      Up     27        L2   IS­IS R5             Gi2/0       ca09.1b64.0038      Up     9         L2   IS­IS R3             Gi1/0       ca07.1b4f.001c      Up     24        L2   IS­IS You can also us “show isis neighbors” R4>show isis neighbors  System Id      Type Interface   IP Address      State Holdtime Circuit Id R7             L2   Gi3/0       10.1.0.2        UP    9        R7.01               R1             L2   Gi0/0       10.0.1.1        UP    23       R4.01               R5             L2   Gi2/0       10.0.1.14       UP    7        R5.03               R3             L2   Gi1/0       10.0.1.18       UP    21       R4.02               © Fred Bovy EIRL. IPv6 For Life. Page 94
  • 15.Migration Steps. Sunday, March 30, 2014 Check that all IS-IS are Up from the database To check that all neighbors are UP you can check the ISIS database as this is the case here: R4>show isis database  IS­IS Level­2 Link State Database: LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL 0000.0000.0000.02­00  0x00000000   0x0000        1025              0/0/0 R1.00­00              0x00000011   0x041B        625               0/0/0 R3.00­00              0x0000000D   0xC66F        842               0/0/0 R3.04­00              0x00000008   0xF0DC        631               0/0/0 R4.00­00            * 0x00000010   0x051A        859               0/0/0 R4.01­00            * 0x00000008   0x0CC2        696               0/0/0 R4.02­00            * 0x00000008   0x3794        411               0/0/0 R5.00­00              0x0000000D   0xA0DA        625               0/0/0 R5.01­00              0x00000009   0x4287        1104              0/0/0 R5.02­00              0x00000008   0x0BC0        659               0/0/0 R5.03­00              0x00000009   0x4D79        1189              0/0/0 R6.00­00              0x00000004   0xCD53        626               0/0/0 R6.01­00              0x00000001   0x26AB        624               0/0/0 R6.02­00              0x00000001   0x8349        624               0/0/0 R7.00­00              0x00000004   0xD2E9        886               0/0/0 R7.01­00              0x00000002   0x7556        1003              0/0/0 R7.02­00              0x00000002   0x5576        919               0/0/0 To inspect a LSP3 in particular in the Database, for instance R4. R4 generated 2 LSP: One is the Router LSP and one because this router is also DIS4 for a LAN and is the equivalent of the DR for OSPF. R4>show isis database R4.00­00 detail IS­IS Level­2 LSP R4.00­00 LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL R4.00­00            * 0x00000011   0x031B        1149              0/0/0   Area Address: 39.b000   NLPID:        0xCC 0x8E    Hostname: R4   IP Address:   10.1.0.1   IPv6 Address: 2001:DB8:678:A000::1   Metric: 10         IS R4.02   Metric: 10         IS R4.01   Metric: 10         IS R7.01   Metric: 10         IS R5.03   Metric: 10         IP 10.0.1.0 255.255.255.252   Metric: 10         IP 10.0.1.12 255.255.255.252   Metric: 10         IP 10.0.1.16 255.255.255.252   Metric: 10         IP 10.1.0.0 255.255.255.252   Metric: 10         IPv6 2001:DB8:678:1::/64   Metric: 10         IPv6 2001:DB8:678:17::/64   Metric: 10         IPv6 2001:DB8:678:22::/64   Metric: 10         IPv6 2001:DB8:678:A000::/64 You have both the Topology information, the Neighbor Router IS and the Prefixes advertized by the © Fred Bovy EIRL. IPv6 For Life. Page 95
  • 15.Migration Steps. Sunday, March 30, 2014 node in the Router LSP. Now let's take a look at the DIS Pseudo-node LSP. We know it is a Pseudo-node LSP because of the 01 in R4.01-00 which is different from 0, the Router LSP. This one is purely Topology and gives all the neighbors of a Multipoint Network. Also note that the second digit after – is 00 because it is fragment 0. In case we have a LSP too big for the MTU5, we fragment is and this number is the fragment number. R4>show isis database R4.01­00 detail  IS­IS Level­2 LSP R4.01­00 LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL R4.01­00            * 0x00000009   0x0AC3        985               0/0/0   Metric: 0          IS R4.00   Metric: 0          IS R1.00 Remove OSPF for IPv4 and check the IPv4 Routing table R1#conf t To check that ISISis OK takink no risk to have missing routes, change the OSPF  Administrative distance to 120 and check that the ISIS routes are replacing the OSPF: R5(config­router)#distance 120 If you have a very large routing table you could start high level with a “show  ip route summary” and “show ipv6 route summary”. This gives you the most important information. R5>show ip route summary  IP routing table name is Default­IP­Routing­Table(0) IP routing table maximum­paths is 32 Route Source    Networks    Subnets     Overhead    Memory (bytes) connected       0           5           320         760 static          0           0           0           0 bgp 100         10          0           640         1520   External: 0 Internal: 10 Local: 0 isis fred       0           11          1024        1672   Level 1: 0 Level 2: 11 Inter­area: 0 internal        1                                   1172 Total           11          16          1984        5124 Removing Queue Size 0 R5>show ipv6 route summary  IPv6 routing table name is Default(0) global scope ­ 32 entries IPv6 routing table default maximum­paths is 16 Route Source    Networks    Overhead    Memory (bytes) connected       4           384         512          local           6           576         768          bgp 100         11          1056        1408           Internal: 11  External: 0  Local: 0 isis fred       11          1632        1408           Level 1: 0  Level 2: 11  Inter­area: 0  Summary: 0 Total           32          3648        4096           Number of prefixes:     /8: 1, /48: 11, /64: 10, /128: 10 © Fred Bovy EIRL. IPv6 For Life. Page 96
  • 15.Migration Steps. Sunday, March 30, 2014 R5#how ip route *Mar 18 22:57:51.756: %SYS­5­CONFIG_I: Configured from console by consoles Codes: C ­ connected, S ­ static, R ­ RIP, M ­ mobile, B ­ BGP        D ­ EIGRP, EX ­ EIGRP external, O ­ OSPF, IA ­ OSPF inter area         N1 ­ OSPF NSSA external type 1, N2 ­ OSPF NSSA external type 2        E1 ­ OSPF external type 1, E2 ­ OSPF external type 2        i ­ IS­IS, su ­ IS­IS summary, L1 ­ IS­IS level­1, L2 ­ IS­IS level­2        ia ­ IS­IS inter area, * ­ candidate default, U ­ per­user static route        o ­ ODR, P ­ periodic downloaded static route Gateway of last resort is not set B    202.3.6.0/24 [200/0] via 10.0.0.6, 1d06h B    202.3.7.0/24 [200/0] via 10.0.0.6, 1d06h B    202.3.4.0/24 [200/0] via 10.0.0.6, 1d06h B    202.3.5.0/24 [200/0] via 10.0.0.6, 1d06h B    202.3.2.0/24 [200/0] via 10.0.0.6, 1d06h B    202.3.3.0/24 [200/0] via 10.0.0.6, 1d06h B    202.3.0.0/24 [200/0] via 10.0.0.6, 1d06h B    202.3.1.0/24 [200/0] via 10.0.0.6, 1d06h      10.0.0.0/8 is variably subnetted, 16 subnets, 2 masks C       10.0.1.8/30 is directly connected, GigabitEthernet1/0 C       10.0.1.12/30 is directly connected, GigabitEthernet2/0 i L2    10.2.0.0/30 [115/20] via 10.2.0.6, GigabitEthernet4/0                     [115/20] via 10.0.1.9, GigabitEthernet1/0 O       10.0.0.3/32 [120/2] via 10.0.1.21, 00:00:06, GigabitEthernet0/0 i L2    10.1.0.0/30 [115/20] via 10.0.1.13, GigabitEthernet2/0 i L2    10.0.1.0/30 [115/20] via 10.0.1.13, GigabitEthernet2/0                     [115/20] via 10.0.1.9, GigabitEthernet1/0 i L2    10.0.0.1/32 [115/10] via 10.0.1.9, GigabitEthernet1/0 C       10.2.0.4/30 is directly connected, GigabitEthernet4/0 O       10.0.0.6/32 [120/2] via 10.2.0.6, 00:00:06, GigabitEthernet4/0 O IA    10.0.0.7/32 [120/3] via 10.0.1.21, 00:00:06, GigabitEthernet0/0                     [120/3] via 10.0.1.13, 00:00:06, GigabitEthernet2/0 O       10.0.0.4/32 [120/2] via 10.0.1.13, 00:00:06, GigabitEthernet2/0 i L2    10.1.0.4/30 [115/20] via 10.0.1.21, GigabitEthernet0/0 i L2    10.0.1.4/30 [115/20] via 10.0.1.21, GigabitEthernet0/0                     [115/20] via 10.0.1.9, GigabitEthernet1/0 C       10.0.0.5/32 is directly connected, Loopback0 i L2    10.0.1.16/30 [115/20] via 10.0.1.21, GigabitEthernet0/0                      [115/20] via 10.0.1.13, GigabitEthernet2/0 C       10.0.1.20/30 is directly connected, GigabitEthernet0/0 B    202.3.8.0/24 [200/0] via 10.0.0.6, 1d06h B    202.3.9.0/24 [200/0] via 10.0.0.6, 1d06h Here we still have OSPF routes meaning that some routers have not been configured properly. In our example as 10.0.0.3 is still an OSPF routes we probably have forgotten to configure IS-IS properly on R3. Let's check other routes: R5#show ip route 10.0.1.16 Routing entry for 10.0.1.16/30   Known via "isis", distance 115, metric 20, type level­2   Redistributing via isis © Fred Bovy EIRL. IPv6 For Life. Page 97
  • 15.Migration Steps. Sunday, March 30, 2014   Last update from 10.0.1.13 on GigabitEthernet2/0, 00:05:13 ago   Routing Descriptor Blocks:   * 10.0.1.21, from 10.0.1.6, via GigabitEthernet0/0       Route metric is 20, traffic share count is 1     10.0.1.13, from 10.1.0.1, via GigabitEthernet2/0       Route metric is 20, traffic share count is 1 Check the Router data plane (CEF and CEFv6) R5#show ip cef 10.0.1.16 10.0.1.16/30   nexthop 10.0.1.13 GigabitEthernet2/0   nexthop 10.0.1.21 GigabitEthernet0/0 R5#show ip cef 10.0.1.16 internal 10.0.1.16/30, epoch 0, RIB[I], refcount 5, per­destination sharing   sources: RIB    feature space:    IPRM: 0x00038000   ifnums:    GigabitEthernet0/0(5): 10.0.1.21    GigabitEthernet2/0(7): 10.0.1.13   path 66EC3CE4, path list 66EC2CE0, share 1/1, type attached nexthop, for IPv4   nexthop 10.0.1.13 GigabitEthernet2/0, adjacency IP adj out of GigabitEthernet2/0, addr  10.0.1.13 66F19380   path 66EC3D58, path list 66EC2CE0, share 1/1, type attached nexthop, for IPv4   nexthop 10.0.1.21 GigabitEthernet0/0, adjacency IP adj out of GigabitEthernet0/0, addr  10.0.1.21 66F194C0   output chain:     loadinfo 683E0EAC, per­session, 2 choices, flags 0003, 6 locks     flags: Per­session, for­rx­IPv4     16 hash buckets       < 0 > IP adj out of GigabitEthernet2/0, addr 10.0.1.13 66F19380       < 1 > IP adj out of GigabitEthernet0/0, addr 10.0.1.21 66F194C0       < 2 > IP adj out of GigabitEthernet2/0, addr 10.0.1.13 66F19380       < 3 > IP adj out of GigabitEthernet0/0, addr 10.0.1.21 66F194C0       < 4 > IP adj out of GigabitEthernet2/0, addr 10.0.1.13 66F19380       < 5 > IP adj out of GigabitEthernet0/0, addr 10.0.1.21 66F194C0       < 6 > IP adj out of GigabitEthernet2/0, addr 10.0.1.13 66F19380       < 7 > IP adj out of GigabitEthernet0/0, addr 10.0.1.21 66F194C0       < 8 > IP adj out of GigabitEthernet2/0, addr 10.0.1.13 66F19380       < 9 > IP adj out of GigabitEthernet0/0, addr 10.0.1.21 66F194C0       <10 > IP adj out of GigabitEthernet2/0, addr 10.0.1.13 66F19380       <11 > IP adj out of GigabitEthernet0/0, addr 10.0.1.21 66F194C0       <12 > IP adj out of GigabitEthernet2/0, addr 10.0.1.13 66F19380       <13 > IP adj out of GigabitEthernet0/0, addr 10.0.1.21 66F194C0       <14 > IP adj out of GigabitEthernet2/0, addr 10.0.1.13 66F19380       <15 > IP adj out of GigabitEthernet0/0, addr 10.0.1.21 66F194C0     Subblocks:      None Troubleshoot a bug with an Incomplete Adjacency. Found a Bug Entry in the Adjacency table. R5#show adjacency GigabitEthernet0/0 detail  Protocol Interface                 Address © Fred Bovy EIRL. IPv6 For Life. Page 98
  • 15.Migration Steps. Sunday, March 30, 2014 IP       GigabitEthernet0/0        10.0.1.21(28)                                    955 packets, 61599 bytes                                    epoch 0                                    sourced in sev­epoch 0                                    Encap length 14                                    CA071B4F0038CA091B6400080800                                    ARP IPV6     GigabitEthernet0/0        FE80::C807:1BFF:FE4F:38(39) (incomplete)                                    39 packets, 3042 bytes                                    epoch 0                                    sourced in sev­epoch 0                                    punt (rate­limited) packets                                    no src set Punt means that is cannot be CEF switched and is punted to next level which is no good (see below). In this situation you need to check what's wrong. The image I used for this lab is really an old image and I suspect a bug as I have received other console message using OSPF or ISIS. It reminds me a bug with an Ethernet driver who was not able to deal with a small load of traffic! This punt is for IPv6 Traffic we have not yet switched to IS-IS for IPv6 The address belongs to its neighbor which is cool and the other interface is OK! So it sounds like a bug if it is persistant. In this case you should troubleshoot the problem until the entry is no longer Punt. Punt means that the destination is not CEFv6 switched but switched by the processor when the IPv6 Queue will have its shared time slice. It is rate limited to avoid that the processor gets on its knees, so packets can be dropped! Get to the TAC or your CISCO dealer if you cannot make it! In my case I moved Gig0/0 to Gig3/0 which was free and leaved Gig0/0 which is the interface on the processor board on the c7200 which should not be used for switching traffic but for admin. I reloaded the router and the problem disappeared. Fortunately many bugs have easy workaround: R5#show adjacency GigabitEthernet 3/0 Protocol Interface                 Address IP       GigabitEthernet3/0        10.0.1.21(28) IPV6     GigabitEthernet3/0        FE80::C807:1BFF:FE4F:38(23) R5#show adjacency GigabitEthernet 4/0 Protocol Interface                 Address IP       GigabitEthernet4/0        10.2.0.6(21) IPV6     GigabitEthernet4/0        FE80::C80A:1BFF:FE64:38(17) R5#show adjacency GigabitEthernet 1/0 Protocol Interface                 Address IP       GigabitEthernet1/0        10.0.1.9(36) IPV6     GigabitEthernet1/0        FE80::C805:1BFF:FE4F:38(32) R5#show adjacency GigabitEthernet 2/0 Protocol Interface                 Address IP       GigabitEthernet2/0        10.0.1.13(29) IPV6     GigabitEthernet2/0        FE80::C808:1BFF:FE4F:38(26) © Fred Bovy EIRL. IPv6 For Life. Page 99
  • 15.Migration Steps. Sunday, March 30, 2014 R3#sh ipv6 int g2/0 GigabitEthernet2/0 is up, line protocol is up   IPv6 is enabled, link­local address is FE80::C807:1BFF:FE4F:38  R5#show adjacency GigabitEthernet2/0 detail Protocol Interface                 Address IP       GigabitEthernet2/0        10.0.1.13(28)                                    1105 packets, 69247 bytes                                    epoch 0                                    sourced in sev­epoch 0                                    Encap length 14                                    CA081B4F0038CA091B6400380800                                    ARP IPV6     GigabitEthernet2/0        FE80::C808:1BFF:FE4F:38(39)                                    0 packets, 0 bytes                                    epoch 0                                    sourced in sev­epoch 0                                    Encap length 14                                    CA081B4F0038CA091B64003886DD                                    IPv6 ND Remove OSPFv3 for IPv6 and check the RIBv613 R4#conf t Enter configuration commands, one per line.  End with CNTL/Z. R4(config)#no router ospf 1 R4(config)#int g0/0 R4(config­if)#no ipv6 ospf 1 area 0 R4(config­if)#int g1/0 R4(config­if)#no ipv6 ospf 1 area 0 R4(config­if)#int g2/0 R4(config­if)#no ipv6 ospf 1 area 0 R4(config­if)#int g3/0 R4(config­if)#no ipv6 ospf 1 area 0 R4(config­if)#int g4/0 R4(config­if)#no ipv6 ospf 1 area 0 *Mar 18 23:26:28.540: %OSPF­5­ADJCHG: Process 1, Nbr 10.0.0.5 on GigabitEthernet2/0 from  FULL to DOWN, Neighbor Down: Interface down or detached *Mar 18 23:26:28.580: %OSPF­5­ADJCHG: Process 1, Nbr 10.0.0.7 on GigabitEthernet3/0 from  FULL to DOWN, Neighbor Down: Interface down or detached *Mar 18 23:26:28.636: %OSPFv3­5­ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from  FULL to DOWN, Neighbor Down: Interface down or detached *Mar 18 23:26:28.676: %OSPFv3­5­ADJCHG: Process 1, Nbr 10.0.0.3 on GigabitEthernet1/0 from  FULL to DOWN, Neighbor Down: Interface down or detached *Mar 18 23:26:28.684: %OSPFv3­5­ADJCHG: Process 1, Nbr 10.0.0.5 on GigabitEthernet2/0 from  FULL to DOWN, Neighbor Down: Interface down or detached R4(config­if)#do show ipv6 route IPv6 Routing Table ­ Default ­ 30 entries Codes: C ­ Connected, L ­ Local, S ­ Static, U ­ Per­user Static route        B ­ BGP, M ­ MIPv6, R ­ RIP, I1 ­ ISIS L1        I2 ­ ISIS L2, IA ­ ISIS interarea, IS ­ ISIS summary, D ­ EIGRP        EX ­ EIGRP external        O ­ OSPF Intra, OI ­ OSPF Inter, OE1 ­ OSPF ext 1, OE2 ­ OSPF ext 2        ON1 ­ OSPF NSSA ext 1, ON2 ­ OSPF NSSA ext 2 C   2001:DB8:678:1::/64 [0/0]      via GigabitEthernet0/0, directly connected 13 Routing Information Base or Routing table © Fred Bovy EIRL. IPv6 For Life. Page 100
  • 15.Migration Steps. Sunday, March 30, 2014 L   2001:DB8:678:1::4/128 [0/0]      via GigabitEthernet0/0, receive I2  2001:DB8:678:2::/64 [115/20]      via FE80::C807:1BFF:FE4F:1C, GigabitEthernet1/0      via FE80::C805:1BFF:FE4F:1C, GigabitEthernet0/0 O   2001:DB8:678:3::/64 [110/2]      via FE80::C80B:1BFF:FE64:8, GigabitEthernet3/0 C   2001:DB8:678:17::/64 [0/0]      via GigabitEthernet1/0, directly connected L   2001:DB8:678:17::4/128 [0/0]      via GigabitEthernet1/0, receive C   2001:DB8:678:22::/64 [0/0]      via GigabitEthernet2/0, directly connected L   2001:DB8:678:22::3/128 [0/0]      via GigabitEthernet2/0, receive  [snip] Then we check that BGP Recursive Route entries are properly resolved by CEF following the same methods that has been demonstrated many time in the previous Lab book. 15.3. Backbone Migration strategies The most conservative strategy I can see is: 1. You start configuring ISIS with a distance very high. Be careful this must be set for address-family ipv4 and address-family ipv6 separately. This way you can check all your IS-IS initialization is going OK. Distance 255 and the route will never go in the Routing table! 1. Check the neighbors for each router. 2. Check the Database to make sure all LSPs are there 2. If OK change Administrative distance to be lower than OSPF for both address-family again. 3. You should only see IS-IS Route IPv4 and IPv6 and no more OSPF. 4. Then you can check CEF and CEFv6 initialization of a few strategic points. 5. You can leave OSPF configurations a few days before removing it as it consumes resources for nothing else but backup and IS-IS code is very stable so the risk of a bug with IS-IS is very limited! You need to set SYSLOG to log any OSPF routes popping up in the RIBs14 . 16. ISIS Troubleshooting We need to troubleshoot the previous problem with the routes to 10.0.0.3, 10.0.0.4, 10.0.0.6 and 10.0.0.7 learned by OSPF instead of ISIS. So we need to check IS-IS configuration of R3, R4, R- and R7. Actually These routers were not yet configured, so you see that this procedure is really seamless and transparent in the backbone. First, just make the Administrative distance of IS-IS better than OSPF and check both IPv4 and IPv6 Routing table. You should not see any OSPF routes anymore. Anyway if you do see an OSPF route it is very easy to identified the culprit. 14 Route Information Base or Routing table. © Fred Bovy EIRL. IPv6 For Life. Page 101
  • 16.ISIS Troubleshooting. Sunday, March 30, 2014 We have already seen the commands which are necessary to troubleshoot ISIS Protocol. Now we need to review the initialization Sequence and the basic management of the LSP Flooding. The IS-IS database is essential. You can check that each router has its Router LSP in our right level database: isisd# show isis database                   Area DEAD: IS­IS Level­2 link­state database: LSP ID                  PduLen  SeqNumber   Chksum  Holdtime  ATT/P/OL R1.00­00                  646   0x000000f6  0x6b66     683    0/0/0 R1.01­00                   63   0x00000003  0x86c0     609    0/0/0 R3.00­00                  624   0x000000f1  0x807c     710    0/0/0 R4.00­00                  635   0x000000f2  0xca5d     667    0/0/0 R5.00­00                  557   0x000000f8  0x74a5     654    0/0/0 isisd.00­00          *    120   0x000000d7  0x9757     598    0/0/0     6 LSPs isisd# show isis database R1.00­00  detail  Area DEAD: IS­IS Level­2 link­state database: LSP ID                  PduLen  SeqNumber   Chksum  Holdtime  ATT/P/OL R1.00­00                  646   0x000000f5  0x6d65     481    0/0/0   Area Address: 39.b000   Area Address: 39.c000   Area Address: 39.d000   NLPID       : 0xCC   NLPID       : 0x8E   Hostname    : R1   IPv4 Address: 10.0.0.1   Metric      : 10       IS            : R1.01   Metric      : 10       IS            : R5.00   Metric      : 10       IS            : R3.00   Metric      : 10       IS            : R4.00   Metric      : 10       IPv4­Internal : 10.0.1.0 255.255.255.252   Metric      : 10       IPv4­Internal : 10.0.1.4 255.255.255.252  [SNIP] We can see that R1 is connected to R5, R3, R4 and pseudo-node R1.01. So let's see the IS-IS LSP of R1.01. Remember the first byte digit is the pseudonode number and the second number is the fragment number. isisd# show isis database R1.01­00 detail  Area DEAD: IS­IS Level­2 link­state database: LSP ID                  PduLen  SeqNumber   Chksum  Holdtime  ATT/P/OL R1.01­00                   63   0x00000004  0x84c1    1178    0/0/0   Metric      : 0        IS            : R1.00   Metric      : 0        IS            : R4.00   Metric      : 0        IS            : isisd.00 © Fred Bovy EIRL. IPv6 For Life. Page 102
  • 16.ISIS Troubleshooting. Sunday, March 30, 2014 The pseudonode which is also the Network DIS15 is attached to R1, R4 and isisd which is the name of the Quagga process. 16.1 Optimization for GigabitEthernet P2P IS-IS sees interfaces as Broadcast or Point-to-Point. By Default, a GigabitEthernet is Broadcast. When you use it as a Point-to-point between two Routers, you should configure it for better performances. Be careful, If there is a mismatch IS-IS will not be Up. See example below. R4(config­if)#do show clns neighbor System Id      Interface   SNPA                State  Holdtime  Type Protocol R3             Gi1/0       ca07.1b4f.001c      Up     275       IS   ES­IS R7             Gi3/0       ca0b.1b64.0008      Up     9         L2   IS­IS R1             Gi0/0       ca05.1b4f.001c      Up     28        L2   IS­IS R5             Gi2/0       ca09.1b64.0038      Up     8         L2   IS­IS R4(config­if)#interface GigabitEthernet1/0 R4(config­if)#isis network point­to­point  R4#show clns neighbors  System Id      Interface   SNPA                State  Holdtime  Type Protocol R3             Gi1/0       ca07.1b4f.001c      Up     28        L2   IS­IS R7             Gi3/0       ca0b.1b64.0008      Up     9         L2   IS­IS R1             Gi0/0       ca05.1b4f.001c      Up     25        L2   IS­IS R5             Gi2/0       ca09.1b64.0038      Up     7         L2   IS­IS R4#show clns neighbors   Gi1/0    detail  System Id      Interface   SNPA                State  Holdtime  Type Protocol R3             Gi1/0       ca07.1b4f.001c      Up     24        L2   IS­IS   Area Address(es): 39.b000   IP Address(es):  10.0.1.18*   IPv6 Address(es): FE80::C807:1BFF:FE4F:1C   Uptime: 00:01:48   NSF capable Partial Initilalization of P2P16 Captured The CSNP17 gives a summary of each LSP in the Database, if the neighbor is missing or get an LSP18 which is too old it request a new one with a PSNP. No.     Time        Source                Destination           Protocol Length Info     166 157.864755  ca:07:1b:4f:00:1c     ISIS­all­level­2­IS's ISIS     310    L2 CSNP, Source­ID:  0000.0000.0003.00, Start LSP­ID: 0000.0000.0000.00­00, End LSP­ID: ffff.ffff.ffff.ff­ff Frame 166: 310 bytes on wire (2480 bits), 310 bytes captured (2480 bits) IEEE 802.3 Ethernet      Destination: ISIS­all­level­2­IS's (01:80:c2:00:00:15) 15 Designated Intermediate System 16 Point-to-point 17 Complete Sequence Number Packet 18 Link State Packet © Fred Bovy EIRL. IPv6 For Life. Page 103
  • 16.ISIS Troubleshooting. Sunday, March 30, 2014     Source: ca:07:1b:4f:00:1c (ca:07:1b:4f:00:1c)     Length: 296 Logical­Link Control     DSAP: ISO Network Layer (0xfe)     IG Bit: Individual     SSAP: ISO Network Layer (0xfe)     CR Bit: Command     Control field: U, func=UI (0x03) ISO 10589 ISIS InTRA Domain Routeing Information Exchange Protocol     Intra Domain Routing Protocol Discriminator: ISIS (0x83)     PDU Header Length: 33     Version (==1): 1     System ID Length: 0     PDU Type           : L2 CSNP (R:000)     Version2 (==1): 1     Reserved (==0): 0     Max.AREAs: (0==3): 0     ISO 10589 ISIS Complete Sequence Numbers Protocol Data Unit         PDU length: 293         Source­ID:    0000.0000.0003.00         Start LSP­ID: 0000.0000.0000.00­00         End LSP­ID: ffff.ffff.ffff.ff­ff         LSP entries (240)             LSP­ID: 0000.0000.0001.00­00, Sequence: 0x0000002f, Lifetime:   906s, Checksum: 0xc739             LSP­ID: 0000.0000.0003.00­00, Sequence: 0x0000002d, Lifetime:  1199s, Checksum: 0x5dff             LSP­ID: 0000.0000.0003.04­00, Sequence: 0x00000026, Lifetime:  1089s, Checksum: 0xb4fa             LSP­ID: 0000.0000.0004.00­00, Sequence: 0x00000030, Lifetime:  1198s, Checksum: 0xad2b             LSP­ID: 0000.0000.0004.01­00, Sequence: 0x00000025, Lifetime:   322s, Checksum: 0xd1df             LSP­ID: 0000.0000.0004.02­00, Sequence: 0x00000026, Lifetime:     0s, Checksum: 0x8848             LSP­ID: 0000.0000.0005.00­00, Sequence: 0x0000002b, Lifetime:   567s, Checksum: 0x6507             LSP­ID: 0000.0000.0005.01­00, Sequence: 0x00000027, Lifetime:  1055s, Checksum: 0x06a5             LSP­ID: 0000.0000.0005.02­00, Sequence: 0x00000026, Lifetime:   631s, Checksum: 0xcede             LSP­ID: 0000.0000.0005.03­00, Sequence: 0x00000026, Lifetime:   632s, Checksum: 0x1396             LSP­ID: 0000.0000.0006.00­00, Sequence: 0x00000023, Lifetime:  1005s, Checksum: 0x4375             LSP­ID: 0000.0000.0006.01­00, Sequence: 0x0000001f, Lifetime:   942s, Checksum: 0xe9c9             LSP­ID: 0000.0000.0006.02­00, Sequence: 0x0000001f, Lifetime:  1066s, Checksum: 0x4767             LSP­ID: 0000.0000.0007.00­00, Sequence: 0x00000022, Lifetime:   940s, Checksum: 0x1236             LSP­ID: 0000.0000.0007.01­00, Sequence: 0x0000001f, Lifetime:   656s, Checksum: 0x3b73         LSP entries (16)             LSP­ID: 0000.0000.0007.02­00, Sequence: 0x0000001f, Lifetime:  1089s, Checksum: 0x1b93 No.     Time        Source                Destination           Protocol Length Info     167 158.417844  ca:07:1b:4f:00:1c     ISIS­all­level­2­IS's ISIS     60     L2 PSNP,  Source­ID: 0000.0000.0003.00 Frame 167: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) IEEE 802.3 Ethernet      Destination: ISIS­all­level­2­IS's (01:80:c2:00:00:15)     Source: ca:07:1b:4f:00:1c (ca:07:1b:4f:00:1c)     Length: 38     Trailer: 0000000000000000 Logical­Link Control     DSAP: ISO Network Layer (0xfe)     IG Bit: Individual     SSAP: ISO Network Layer (0xfe)     CR Bit: Command     Control field: U, func=UI (0x03) ISO 10589 ISIS InTRA Domain Routeing Information Exchange Protocol     Intra Domain Routing Protocol Discriminator: ISIS (0x83)     PDU Header Length: 17     Version (==1): 1     System ID Length: 0     PDU Type           : L2 PSNP (R:000)     Version2 (==1): 1     Reserved (==0): 0 © Fred Bovy EIRL. IPv6 For Life. Page 104
  • 16.ISIS Troubleshooting. Sunday, March 30, 2014     Max.AREAs: (0==3): 0     ISO 10589 ISIS Partial Sequence Numbers Protocol Data Unit         PDU length: 35         Source­ID: 0000.0000.0003.00         LSP entries (16)             LSP­ID: 0000.0000.0004.00­00, Sequence: 0x00000030, Lifetime:  1198s, Checksum: 0xad2b No.     Time        Source                Destination           Protocol Length Info     168 158.427892  ca:08:1b:4f:00:1c     ISIS­all­level­2­IS's ISIS     60     L2 PSNP,  Source­ID: 0000.0000.0004.00 Frame 168: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) IEEE 802.3 Ethernet      Destination: ISIS­all­level­2­IS's (01:80:c2:00:00:15)     Source: ca:08:1b:4f:00:1c (ca:08:1b:4f:00:1c)     Length: 38     Trailer: 0000000000000000 Logical­Link Control     DSAP: ISO Network Layer (0xfe)     IG Bit: Individual     SSAP: ISO Network Layer (0xfe)     CR Bit: Command     Control field: U, func=UI (0x03) ISO 10589 ISIS InTRA Domain Routeing Information Exchange Protocol     Intra Domain Routing Protocol Discriminator: ISIS (0x83)     PDU Header Length: 17     Version (==1): 1     System ID Length: 0     PDU Type           : L2 PSNP (R:000)     Version2 (==1): 1     Reserved (==0): 0     Max.AREAs: (0==3): 0     ISO 10589 ISIS Partial Sequence Numbers Protocol Data Unit         PDU length: 35         Source­ID: 0000.0000.0004.00         LSP entries (16)             LSP­ID: 0000.0000.0003.00­00, Sequence: 0x0000002d, Lifetime:  1197s, Checksum: 0x5dff On a Broadcast LAN, only the DIS sends a CSNP on a regular time basis and all neighbors checks that they have the latest LSP and that the DIS got the latest LSPs from itself. 16.2 MP-BGP Checking Address-family IPv4 We check quickly the Routing table on R6 and see that the BGP routes are learned  by eBGP, the wrong AS: i L2    10.0.1.20/30 [115/20] via 10.2.0.5, GigabitEthernet2/0 B    202.3.8.0/24 [20/0] via 172.16.1.2, 3d06h B    202.3.9.0/24 [20/0] via 172.16.1.2, 3d06h R6>show bgp 202.3.9.0 BGP routing table entry for 202.3.9.0/24, version 132 Paths: (1 available, best #1, table Default­IP­Routing­Table)   Advertised to update­groups:         2 © Fred Bovy EIRL. IPv6 For Life. Page 105
  • 16.ISIS Troubleshooting. Sunday, March 30, 2014   64000     172.16.1.2 from 172.16.1.2 (10.0.0.8)       Origin incomplete, metric 0, localpref 100, valid, external, best This is wrong as we initially said in Volume 1 that the exit point should be AS 65000, AS 64000 should only be a fallback path in case of a problem. A quick look in the configuration of R7 and we find that the route-map to set the Local Preference was only applied to the IPv6 neighbor. Let's fix that: R7#conf t Enter configuration commands, one per line.  End with CNTL/Z. R7(config)#router bgp 100 R7(config­router)# address­family ipv4 R7(config­router­af)# neighbor 172.16.1.6 route­map setloc in router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 update­source Loopback0  neighbor 172.16.1.6 remote­as 65000  neighbor FE80::9%GigabitEthernet3/0 remote­as 65000  address­family ipv4   neighbor 10.0.0.5 activate   neighbor 10.0.0.5 next­hop­self   neighbor 172.16.1.6 activate   neighbor 172.16.1.6 route­map setloc in   no neighbor FE80::9%GigabitEthernet3/0 activate   no auto­summary   no synchronization  exit­address­family  !  address­family ipv6   neighbor 10.0.0.5 activate   neighbor 10.0.0.5 route­map fred out   neighbor FE80::9%GigabitEthernet3/0 activate   neighbor FE80::9%GigabitEthernet3/0 route­map setloc in  exit­address­family ! !          route­map setloc permit 10  set local­preference 150 ! route­map fred permit 10  set ipv6 next­hop 2001:DB8:678:B000::1 ! Now on R6: © Fred Bovy EIRL. IPv6 For Life. Page 106
  • 16.ISIS Troubleshooting. Sunday, March 30, 2014 R6>show bgp ipv4 unicast 202.3.9.0 BGP routing table entry for 202.3.9.0/24, version 212 Paths: (2 available, best #1, table Default­IP­Routing­Table)   Advertised to update­groups:         1   65000     10.0.0.7 (metric 30) from 10.0.0.5 (10.0.0.5)       Origin incomplete, metric 5, localpref 150, valid, internal, best       Originator: 10.0.0.7, Cluster list: 10.0.0.5   64000     172.16.1.2 from 172.16.1.2 (10.0.0.8)       Origin incomplete, metric 0, localpref 100, valid, external R6>show ip route 202.3.9.0 Routing entry for 202.3.9.0/24   Known via "bgp 100", distance 200, metric 5   Tag 65000, type internal   Last update from 10.0.0.7 00:15:16 ago   Routing Descriptor Blocks:   * 10.0.0.7, from 10.0.0.5, 00:15:16 ago       Route metric is 5, traffic share count is 1       AS Hops 1       Route tag 65000 In the Routing table Next-hop is 10.0.0.7 which is the loopback of R7, our Internet Gateway which connect to AS 65000. 10.0.0.5 is the BGP Route-Reflector from which we received the update. Address-family IPv6 Let's do the same checking for IPv6 using “show ipv6 route B” R6>show ipv6 route bgp  IPv6 Routing Table ­ Default ­ 32 entries Codes: C ­ Connected, L ­ Local, S ­ Static, U ­ Per­user Static route        B ­ BGP, M ­ MIPv6, R ­ RIP, I1 ­ ISIS L1        I2 ­ ISIS L2, IA ­ ISIS interarea, IS ­ ISIS summary, D ­ EIGRP        EX ­ EIGRP external        O ­ OSPF Intra, OI ­ OSPF Inter, OE1 ­ OSPF ext 1, OE2 ­ OSPF ext 2        ON1 ­ OSPF NSSA ext 1, ON2 ­ OSPF NSSA ext 2 B   2001:DB8:ABC0::/48 [200/0]      via 2001:DB8:678:B000::1 Looks good as [200/0] means Administrative distance 200 which is the default for iBGP routes. So R6 does not use the directly connected neighbor with Administrative distance 20 but the remote to exit via AS 65000, correct! R6>show bgp ipv6 unicast 2001:DB8:ABC0::/48 © Fred Bovy EIRL. IPv6 For Life. Page 107
  • 16.ISIS Troubleshooting. Sunday, March 30, 2014 BGP routing table entry for 2001:DB8:ABC0::/48, version 56 Paths: (2 available, best #1, table Default) Multipath: eBGP   Advertised to update­groups:         1   65000     2001:DB8:678:B000::1 (metric 30) from 10.0.0.5 (10.0.0.5)       Origin incomplete, metric 0, localpref 150, valid, internal, best       Originator: 10.0.0.7, Cluster list: 10.0.0.5   64000     2001:DB8:5A:F6::8 (FE80::C80C:1BFF:FE4F:1C) from 2001:DB8:5A:F6::8 (10.0.0.8)       Origin incomplete, metric 0, localpref 100, valid, external Let's check the Next-hop to make sure that CEF has been correctly initialized. We cannot inspect each entry but we can pick up 2 or 3 entries. R6>show ipv6 route 2001:DB8:678:B000::1   Routing entry for 2001:DB8:678:B000::1/128   Known via "isis fred", distance 115, metric 30, type level­2   Route count is 2/2, share count 0   Routing paths:     FE80::C805:1BFF:FE4F:70, GigabitEthernet1/0       Last updated 18:37:02 ago     FE80::C809:1BFF:FE64:70, GigabitEthernet2/0       Last updated 01:25:49 ago R6#show ipv6 cef  2001:DB8:678:B000::1/128 internal 2001:DB8:678:B000::1/128, epoch 0, RIB[I], refcount 5, per­destination sharing   sources: RIB    feature space:    IPRM: 0x00038000   ifnums:    GigabitEthernet1/0(6): FE80::C805:1BFF:FE4F:70    GigabitEthernet2/0(7): FE80::C809:1BFF:FE64:70   path 6825F8C4, path list 6825E710, share 1/1, type attached nexthop, for IPv6   nexthop FE80::C805:1BFF:FE4F:70 GigabitEthernet1/0, adjacency IPV6 adj out of GigabitEthernet1/0,  addr FE80::C805:1BFF:FE4F:70 (incomplete)   path 6825F850, path list 6825E710, share 1/1, type attached nexthop, for IPv6   nexthop FE80::C809:1BFF:FE64:70 GigabitEthernet2/0, adjacency IPV6 adj out of GigabitEthernet2/0,  addr FE80::C809:1BFF:FE64:70 66F19B80   output chain:     loadinfo 66EDB728, per­session, 2 choices, flags 0005, 11 locks     flags: Per­session, for­rx­IPv6     16 hash buckets       < 0 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 (incomplete)       < 1 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80       < 2 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 (incomplete)       < 3 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80       < 4 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 (incomplete)       < 5 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80       < 6 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 (incomplete)       < 7 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80       < 8 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 (incomplete) © Fred Bovy EIRL. IPv6 For Life. Page 108
  • 16.ISIS Troubleshooting. Sunday, March 30, 2014       < 9 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80       <10 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 (incomplete)       <11 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80       <12 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 (incomplete)       <13 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80       <14 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 (incomplete)       <15 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80     Subblocks:       In this case we do have a problem with the incomplete entry. Let's check the Adjacency which should be punt again! The workaround was not yet applied. It is fixed later on. R6#show adjacency  GigabitEthernet1/0 detail  Protocol Interface                 Address IP       GigabitEthernet1/0        10.2.0.1(36)                                    0 packets, 0 bytes                                    epoch 0                                    sourced in sev­epoch 0                                    Encap length 14                                    CA051B4F0070CA0A1B64001C0800                                    ARP IPV6     GigabitEthernet1/0        FE80::C805:1BFF:FE4F:70(31) (incomplete)                                    0 packets, 0 bytes                                    epoch 0                                    sourced in sev­epoch 2                                    punt (rate­limited) packets                                    no src set We need to check the connection on R6 Gig1/0. R6(config)#do show clns neighbor detail System Id      Interface   SNPA                State  Holdtime  Type Protocol R5             Gi2/0       ca09.1b64.0070      Up     21        L2   IS­IS   Area Address(es): 39.b000   IP Address(es):  10.2.0.5*   IPv6 Address(es): FE80::C809:1BFF:FE64:70   Uptime: 01:36:10   NSF capable R1             Gi1/0       ca05.1b4f.0070      Up     28        L2   IS­IS   Area Address(es): 39.b000   IP Address(es):  10.2.0.1*   IPv6 Address(es): FE80::C805:1BFF:FE4F:70   Uptime: 1d00h   NSF capable The IS-IS neighbor on R1 is UP for one day so the Interface looks pretty sane. © Fred Bovy EIRL. IPv6 For Life. Page 109
  • 16.ISIS Troubleshooting. Sunday, March 30, 2014 Try the usual troubleshooting already discussed many time and call CISCO TAC if you can or your CISCO dealer. Later I have rebooted the router and this has cleared the problem. © Fred Bovy EIRL. IPv6 For Life. Page 110
  • 17.Moving to Multiarea in the first Area. Sunday, March 30, 2014 17. Moving to Multiarea in the first Area This is very rare as most networks can run in one Area without any problems even with hundreds of routers! In the big Network you may need to read a few books like the CISCO Press “IS-IS Network Design Solution” which is a great book and make IS-IS very easy. As Level-1 Area are Totally Stubby speaking OSPF language, they only have the Area Local Routes and a default to the outside which will not be enough to resolve BGP Next- hop so Route Leaking will be necessary. 17.1 Migration to Multiarea Procedure. First we will configure the new Net on the Routers and configure th route leaking for the BGP Next hop from Level-2 to Level-1. We can also set static routes redistributed in BGP for the Next hop to make sure that it will be transparent for BGP. Let's check the Next-hops: © Fred Bovy EIRL. IPv6 For Life. Page 111 Illustration 13: IS-IS Multiarea
  • 17.Moving to Multiarea in the first Area. Sunday, March 30, 2014 R6>show ipv6 route bgp  IPv6 Routing Table ­ Default ­ 32 entries Codes: C ­ Connected, L ­ Local, S ­ Static, U ­ Per­user Static route        B ­ BGP, M ­ MIPv6, R ­ RIP, I1 ­ ISIS L1        I2 ­ ISIS L2, IA ­ ISIS interarea, IS ­ ISIS summary, D ­ EIGRP        EX ­ EIGRP external        O ­ OSPF Intra, OI ­ OSPF Inter, OE1 ­ OSPF ext 1, OE2 ­ OSPF ext 2        ON1 ­ OSPF NSSA ext 1, ON2 ­ OSPF NSSA ext 2 B   2001:DB8:ABC0::/48 [200/0]      via 2001:DB8:678:B000::1 R6>show ipv6 route 2001:DB8:678:B000::1 Routing entry for 2001:DB8:678:B000::1/128   Known via "isis fred", distance 115, metric 30, type level­2   Route count is 2/2, share count 0   Routing paths:     FE80::C805:1BFF:FE4F:70, GigabitEthernet1/0       Last updated 19:59:44 ago     FE80::C809:1BFF:FE64:70, GigabitEthernet2/0       Last updated 02:48:31 ago The same process must be repeated for R7, the other BGP Gateway. But now start with the IS-IS configuration. For IPv4 we need to leak 10.0.0.X routes from Level-2 to Level-1. For the border routers R1 and R5, here are the configs for IPv4 and the configuration for an interface and for the routing protocol, show clns neighbor check that we have a Level- 1 Adjacency with L6. 17.2 IS-IS Multiarea Configuration Configuring Multiarea on R1-R6-R5 We start with R1-R6-R5 IPv4 configuration. The same plan must be followed for R3-R4- R7. R1 Configuration ! interface Loopback0  ip address 10.0.0.1 255.255.255.255  ipv6 address 2001:DB8:678:9000::1/128 ! interface GigabitEthernet1/0  ip address 10.0.1.1 255.255.255.252  ip router isis fred © Fred Bovy EIRL. IPv6 For Life. Page 112
  • 17.Moving to Multiarea in the first Area. Sunday, March 30, 2014  negotiation auto  ipv6 address 2001:DB8:678:1::1/64  ipv6 router isis fred  isis circuit­type level­2­only  isis network point­to­point  ! interface GigabitEthernet2/0  ip address 10.0.1.9 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:3::1/64  ipv6 router isis fred  isis network point­to­point  ! interface GigabitEthernet3/0  ip address 10.0.1.5 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:2::1/64  ipv6 router isis fred  isis circuit­type level­2­only  isis network point­to­point  ! interface GigabitEthernet4/0  ip address 10.2.0.1 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:D004::7/64  ipv6 router isis fred  isis network point­to­point  ! router isis fred  net 39.b000.0000.0000.0001.00  net 39.c000.0000.0000.0001.00  redistribute isis ip level­2 into level­1 route­map leak  passive­interface Loopback0 ! router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 update­source Loopback0  !          address­family ipv4   neighbor 10.0.0.5 activate   no auto­summary   no synchronization  exit­address­family  !          address­family ipv6   neighbor 10.0.0.5 activate © Fred Bovy EIRL. IPv6 For Life. Page 113
  • 17.Moving to Multiarea in the first Area. Sunday, March 30, 2014  exit­address­family !          ! access­list 1 permit 10.0.0.0 0.0.0.255 ! route­map leak permit 10  match ip address 1 ! R5 Configuration ! interface Loopback0  ip address 10.0.0.5 255.255.255.255  ipv6 address 2001:DB8:678:9005::5/128 ! interface GigabitEthernet1/0  ip address 10.0.1.10 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:3::5/64  ipv6 router isis fred  isis network point­to­point  ! interface GigabitEthernet2/0  ip address 10.0.1.14 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:22::5/64  ipv6 router isis fred  isis circuit­type level­2­only  isis network point­to­point  !          interface GigabitEthernet3/0  ip address 10.0.1.22 255.255.255.252  ip router isis fred  duplex full  speed 1000  media­type gbic  negotiation auto  ipv6 address 2001:DB8:678:33::5/64  ipv6 router isis fred  isis circuit­type level­2­only  isis network point­to­point  ! interface GigabitEthernet4/0  ip address 10.2.0.5 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:D005::5/64 © Fred Bovy EIRL. IPv6 For Life. Page 114
  • 17.Moving to Multiarea in the first Area. Sunday, March 30, 2014  ipv6 router isis fred  isis network point­to­point  ! router isis fred  net 39.b000.0000.0000.0005.00  net 39.c000.0000.0000.0005.00  redistribute isis ip level­2 into level­1 route­map leak  passive­interface Loopback0 router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.1 remote­as 100  neighbor 10.0.0.1 update­source Loopback0  neighbor 10.0.0.3 remote­as 100  neighbor 10.0.0.3 update­source Loopback0  neighbor 10.0.0.4 remote­as 100  neighbor 10.0.0.4 update­source Loopback0  neighbor 10.0.0.6 remote­as 100  neighbor 10.0.0.6 update­source Loopback0  neighbor 10.0.0.7 remote­as 100  neighbor 10.0.0.7 update­source Loopback0  !  address­family ipv4   neighbor 10.0.0.1 activate   neighbor 10.0.0.1 route­reflector­client   neighbor 10.0.0.3 activate   neighbor 10.0.0.3 route­reflector­client   neighbor 10.0.0.4 activate   neighbor 10.0.0.4 route­reflector­client   neighbor 10.0.0.6 activate   neighbor 10.0.0.6 route­reflector­client   neighbor 10.0.0.7 activate   neighbor 10.0.0.7 route­reflector­client   no auto­summary   no synchronization  exit­address­family  !  address­family ipv6   neighbor 10.0.0.1 activate   neighbor 10.0.0.1 route­reflector­client   neighbor 10.0.0.3 activate   neighbor 10.0.0.3 route­reflector­client   neighbor 10.0.0.4 activate   neighbor 10.0.0.4 route­reflector­client   neighbor 10.0.0.6 activate   neighbor 10.0.0.6 route­reflector­client   neighbor 10.0.0.7 activate   neighbor 10.0.0.7 route­reflector­client   no synchronization   maximum­paths 2  exit­address­family © Fred Bovy EIRL. IPv6 For Life. Page 115
  • 17.Moving to Multiarea in the first Area. Sunday, March 30, 2014 ! ! access­list 1 permit 10.0.0.0 0.0.0.255 ! route­map leak permit 10  match ip address 1 ! R6 Configuration interface Loopback0  ip address 10.0.0.6 255.255.255.255  ipv6 address 2001:DB8:678:C000::6/128 ! interface GigabitEthernet1/0  ip address 10.2.0.2 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:D004::6/64  ipv6 router isis fred  isis network point­to­point  ! interface GigabitEthernet2/0  ip address 10.2.0.6 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:D005::6/64  ipv6 router isis fred  isis network point­to­point  ! interface GigabitEthernet3/0  ip address 172.16.1.1 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:5A:F6::6/64  ipv6 router isis fred  isis network point­to­point   isis csnp­interval 10 !          router isis fred  net 39.c000.0000.0000.0006.00  is­type level­1  passive­interface Loopback0 !          !          router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 update­source Loopback0  neighbor 2001:DB8:5A:F6::8 remote­as 64000 © Fred Bovy EIRL. IPv6 For Life. Page 116
  • 17.Moving to Multiarea in the first Area. Sunday, March 30, 2014  neighbor 172.16.1.2 remote­as 64000  !          address­family ipv4   neighbor 10.0.0.5 activate   neighbor 10.0.0.5 next­hop­self   no neighbor 2001:DB8:5A:F6::8 activate   neighbor 172.16.1.2 activate   no auto­summary   no synchronization  exit­address­family  !  address­family ipv6   neighbor 10.0.0.5 activate   neighbor 10.0.0.5 route­map fred out   neighbor 2001:DB8:5A:F6::8 activate   no synchronization   maximum­paths 2  exit­address­family ! !          route­map fred permit 10  set ipv6 next­hop 2001:DB8:678:C000::6 18. Checking configuration 18.1 Checking R5-R6-R1 show clns neighbors R5#show clns neighbors  System Id      Interface   SNPA                State  Holdtime  Type Protocol R1             Gi1/0       ca05.1b4f.0038      Up     27        L1L2 IS­IS R3             Gi0/0       ca07.1b4f.0038      Up     23        L2   IS­IS R6             Gi4/0       ca0a.1b64.0038      Up     24        L1   IS­IS R4             Gi2/0       ca08.1b4f.0038      Up     29        L2   IS­IS We could also use R5#show isis neighbors  System Id      Type Interface   IP Address      State Holdtime Circuit Id R1             L1L2 Gi1/0       10.0.1.9        UP    22       02 R3             L2   Gi0/0       10.0.1.21       UP    22       02 R6             L1   Gi4/0       10.2.0.6        UP    23       01 R4             L2   Gi2/0       10.0.1.13       UP    23       03 From IS-IS it's OK. Lee's check R6 IPv4 the Routing table: © Fred Bovy EIRL. IPv6 For Life. Page 117
  • 18.Checking configuration . Sunday, March 30, 2014 Gateway of last resort is 10.2.0.1 to network 0.0.0.0 B    202.3.6.0/24 [200/5] via 10.0.0.7, 01:05:08 B    202.3.7.0/24 [200/5] via 10.0.0.7, 01:05:08 B    202.3.4.0/24 [200/5] via 10.0.0.7, 01:05:08 B    202.3.5.0/24 [200/5] via 10.0.0.7, 01:05:08 B    202.3.2.0/24 [200/5] via 10.0.0.7, 01:05:08 B    202.3.3.0/24 [200/5] via 10.0.0.7, 01:05:08 B    202.3.0.0/24 [200/5] via 10.0.0.7, 01:05:08      172.16.0.0/30 is subnetted, 1 subnets C       172.16.1.0 is directly connected, GigabitEthernet3/0 B    202.3.1.0/24 [200/5] via 10.0.0.7, 01:05:08      10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks i L1    10.0.1.8/30 [115/20] via 10.2.0.1, GigabitEthernet1/0 C       10.2.0.0/30 is directly connected, GigabitEthernet1/0 i ia    10.0.0.3/32 [115/148] via 10.2.0.1, GigabitEthernet1/0 i L1    10.0.0.1/32 [115/10] via 10.2.0.1, GigabitEthernet1/0 C       10.2.0.4/30 is directly connected, GigabitEthernet2/0 C       10.0.0.6/32 is directly connected, Loopback0 i ia    10.0.0.7/32 [115/158] via 10.2.0.1, GigabitEthernet1/0 i ia    10.0.0.4/32 [115/148] via 10.2.0.1, GigabitEthernet1/0 i L1    10.0.0.5/32 [115/20] via 10.2.0.1, GigabitEthernet1/0 B    202.3.8.0/24 [200/5] via 10.0.0.7, 01:05:08 B    202.3.9.0/24 [200/5] via 10.0.0.7, 01:05:08 i*L1 0.0.0.0/0 [115/10] via 10.2.0.1, GigabitEthernet1/0 R6#  IPv4 Routing table is OK. We have a route to all core routers loopback 10.0.0.X. Let's check IPv6 Routing table now: Show ipv6 route R6# show ipv6 route IPv6 Routing Table ­ Default ­ 23 entries Codes: C ­ Connected, L ­ Local, S ­ Static, U ­ Per­user Static route        B ­ BGP, M ­ MIPv6, R ­ RIP, I1 ­ ISIS L1        I2 ­ ISIS L2, IA ­ ISIS interarea, IS ­ ISIS summary, D ­ EIGRP        EX ­ EIGRP external        O ­ OSPF Intra, OI ­ OSPF Inter, OE1 ­ OSPF ext 1, OE2 ­ OSPF ext 2        ON1 ­ OSPF NSSA ext 1, ON2 ­ OSPF NSSA ext 2 I1  ::/0 [115/10]      via FE80::C805:1BFF:FE4F:70, GigabitEthernet1/0 C   2001:DB8:5A:F6::/64 [0/0]      via GigabitEthernet3/0, directly connected L   2001:DB8:5A:F6::6/128 [0/0]      via GigabitEthernet3/0, receive I1  2001:DB8:678:3::/64 [115/20]      via FE80::C805:1BFF:FE4F:70, GigabitEthernet1/0 I1  2001:DB8:678:9000::1/128 [115/10] © Fred Bovy EIRL. IPv6 For Life. Page 118
  • 18.Checking configuration . Sunday, March 30, 2014      via FE80::C805:1BFF:FE4F:70, GigabitEthernet1/0 I1  2001:DB8:678:9005::5/128 [115/20]      via FE80::C805:1BFF:FE4F:70, GigabitEthernet1/0 LC  2001:DB8:678:C000::6/128 [0/0]      via Loopback0, receive C   2001:DB8:678:D004::/64 [0/0]      via GigabitEthernet1/0, directly connected L   2001:DB8:678:D004::6/128 [0/0]      via GigabitEthernet1/0, receive C   2001:DB8:678:D005::/64 [0/0]      via GigabitEthernet2/0, directly connected L   2001:DB8:678:D005::6/128 [0/0]      via GigabitEthernet2/0, receive B   2001:DB8:ABC0::/48 [200/0]      via 2001:DB8:678:B000::1 B   2001:DB8:ABC1::/48 [200/0]      via 2001:DB8:678:B000::1 B   2001:DB8:ABC2::/48 [200/0]      via 2001:DB8:678:B000::1 B   2001:DB8:ABC3::/48 [200/0]      via 2001:DB8:678:B000::1 B   2001:DB8:ABC4::/48 [200/0]      via 2001:DB8:678:B000::1 B   2001:DB8:ABC5::/48 [200/0]      via 2001:DB8:678:B000::1 B   2001:DB8:ABC6::/48 [200/0]      via 2001:DB8:678:B000::1 B   2001:DB8:ABC7::/48 [200/0]      via 2001:DB8:678:B000::1 B   2001:DB8:ABC8::/48 [200/0]      via 2001:DB8:678:B000::1 B   2001:DB8:ABC9::/48 [200/0]      via 2001:DB8:678:B000::1 B   2001:DB8:ABCA::/48 [200/0]      via 2001:DB8:678:B000::1 L   FF00::/8 [0/0]      via Null0, receive Display R1 and R5 LSPs on R6 R6#show isis database R1.00­00  detail  IS­IS Level­1 LSP R1.00­00 LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL R1.00­00              0x00000014   0x49C8        594               1/0/0   Area Address: 39.b000   Area Address: 39.c000   NLPID:        0xCC 0x8E    Hostname: R1 © Fred Bovy EIRL. IPv6 For Life. Page 119
  • 18.Checking configuration . Sunday, March 30, 2014   IP Address:   10.0.0.1   Metric: 10         IP 10.0.1.8 255.255.255.252   Metric: 10         IP 10.2.0.0 255.255.255.252   Metric: 0          IP 10.0.0.1 255.255.255.255   IPv6 Address: 2001:DB8:678:9000::1   Metric: 10         IPv6 2001:DB8:678:3::/64   Metric: 10         IPv6 2001:DB8:678:D004::/64   Metric: 0          IPv6 2001:DB8:678:9000::1/128   Metric: 10         IS R5.00   Metric: 10         IS R6.00   Metric: 138        IP­Interarea 10.0.0.3 255.255.255.255   Metric: 138        IP­Interarea 10.0.0.4 255.255.255.255   Metric: 148        IP­Interarea 10.0.0.7 255.255.255.255 R6#show isis database R5.00­00  detail  IS­IS Level­1 LSP R5.00­00 LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL R5.00­00              0x00000014   0xE509        644               1/0/0   Area Address: 39.b000   Area Address: 39.c000   NLPID:        0xCC 0x8E    Hostname: R5   IP Address:   10.0.0.5   Metric: 10         IP 10.0.1.8 255.255.255.252   Metric: 10         IP 10.2.0.4 255.255.255.252   Metric: 0          IP 10.0.0.5 255.255.255.255   IPv6 Address: 2001:DB8:678:9005::5   Metric: 10         IPv6 2001:DB8:678:3::/64   Metric: 10         IPv6 2001:DB8:678:D005::/64   Metric: 0          IPv6 2001:DB8:678:9005::5/128   Metric: 10         IS R1.00   Metric: 10         IS R6.00   Metric: 138        IP­Interarea 10.0.0.3 255.255.255.255   Metric: 138        IP­Interarea 10.0.0.4 255.255.255.255   Metric: 148        IP­Interarea 10.0.0.7 255.255.255.255 18.2 Configuring Multiarea on R3-R7-R4 R4(config)#router isis fred R4(config­router)#is­type level­1­2 R3(config­router)#net 39.d000.0000.0000.0004.00  R3(config­router)#router isis fred R3(config­router)#is­type level­1­2 R3(config­router)#net 39.d000.0000.0000.0003.00 © Fred Bovy EIRL. IPv6 For Life. Page 120
  • 18.Checking configuration . Sunday, March 30, 2014 R7(config)#router isis fred R7(config­router)# net 39.d000.0000.0000.0007.00 R7(config­router)#no net 39.b000.0000.0000.0007.00 R7(config­router)#is­type level­1 R4(config­router)#do show clns  neighbor System Id      Interface   SNPA                State  Holdtime  Type Protocol R7             Gi3/0       ca0b.1b64.0008      Up     23        L1   IS­IS R3             Gi1/0       ca07.1b4f.001c      Up     24        L1L2 IS­IS R5             Gi2/0       ca09.1b64.0038      Up     26        L2   IS­IS R1             Gi0/0       ca05.1b4f.001c      Up     26        L2   IS­IS R4(config­router)#int gig2/0 R4(config­if)#isis circuit­type Level­2­only  R4(config­if)#int gig0/0                      R4(config­if)#isis circuit­type Level­2­only  R3#show clns neighborq Area fred: System Id      Interface   SNPA                State  Holdtime  Type Protocol R7             Gi0/0       ca0b.1b64.001c      Up     276       IS   ES­IS R4             Gi1/0       ca08.1b4f.001c      Up     23        L1L2 IS­IS R1             Gi3/0       ca05.1b4f.0054      Up     23        L2   IS­IS R5             Gi2/0       ca09.1b64.0008      Up     28        L2   IS­IS Area null: System Id      Interface   SNPA                State  Holdtime  Type Protocol R3#conf t Enter configuration commands, one per line.  End with CNTL/Z. R3(config)#int G3/0 R3(config­if)#isis circuit Level­2­only  R3(config­if)#int G2/0                   R3(config­if)#isis circuit Level­2­only  Configure Route Leaking for Loopbacks R4# conf t Enter configuration commands, one per line.  End with CNTL/Z. R4(config)#access­list 1 permit 10.0.0.0 0.0.0.255     R4(config)#route­map leak permit R4(config­route­map)#match ip address 1 R4(config­route­map)#router isis fred R4(config­router)# redistribute isis ip level­2 into level­1 route­map leak R4(config­router)# R3#conf t © Fred Bovy EIRL. IPv6 For Life. Page 121
  • 18.Checking configuration . Sunday, March 30, 2014 Enter configuration commands, one per line.  End with CNTL/Z. R3(config)#access­list 1 permit 10.0.0.0 0.0.0.255     R3(config)#route­map leak permit  R3(config­route­map)#match ip address 1 R3(config­route­map)#router isis fred R3(config­router)#redistribute isis ip level­2 into level­1 route­map leak 19. Checking the migration 19.1 Check IS-IS Use show clns neighbor as usual. 19.2 show ip route R7#show ip route Codes: C ­ connected, S ­ static, R ­ RIP, M ­ mobile, B ­ BGP        D ­ EIGRP, EX ­ EIGRP external, O ­ OSPF, IA ­ OSPF inter area         N1 ­ OSPF NSSA external type 1, N2 ­ OSPF NSSA external type 2        E1 ­ OSPF external type 1, E2 ­ OSPF external type 2        i ­ IS­IS, su ­ IS­IS summary, L1 ­ IS­IS level­1, L2 ­ IS­IS level­2        ia ­ IS­IS inter area, * ­ candidate default, U ­ per­user static route        o ­ ODR, P ­ periodic downloaded static route Gateway of last resort is 10.1.0.1 to network 0.0.0.0      10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks i L1    10.0.0.3/32 [115/20] via 10.1.0.1, GigabitEthernet0/0 C       10.1.0.0/30 is directly connected, GigabitEthernet0/0 i ia    10.0.0.1/32 [115/148] via 10.1.0.1, GigabitEthernet0/0 C       10.0.0.7/32 is directly connected, Loopback0 i L1    10.0.0.4/32 [115/10] via 10.1.0.1, GigabitEthernet0/0 C       10.1.0.4/30 is directly connected, GigabitEthernet1/0 i ia    10.0.0.5/32 [115/148] via 10.1.0.1, GigabitEthernet0/0 i L1    10.0.1.16/30 [115/20] via 10.1.0.1, GigabitEthernet0/0 i*L1 0.0.0.0/0 [115/10] via 10.1.0.1, GigabitEthernet0/0 19.2 show bgp connection to the RR R5#show bgp ipv6 unicast summary BGP router identifier 10.0.0.5, local AS number 100 BGP table version is 133, main routing table version 133 Neighbor        V          AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd 10.0.0.1        4        100    5428    5481      133    0    0 23:11:38        0 10.0.0.3        4        100    5457    5511      133    0    0 23:07:45        0 10.0.0.4        4        100    5457    5512      133    0    0 23:07:11        0 © Fred Bovy EIRL. IPv6 For Life. Page 122
  • 19.Checking the migration. Sunday, March 30, 2014 10.0.0.6        4        100    5499    5504        0    0    0 00:24:56 Active 10.0.0.7        4        100    5500    5567      133    0    0 00:13:01        0 We have lost BGP connection from the BGP RR to the BGP Gateway 10.0.0.6! 19.3 Checking IS-IS R5#show clns neighbors detail  System Id      Interface   SNPA                State  Holdtime  Type Protocol R6             Gi4/0       ca0a.1b64.0038      Up     23        L1   IS­IS   Area Address(es): 39.c000   IP Address(es):  10.2.0.6*   IPv6 Address(es): FE80::C80A:1BFF:FE64:38   Uptime: 00:30:34   NSF capable R6#show clns neighbors  System Id      Interface   SNPA                State  Holdtime  Type Protocol R5             Gi2/0       ca09.1b64.0070      Up     25        L1   IS­IS R1             Gi1/0       ca05.1b4f.0070      Up     26        L1   IS­IS IS-IS neighbor OK from R6! R6#show ip route isis  No IS-IS Route on R6! R6#show isis database  IS­IS Level­1 Link State Database: LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL R6.00­00            * 0x00000012   0x924F        584               0/0/0 R6# 19.4 Troubleshooting a bug ISIS Database is empty on R6! IS-IS neighbors are OK... R6#show isis database  IS­IS Level­1 Link State Database: LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL R6.00­00            * 0x00000012   0x924F        584               0/0/0 R6#show clns neighbors  © Fred Bovy EIRL. IPv6 For Life. Page 123
  • 19.Checking the migration. Sunday, March 30, 2014 System Id      Interface   SNPA                State  Holdtime  Type Protocol R5             Gi2/0       ca09.1b64.0070      Up     25        L1   IS­IS R1             Gi1/0       ca05.1b4f.0070      Up     26        L1   IS­IS The good old troubleshooting method when all is OK but you don't get the expected result. Toggle the interface! R6#conf t Enter configuration commands, one per line.  End with CNTL/Z. R6(config)#int g2/0 R6(config­if)#shut  R6(config­if)#no shut R6(config­if)#int g1/0 R6(config­if)#shut R6(config­if)#   *Mar 19 23:14:49.874: %LINK­5­CHANGED: Interface GigabitEthernet1/0, changed state to  administratively down *Mar 19 23:14:50.874: %LINEPROTO­5­UPDOWN: Line protocol on Interface GigabitEthernet1/0,  changed state to downno shut R6(config­if)# *Mar 19 23:14:55.722: %LINK­3­UPDOWN: Interface GigabitEthernet1/0, changed state to up *Mar 19 23:14:56.722: %LINEPROTO­5­UPDOWN: Line protocol on Interface GigabitEthernet1/0,  changed state to up R6(config­if)#^Z R6#show clns neighbors  *Mar 19 23:15:01.454: %SYS­5­CONFIG_I: Configured from console by console System Id      Interface   SNPA                State  Holdtime  Type Protocol R1             Gi1/0       ca05.1b4f.0070      Up     28        L1   IS­IS R5             Gi2/0       ca09.1b64.0070      Up     23        L1   IS­IS R6#show isis database IS­IS Level­1 Link State Database: LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL R1.00­00              0x0000001F   0x28DE        1196              1/0/0 R5.00­00              0x0000001F   0x984B        1187              1/0/0 R6.00­00            * 0x00000018   0xB229        1194              0/0/0 R6# *Mar 19 23:15:13.538: %BGP­5­ADJCHANGE: neighbor 10.0.0.5 Up  R6#show ip route isis       10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks i L1    10.0.1.8/30 [115/20] via 10.2.0.5, GigabitEthernet2/0                     [115/20] via 10.2.0.1, GigabitEthernet1/0 i ia    10.0.0.3/32 [115/148] via 10.2.0.5, GigabitEthernet2/0                     [115/148] via 10.2.0.1, GigabitEthernet1/0 i L1    10.0.0.1/32 [115/10] via 10.2.0.1, GigabitEthernet1/0 i ia    10.0.0.7/32 [115/158] via 10.2.0.5, GigabitEthernet2/0                     [115/158] via 10.2.0.1, GigabitEthernet1/0 i ia    10.0.0.4/32 [115/148] via 10.2.0.5, GigabitEthernet2/0 © Fred Bovy EIRL. IPv6 For Life. Page 124
  • 19.Checking the migration. Sunday, March 30, 2014                     [115/148] via 10.2.0.1, GigabitEthernet1/0 i L1    10.0.0.5/32 [115/10] via 10.2.0.5, GigabitEthernet2/0 i*L1 0.0.0.0/0 [115/10] via 10.2.0.5, GigabitEthernet2/0                [115/10] via 10.2.0.1, GigabitEthernet1/0 19.4 Check BGP Resiliency IPv4 Routing table is OK! Now Let's bring up the other Internet Gateway Interface on R7. R6#show ip route bgp  B    202.3.6.0/24 [20/0] via 172.16.1.2, 00:34:16 B    202.3.7.0/24 [20/0] via 172.16.1.2, 00:34:16 B    202.3.4.0/24 [20/0] via 172.16.1.2, 00:34:16 B    202.3.5.0/24 [20/0] via 172.16.1.2, 00:34:16 B    202.3.2.0/24 [20/0] via 172.16.1.2, 00:34:16 B    202.3.3.0/24 [20/0] via 172.16.1.2, 00:34:16 B    202.3.0.0/24 [20/0] via 172.16.1.2, 00:34:16 B    202.3.1.0/24 [20/0] via 172.16.1.2, 00:34:16 B    202.3.8.0/24 [20/0] via 172.16.1.2, 00:34:16 B    202.3.9.0/24 [20/0] via 172.16.1.2, 00:34:16 R7#conf t Enter configuration commands, one per line.  End with CNTL/Z. R7(config)#int g3/0 R7(config­if)#no shut R6#show ip route bgp  B    202.3.6.0/24 [200/5] via 10.0.0.7, 00:01:55 B    202.3.7.0/24 [200/5] via 10.0.0.7, 00:01:55 B    202.3.4.0/24 [200/5] via 10.0.0.7, 00:01:55 B    202.3.5.0/24 [200/5] via 10.0.0.7, 00:01:55 B    202.3.2.0/24 [200/5] via 10.0.0.7, 00:01:55 B    202.3.3.0/24 [200/5] via 10.0.0.7, 00:01:55 B    202.3.0.0/24 [200/5] via 10.0.0.7, 00:01:55 B    202.3.1.0/24 [200/5] via 10.0.0.7, 00:01:55 B    202.3.8.0/24 [200/5] via 10.0.0.7, 00:01:55 B    202.3.9.0/24 [200/5] via 10.0.0.7, 00:01:55 R6# Which is OK !Let's check IPv6 now! R6#show ipv6 route IPv6 Routing Table ­ Default ­ 23 entries Codes: C ­ Connected, L ­ Local, S ­ Static, U ­ Per­user Static route        B ­ BGP, M ­ MIPv6, R ­ RIP, I1 ­ ISIS L1        I2 ­ ISIS L2, IA ­ ISIS interarea, IS ­ ISIS summary, D ­ EIGRP        EX ­ EIGRP external © Fred Bovy EIRL. IPv6 For Life. Page 125
  • 19.Checking the migration. Sunday, March 30, 2014        O ­ OSPF Intra, OI ­ OSPF Inter, OE1 ­ OSPF ext 1, OE2 ­ OSPF ext 2        ON1 ­ OSPF NSSA ext 1, ON2 ­ OSPF NSSA ext 2 I1  ::/0 [115/10]      via FE80::C809:1BFF:FE64:70, GigabitEthernet2/0      via FE80::C805:1BFF:FE4F:70, GigabitEthernet1/0 C   2001:DB8:5A:F6::/64 [0/0]      via GigabitEthernet3/0, directly connected L   2001:DB8:5A:F6::6/128 [0/0]      via GigabitEthernet3/0, receive I1  2001:DB8:678:3::/64 [115/20]      via FE80::C809:1BFF:FE64:70, GigabitEthernet2/0      via FE80::C805:1BFF:FE4F:70, GigabitEthernet1/0 I1  2001:DB8:678:9000::1/128 [115/10]      via FE80::C805:1BFF:FE4F:70, GigabitEthernet1/0 I1  2001:DB8:678:9005::5/128 [115/10]      via FE80::C809:1BFF:FE64:70, GigabitEthernet2/0 LC  2001:DB8:678:C000::6/128 [0/0]      via Loopback0, receive C   2001:DB8:678:D004::/64 [0/0]      via GigabitEthernet1/0, directly connected L   2001:DB8:678:D004::6/128 [0/0]      via GigabitEthernet1/0, receive C   2001:DB8:678:D005::/64 [0/0]      via GigabitEthernet2/0, directly connected L   2001:DB8:678:D005::6/128 [0/0]      via GigabitEthernet2/0, receive B   2001:DB8:ABC0::/48 [200/0]      via 2001:DB8:678:B000::1 B   2001:DB8:ABC1::/48 [200/0]      via 2001:DB8:678:B000::1 B   2001:DB8:ABC2::/48 [200/0]      via 2001:DB8:678:B000::1 B   2001:DB8:ABC3::/48 [200/0]      via 2001:DB8:678:B000::1 B   2001:DB8:ABC4::/48 [200/0]      via 2001:DB8:678:B000::1 B   2001:DB8:ABC5::/48 [200/0]      via 2001:DB8:678:B000::1 B   2001:DB8:ABC6::/48 [200/0]      via 2001:DB8:678:B000::1 B   2001:DB8:ABC7::/48 [200/0] [snip] 19.5 Inspect IS-IS Database Level 1 Databases. R6>sh isis database  IS­IS Level­1 Link State Database: © Fred Bovy EIRL. IPv6 For Life. Page 126
  • 19.Checking the migration. Sunday, March 30, 2014 LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL R1.00­00              0x0000002B   0x1BDF        1010              1/0/0 R5.00­00              0x00000027   0xD8F8        1058              1/0/0 R6.00­00            * 0x0000000B   0xA048        1183              0/0/0 R1 and R5 have the ATTached bit set meaning they connect to the backbone Area. The Level-1 routers set a default route to the Level-1 routers with the ATTached bit set. R6# show isis database R5.00­00 detail  IS­IS Level­1 LSP R5.00­00 LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL R5.00­00              0x00000020   0x964C        877               1/0/0   Area Address: 39.b000   Area Address: 39.c000   NLPID:        0xCC 0x8E    Hostname: R5   IP Address:   10.0.0.5   Metric: 10         IP 10.0.1.8 255.255.255.252   Metric: 10         IP 10.2.0.4 255.255.255.252   Metric: 0          IP 10.0.0.5 255.255.255.255   IPv6 Address: 2001:DB8:678:9005::5   Metric: 10         IPv6 2001:DB8:678:3::/64   Metric: 10         IPv6 2001:DB8:678:D005::/64   Metric: 0          IPv6 2001:DB8:678:9005::5/128   Metric: 10         IS R6.00   Metric: 10         IS R1.00   Metric: 138        IP­Interarea 10.0.0.3 255.255.255.255   Metric: 138        IP­Interarea 10.0.0.4 255.255.255.255   Metric: 148        IP­Interarea 10.0.0.7 255.255.255.255 R6 and R7 are Level-1 only routers.So these are Lével 1 entry Routers LSP. So if we look at R5 Level-1 LSP from L6, it only sees R6 and R1. It has the ATTached bit meaning that it is connected to the Backbone Area. R6>sh isis data R6.00­00 detail  IS­IS Level­1 LSP R6.00­00 LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL R6.00­00            * 0x0000000A   0xA247        923               0/0/0   Area Address: 39.c000   NLPID:        0xCC 0x8E    Hostname: R6   IP Address:   10.0.0.6   Metric: 10         IP 10.2.0.0 255.255.255.252   Metric: 10         IP 10.2.0.4 255.255.255.252   Metric: 10         IP 172.16.1.0 255.255.255.252   Metric: 0          IP 10.0.0.6 255.255.255.255 © Fred Bovy EIRL. IPv6 For Life. Page 127
  • 19.Checking the migration. Sunday, March 30, 2014   IPv6 Address: 2001:DB8:678:C000::6   Metric: 10         IPv6 2001:DB8:678:D004::/64   Metric: 10         IPv6 2001:DB8:678:D005::/64   Metric: 10         IPv6 2001:DB8:5A:F6::/64   Metric: 0          IPv6 2001:DB8:678:C000::6/128   Metric: 10         IS R5.00   Metric: 10         IS R1.00 Level 2 Database R5#show isis database level­2 IS­IS Level­2 Link State Database: LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL R1.00­00              0x00000012   0xDA7A        726               0/0/0 R3.00­00              0x00000016   0x9EE1        1031              0/0/0 R4.00­00              0x00000016   0xACED        1088              0/0/0 R5.00­00            * 0x00000014   0xE3EF        1033              0/0/0 R5# R5#show isis database level­2 R1.00­00 IS­IS Level­2 LSP R1.00­00 LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL R1.00­00              0x00000012   0xDA7A        696               0/0/0 R5#show isis database level­2 R1.00­00 det IS­IS Level­2 LSP R1.00­00 LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL R1.00­00              0x00000012   0xDA7A        692               0/0/0   Area Address: 39.b000   Area Address: 39.c000   NLPID:        0xCC 0x8E    Hostname: R1   IP Address:   10.0.0.1   Metric: 10         IP 10.0.1.0 255.255.255.252   Metric: 10         IP 10.0.1.4 255.255.255.252   IPv6 Address: 2001:DB8:678:9000::1   Metric: 10         IPv6 2001:DB8:678:1::/64   Metric: 10         IPv6 2001:DB8:678:2::/64   Metric: 10         IS R4.00   Metric: 10         IS R3.00   Metric: 10         IS R5.00   Metric: 0          IP 10.0.0.1 255.255.255.255   Metric: 10         IP 10.0.0.5 255.255.255.255 © Fred Bovy EIRL. IPv6 For Life. Page 128
  • 19.Checking the migration. Sunday, March 30, 2014   Metric: 10         IP 10.0.0.6 255.255.255.255   Metric: 10         IP 10.0.1.8 255.255.255.252   Metric: 10         IP 10.2.0.0 255.255.255.252   Metric: 20         IP 10.2.0.4 255.255.255.252   Metric: 20         IP 172.16.1.0 255.255.255.252   Metric: 20         IPv6 2001:DB8:5A:F6::/64   Metric: 10         IPv6 2001:DB8:678:3::/64   Metric: 0          IPv6 2001:DB8:678:9000::1/128   Metric: 10         IPv6 2001:DB8:678:9005::5/128   Metric: 10         IPv6 2001:DB8:678:C000::6/128   Metric: 10         IPv6 2001:DB8:678:D004::/64   Metric: 20         IPv6 2001:DB8:678:D005::/64 Below the highlighted addresses are the Router Loopback address. In red are the Topology Information, our Level-2 neighbors. R5#show isis database level­2 R3.00­00 det IS­IS Level­2 LSP R3.00­00 LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL R3.00­00              0x00000016   0x9EE1        905               0/0/0   Area Address: 39.b000   Area Address: 39.d000   NLPID:        0xCC 0x8E    Hostname: R3   IP Address:   10.0.0.3   Metric: 10         IP 10.0.1.20 255.255.255.252   Metric: 10         IP 10.0.1.4 255.255.255.252   IPv6 Address: 2001:DB8:678:9003::3   Metric: 10         IPv6 2001:DB8:678:33::/64   Metric: 10         IPv6 2001:DB8:678:2::/64   Metric: 10         IS R5.00   Metric: 10         IS R4.00   Metric: 10         IS R1.00   Metric: 0          IP 10.0.0.3 255.255.255.255   Metric: 10         IP 10.0.0.4 255.255.255.255   Metric: 10         IP 10.0.0.7 255.255.255.255   Metric: 10         IP 10.0.1.16 255.255.255.252   Metric: 20         IP 10.1.0.0 255.255.255.252   Metric: 10         IP 10.1.0.4 255.255.255.252   Metric: 20         IP 172.16.1.4 255.255.255.252   Metric: 20         IPv6 2001:DB8:5A:F7::/64   Metric: 10         IPv6 2001:DB8:678:3::/64   Metric: 10         IPv6 2001:DB8:678:17::/64   Metric: 0          IPv6 2001:DB8:678:9003::3/128   Metric: 10         IPv6 2001:DB8:678:9004::4/128   Metric: 20         IPv6 2001:DB8:678:A000::/64   Metric: 20         IPv6 2001:DB8:678:A001::/64 © Fred Bovy EIRL. IPv6 For Life. Page 129
  • 19.Checking the migration. Sunday, March 30, 2014   Metric: 10         IPv6 2001:DB8:678:B000::1/128 19.6 Check the BGP Routers Resiliency    R7#conf t Enter configuration commands, one per line.  End with CNTL/Z. R7(config)#interface GigabiEthernet3/0 R7(config­if)# shutdown R7#show bgp ipv6 unicast  *Mar 19 23:38:48.153: %SYS­5­CONFIG_I: Configured from console by console *Mar 19 23:38:48.589: %LINK­5­CHANGED: Interface GigabitEthernet3/0, changed state to  administratively down BGP table version is 89, local router ID is 10.0.0.7 Status codes: s suppressed, d damped, h history, * valid, > best, i ­ internal,               r RIB­failure, S Stale Origin codes: i ­ IGP, e ­ EGP, ? ­ incomplete    Network          Next Hop            Metric LocPrf Weight Path *>i2001:DB8:ABC0::/48                     2001:DB8:678:C000::6                                              0    100      0 64000 ? *>i2001:DB8:ABC1::/48                     2001:DB8:678:C000::6                                              0    100      0 64000 ? [snip] R7#show bgp ipv6 unicast 2001:DB8:ABC5::/48 BGP routing table entry for 2001:DB8:ABC5::/48, version 84 Paths: (1 available, best #1, table Default)   Not advertised to any peer   64000     2001:DB8:678:C000::6 (metric 10) from 10.0.0.5 (10.0.0.5)       Origin incomplete, metric 0, localpref 100, valid, internal, best       Originator: 10.0.0.6, Cluster list: 10.0.0.5 R7#show ipv6 route  2001:DB8:678:C000::6 Routing entry for ::/0   Known via "isis fred", distance 115, metric 10, type level­1   Route count is 1/1, share count 0   Routing paths:     FE80::C808:1BFF:FE4F:54, GigabitEthernet0/0       Last updated 00:53:29 ago R7# show ipv6 neighbors  IPv6 Address                              Age Link­layer Addr State Interface FE80::C807:1BFF:FE4F:8                    176 ca07.1b4f.0008  STALE Gi1/0 FE80::C808:1BFF:FE4F:54                   177 ca08.1b4f.0054  STALE Gi0/0 R7#show adjacency GigabitEthernet 0/0 internal Protocol Interface                 Address IP       GigabitEthernet0/0        10.1.0.1(17)                                    0 packets, 0 bytes © Fred Bovy EIRL. IPv6 For Life. Page 130
  • 19.Checking the migration. Sunday, March 30, 2014                                    epoch 0                                    sourced in sev­epoch 0                                    Encap length 14                                    CA081B4F0054CA0B1B6400080800                                    ARP                                    Fast adjacency enabled [OK]                                    L3 mtu 1500                                    Flags (0x88E)                                    Fixup disabled                                    HWIDB/IDB pointers 0x66BC41D0/0x66BC4D4C                                    IP redirect disabled                                    Switching vector: IPv4 no fixup, no redirect adj oce                                    Adjacency pointer 0x66F19C80                                    Next­hop 10.1.0.1 IPV6     GigabitEthernet0/0        FE80::C808:1BFF:FE4F:54(11)                                    0 packets, 0 bytes                                    epoch 0                                    sourced in sev­epoch 3                                    Encap length 14 Protocol Interface                 Address                                    CA081B4F0054CA0B1B64000886DD                                    IPv6 ND                                    Fast adjacency enabled [OK]                                    L3 mtu 1500                                    Flags (0x1189E)                                    Fixup disabled                                    HWIDB/IDB pointers 0x66BC41D0/0x66BC4D4C                                    IP redirect enabled                                    Switching vector: IPv6 adjacency oce                                    Adjacency pointer 0x66F19B40                                    Next­hop FE80::C808:1BFF:FE4F:54 Sound Great ! 20. Multiarea final Configurations 20.1 R6 service timestamps debug datetime msec service timestamps log datetime msec service password­encryption ! hostname R6 ! ip cef ipv6 unicast­routing ipv6 cef ! interface Loopback0 © Fred Bovy EIRL. IPv6 For Life. Page 131
  • 20.Multiarea final Configurations. Sunday, March 30, 2014  ip address 10.0.0.6 255.255.255.255  ipv6 address 2001:DB8:678:C000::6/128 ! interface GigabitEthernet1/0  ip address 10.2.0.2 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:D004::6/64  ipv6 router isis fred  isis network point­to­point  ! interface GigabitEthernet2/0  ip address 10.2.0.6 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:D005::6/64  ipv6 router isis fred  isis network point­to­point  ! interface GigabitEthernet3/0  ip address 172.16.1.1 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:5A:F6::6/64  ipv6 router isis fred  isis network point­to­point   isis csnp­interval 10 ! router isis fred  net 39.c000.0000.0000.0006.00  is­type level­1  passive­interface Loopback0 ! router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 update­source Loopback0  neighbor 2001:DB8:5A:F6::8 remote­as 64000  neighbor 172.16.1.2 remote­as 64000  !          address­family ipv4   neighbor 10.0.0.5 activate   neighbor 10.0.0.5 next­hop­self   no neighbor 2001:DB8:5A:F6::8 activate   neighbor 172.16.1.2 activate   no auto­summary   no synchronization  exit­address­family  !          address­family ipv6 © Fred Bovy EIRL. IPv6 For Life. Page 132
  • 20.Multiarea final Configurations. Sunday, March 30, 2014   neighbor 10.0.0.5 activate   neighbor 10.0.0.5 route­map fred out   neighbor 2001:DB8:5A:F6::8 activate   no synchronization   Maximum­paths 2 exit­address­family !      route­map fred permit 10  set ipv6 next­hop 2001:DB8:678:C000::6 ! 20.2 R1 service timestamps debug datetime msec service timestamps log datetime msec service password­encryption ! hostname R1 ip cef ! ipv6 unicast­routing ipv6 cef ! interface Loopback0  ip address 10.0.0.1 255.255.255.255  ipv6 address 2001:DB8:678:9000::1/128 ! interface GigabitEthernet1/0  ip address 10.0.1.1 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:1::1/64  ipv6 router isis fred  isis circuit­type level­2­only  isis network point­to­point  ! interface GigabitEthernet2/0  ip address 10.0.1.9 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:3::1/64  ipv6 router isis fred  isis network point­to­point  ! interface GigabitEthernet3/0  ip address 10.0.1.5 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:2::1/64  ipv6 router isis fred © Fred Bovy EIRL. IPv6 For Life. Page 133
  • 20.Multiarea final Configurations. Sunday, March 30, 2014  isis circuit­type level­2­only  isis network point­to­point  !          interface GigabitEthernet4/0  ip address 10.2.0.1 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:D004::7/64  ipv6 router isis fred  isis network point­to­point  !          router isis fred  net 39.b000.0000.0000.0001.00  net 39.c000.0000.0000.0001.00  redistribute isis ip level­2 into level­1 route­map leak  passive­interface Loopback0 !          router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 update­source Loopback0  !          address­family ipv4   neighbor 10.0.0.5 activate   no auto­summary   no synchronization  exit­address­family  !          address­family ipv6   neighbor 10.0.0.5 activate  exit­address­family !          access­list 1 permit 10.0.0.0 0.0.0.255 !                  route­map leak permit 10  match ip address 1 20.3 R5 service timestamps debug datetime msec service timestamps log datetime msec service password­encryption ! hostname R5 ! ip cef ipv6 unicast­routing ipv6 cef ! interface Loopback0 © Fred Bovy EIRL. IPv6 For Life. Page 134
  • 20.Multiarea final Configurations. Sunday, March 30, 2014  ip address 10.0.0.5 255.255.255.255  ipv6 address 2001:DB8:678:9005::5/128 ! interface GigabitEthernet3/0  ip address 10.0.1.22 255.255.255.252  ip router isis fred  duplex full  speed 1000  media­type gbic  negotiation auto  ipv6 address 2001:DB8:678:33::5/64  ipv6 router isis fred  isis circuit­type level­2­only  isis network point­to­point  ! interface GigabitEthernet1/0  ip address 10.0.1.10 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:3::5/64  ipv6 router isis fred  isis network point­to­point  ! interface GigabitEthernet2/0  ip address 10.0.1.14 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:22::5/64  ipv6 router isis fred  isis circuit­type level­2­only  isis network point­to­point  ! interface GigabitEthernet4/0  ip address 10.2.0.5 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:D005::5/64  ipv6 router isis fred  isis network point­to­point  ! router isis fred  net 39.b000.0000.0000.0005.00  net 39.c000.0000.0000.0005.00  redistribute isis ip level­2 into level­1 route­map leak  passive­interface Loopback0 ! router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.1 remote­as 100  neighbor 10.0.0.1 update­source Loopback0 © Fred Bovy EIRL. IPv6 For Life. Page 135
  • 20.Multiarea final Configurations. Sunday, March 30, 2014  neighbor 10.0.0.3 remote­as 100  neighbor 10.0.0.3 update­source Loopback0  neighbor 10.0.0.4 remote­as 100  neighbor 10.0.0.4 update­source Loopback0  neighbor 10.0.0.6 remote­as 100  neighbor 10.0.0.6 update­source Loopback0  neighbor 10.0.0.7 remote­as 100  neighbor 10.0.0.7 update­source Loopback0  !  address­family ipv4   neighbor 10.0.0.1 activate   neighbor 10.0.0.1 route­reflector­client   neighbor 10.0.0.3 activate   neighbor 10.0.0.3 route­reflector­client   neighbor 10.0.0.4 activate   neighbor 10.0.0.4 route­reflector­client   neighbor 10.0.0.6 activate   neighbor 10.0.0.6 route­reflector­client   neighbor 10.0.0.7 activate   neighbor 10.0.0.7 route­reflector­client   no auto­summary   no synchronization  exit­address­family  !  address­family ipv6   neighbor 10.0.0.1 activate   neighbor 10.0.0.1 route­reflector­client   neighbor 10.0.0.3 activate   neighbor 10.0.0.3 route­reflector­client   neighbor 10.0.0.4 activate   neighbor 10.0.0.4 route­reflector­client   neighbor 10.0.0.6 activate   neighbor 10.0.0.6 route­reflector­client   neighbor 10.0.0.7 activate   neighbor 10.0.0.7 route­reflector­client   no synchronization   maximum­paths 2   exit­address­family ! access­list 1 permit 10.0.0.0 0.0.0.255 ! route­map leak permit 10  match ip address 1 ! 20.4 R3 service timestamps debug datetime msec service timestamps log datetime msec service password­encryption © Fred Bovy EIRL. IPv6 For Life. Page 136
  • 20.Multiarea final Configurations. Sunday, March 30, 2014 ! hostname R3 ! ip cef ipv6 unicast­routing ipv6 cef ! interface Loopback0  ip address 10.0.0.3 255.255.255.255  ipv6 address 2001:DB8:678:9003::3/128 ! interface GigabitEthernet0/0  ip address 10.1.0.6 255.255.255.252  ip router isis fred  duplex full  speed 1000  media­type gbic  negotiation auto  ipv6 address 2001:DB8:678:3::3/64  ipv6 router isis fred  isis network point­to­point  !          interface GigabitEthernet1/0  ip address 10.0.1.18 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:17::3/64  ipv6 enable  ipv6 router isis fred  isis network point­to­point  ! interface GigabitEthernet2/0  ip address 10.0.1.21 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:33::3/64  ipv6 enable  ipv6 router isis fred  isis circuit­type level­2­only  isis network point­to­point  ! interface GigabitEthernet3/0  ip address 10.0.1.6 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:2::3/64  ipv6 enable  ipv6 router isis fred  isis circuit­type level­2­only  isis network point­to­point  © Fred Bovy EIRL. IPv6 For Life. Page 137
  • 20.Multiarea final Configurations. Sunday, March 30, 2014 !          router isis fred  net 39.b000.0000.0000.0003.00  net 39.d000.0000.0000.0003.00  redistribute isis ip level­2 into level­1 route­map leak  passive­interface Loopback0 !          router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 update­source Loopback0  !          address­family ipv4   neighbor 10.0.0.5 activate   no auto­summary   no synchronization  exit­address­family  !          address­family ipv6   neighbor 10.0.0.5 activate  exit­address­family !               access­list 1 permit 10.0.0.0 0.0.0.255 !      route­map leak permit 10  match ip address 1 !          20.5 R4 hostname R4 ip cef ipv6 unicast­routing ipv6 cef ! interface Loopback0  ip address 10.0.0.4 255.255.255.255  ipv6 address 2001:DB8:678:9004::4/128 !    interface GigabitEthernet0/0  ip address 10.0.1.2 255.255.255.252  ip router isis fred  duplex full  speed 1000  media­type gbic  negotiation auto  ipv6 address 2001:DB8:678:1::4/64  ipv6 router isis fred  isis circuit­type level­2­only  isis network point­to­point  © Fred Bovy EIRL. IPv6 For Life. Page 138
  • 20.Multiarea final Configurations. Sunday, March 30, 2014 !          interface GigabitEthernet1/0  ip address 10.0.1.17 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:17::4/64  ipv6 router isis fred  isis network point­to­point  !          interface GigabitEthernet2/0  ip address 10.0.1.13 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:22::3/64  ipv6 router isis fred  isis circuit­type level­2­only  isis network point­to­point  !          interface GigabitEthernet3/0  ip address 10.1.0.1 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:A000::1/64  ipv6 router isis fred  isis network point­to­point  !          router isis fred  net 39.b000.0000.0000.0004.00  net 39.d000.0000.0000.0004.00  redistribute isis ip level­2 into level­1 route­map leak  passive­interface Loopback0 !          router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 update­source Loopback0  !          address­family ipv4   neighbor 10.0.0.5 activate   no auto­summary   no synchronization  exit­address­family  !          address­family ipv6   neighbor 10.0.0.5 activate  exit­address­family     !          access­list 1 permit 10.0.0.0 0.0.0.255       !          route­map leak permit 10 © Fred Bovy EIRL. IPv6 For Life. Page 139
  • 20.Multiarea final Configurations. Sunday, March 30, 2014  match ip address 1 ! 20.6 R7 hostname R7 ! interface Loopback0  ip address 10.0.0.7 255.255.255.255  ipv6 address 2001:DB8:678:B000::1/128 ! interface GigabitEthernet0/0  ip address 10.1.0.2 255.255.255.252  ip router isis fred  duplex full  speed 1000  media­type gbic  negotiation auto  ipv6 address 2001:DB8:678:A000::7/64  ipv6 router isis fred  isis network point­to­point  ! interface GigabitEthernet1/0  ip address 10.1.0.5 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:A001::7/64  ipv6 router isis fred  isis network point­to­point  ! interface GigabitEthernet3/0  ip address 172.16.1.5 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address FE80::7 link­local  ipv6 address 2001:DB8:5A:F7::6/64  ipv6 router isis fred  isis network point­to­point   isis csnp­interval 10 ! router isis fred  net 39.d000.0000.0000.0007.00  is­type level­1  passive­interface Loopback0 ! router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 update­source Loopback0  neighbor 172.16.1.6 remote­as 65000 © Fred Bovy EIRL. IPv6 For Life. Page 140
  • 20.Multiarea final Configurations. Sunday, March 30, 2014  neighbor FE80::9%GigabitEthernet3/0 remote­as 65000  !  address­family ipv4   neighbor 10.0.0.5 activate   neighbor 10.0.0.5 next­hop­self   neighbor 172.16.1.6 activate   neighbor 172.16.1.6 route­map setloc in   no neighbor FE80::9%GigabitEthernet3/0 activate   no auto­summary   no synchronization  exit­address­family  !  address­family ipv6   neighbor 10.0.0.5 activate   neighbor 10.0.0.5 route­map fred out   neighbor FE80::9%GigabitEthernet3/0 activate   neighbor FE80::9%GigabitEthernet3/0 route­map setloc in  exit­address­family ! ! route­map setloc permit 10  set local­preference 150 ! route­map fred permit 10  set ipv6 next­hop 2001:DB8:678:B000::1 ! 20.7 The ISP Routers R9 and R8 Configs ISP2-R8 hostname ISP2­R8 ! ip cef ipv6 unicast­routing ipv6 cef interface Loopback0  ip address 10.0.0.8 255.255.255.255 ! interface GigabitEthernet1/0  ip address 172.16.1.2 255.255.255.252  negotiation auto  ipv6 address 2001:DB8:5A:F6::8/64 ! router bgp 64000  bgp log­neighbor­changes  neighbor 2001:DB8:5A:F6::6 remote­as 100  neighbor 172.16.1.1 remote­as 100  !  address­family ipv4 © Fred Bovy EIRL. IPv6 For Life. Page 141
  • 20.Multiarea final Configurations. Sunday, March 30, 2014   redistribute static   no neighbor 2001:DB8:5A:F6::6 activate   neighbor 172.16.1.1 activate   no auto­summary   no synchronization  exit­address­family  !  address­family ipv6   neighbor 2001:DB8:5A:F6::6 activate   redistribute static   no synchronization  exit­address­family ! ip forward­protocol nd ip route 202.3.0.0 255.255.255.0 Null0 ip route 202.3.1.0 255.255.255.0 Null0 ip route 202.3.2.0 255.255.255.0 Null0 ip route 202.3.3.0 255.255.255.0 Null0 ip route 202.3.4.0 255.255.255.0 Null0 ip route 202.3.5.0 255.255.255.0 Null0 ip route 202.3.6.0 255.255.255.0 Null0 ip route 202.3.7.0 255.255.255.0 Null0 ip route 202.3.8.0 255.255.255.0 Null0 ip route 202.3.9.0 255.255.255.0 Null0 !          ipv6 route 2001:DB8:ABC0::/48 Null0 ipv6 route 2001:DB8:ABC1::/48 Null0 ipv6 route 2001:DB8:ABC2::/48 Null0 ipv6 route 2001:DB8:ABC3::/48 Null0 ipv6 route 2001:DB8:ABC4::/48 Null0 ipv6 route 2001:DB8:ABC5::/48 Null0 ipv6 route 2001:DB8:ABC6::/48 Null0 ipv6 route 2001:DB8:ABC7::/48 Null0 ipv6 route 2001:DB8:ABC8::/48 Null0 ipv6 route 2001:DB8:ABC9::/48 Null0 ipv6 route 2001:DB8:ABCA::/48 Null0 ISP1-R9 ISP1­R9#show running­config  Building configuration... Current configuration : 2574 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password­encryption ! © Fred Bovy EIRL. IPv6 For Life. Page 142
  • 20.Multiarea final Configurations. Sunday, March 30, 2014 hostname ISP1­R9 ! ip cef ipv6 unicast­routing ipv6 cef ! interface Loopback0  ip address 10.0.0.9 255.255.255.255 ! interface GigabitEthernet1/0  ip address 172.16.1.6 255.255.255.252  ipv6 address FE80::9 link­local  ipv6 address 2001:DB8:5A:F7::9/64 ! ! router bgp 65000  bgp log­neighbor­changes  neighbor 172.16.1.5 remote­as 100  neighbor FE80::7%GigabitEthernet1/0 remote­as 100  !  address­family ipv4   redistribute static metric 5   neighbor 172.16.1.5 activate   no neighbor FE80::7%GigabitEthernet1/0 activate   no auto­summary   no synchronization  exit­address­family  !  address­family ipv6   neighbor FE80::7%GigabitEthernet1/0 activate   redistribute static   no synchronization  exit­address­family !       ip route 202.3.0.0 255.255.255.0 Null0 ip route 202.3.1.0 255.255.255.0 Null0 ip route 202.3.2.0 255.255.255.0 Null0 ip route 202.3.3.0 255.255.255.0 Null0 ip route 202.3.4.0 255.255.255.0 Null0 ip route 202.3.5.0 255.255.255.0 Null0 ip route 202.3.6.0 255.255.255.0 Null0 ip route 202.3.7.0 255.255.255.0 Null0 ip route 202.3.8.0 255.255.255.0 Null0 ip route 202.3.9.0 255.255.255.0 Null0 !               ipv6 route 2001:DB8:ABC0::/48 Null0 ipv6 route 2001:DB8:ABC1::/48 Null0 ipv6 route 2001:DB8:ABC2::/48 Null0 ipv6 route 2001:DB8:ABC3::/48 Null0 ipv6 route 2001:DB8:ABC4::/48 Null0 © Fred Bovy EIRL. IPv6 For Life. Page 143
  • 20.Multiarea final Configurations. Sunday, March 30, 2014 ipv6 route 2001:DB8:ABC5::/48 Null0 ipv6 route 2001:DB8:ABC6::/48 Null0 ipv6 route 2001:DB8:ABC7::/48 Null0 ipv6 route 2001:DB8:ABC8::/48 Null0 ipv6 route 2001:DB8:ABC9::/48 Null0 ipv6 route 2001:DB8:ABCA::/48 Null0 !  © Fred Bovy EIRL. IPv6 For Life. Page 144
  • 20.Multiarea final Configurations. Sunday, March 30, 2014 Use a PC running freeBSD as a BGP Route-Reflector using Zebra/Quagga and install a pfSense Firewall Version 1.1 From Fred Bovy ccie #3013 Routing IPv6 Part 4 http://www.ipv6forlife.com/Tutorial/labQuagga/ © Fred Bovy EIRL. IPv6 For Life. Page 145
  • 21.What is Quagga?. Sunday, March 30, 2014 21. What is Quagga? Quagga transforms your Linux Box into a Powerful Router running rip, ripng, ospf v2, ospf v3, is-is for ipv4 and IPv6, MP-BGP and more. It is perfect to run your Route-Reflector since PC can have enough resources to host a powerful CISCO-like Router! It is a port on freeBSD and it is installed with a make install, clean It has a very rich environment and fit in our preceding lab with a small change in the topology. We could have use the preceding topology with no change and run PC FreeBGP 9.2 begind the existing switch but in the real life you don't want to do that. The IS-IS and MP-BGP daemons are configured to assume a Route-Reflector. The PC host runs in a VirtualBox Virtual Machine. The configuration is very easy. I have choosen freeBSD because it is free, very safe and Quagga is one of the 1000s of ports preinstalled. The installation is pretty long, you need to be connected to the Internet to fetch pieces of software as the make procedure claim them. But after more than an hour of patience in front of your screen answering questions, loading, compiling, installing and so on. Then after the make, you do a make install and a make clean and you're done. Then you need to copy some configuration sample files into /usr/local/etc/quagga. You also need to edit the file /etc/rc.conf. This information is widely available on the net. Check the opentodo.net server for more details. This is a very good site where to find a good documentation “Configuring routing protocols with Quagga” about installing Quagga on freeBSD. http://opentodo.net/2012/08/configuring-routing-protocols-with-quagga. In the lab we will configure one or two Quagga Routers as we have two IS-IS clones. © Fred Bovy EIRL. IPv6 For Life. Page 146
  • 21.What is Quagga?. Sunday, March 30, 2014 22. Quagga Configurations You will need to customize freeBSD configuration file like: $ cat /etc/rc.conf hostname="free92" keymap="fr.iso.acc.kbd" ifconfig_em0="DHCP" ifconfig_em0_ipv6="inet6 accept_rtadv" sshd_enable="YES" # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable dumpdev="NO" quagga_enable="YES" #quagga_daemons="zebra ripngd bgpd isisd ospf6d" quagga_daemons="zebra bgpd isisd" gateway_enable="YES" ifconfig_em1_ipv6="inet6 accept_rtadv" rtsold_enable="YES" ifconfig_fxp0_ipv6="inet6 2001:db8:678:FFFF::2000 prefixlen 64" Then copy and edit some configurations samples provided with the Quagga package: © Fred Bovy EIRL. IPv6 For Life. Page 147 Illustration 14: Final Setup free9/Quagga and others PCs
  • 22.Quagga Configurations. Sunday, March 30, 2014 cp zebra.conf.sample /usr/local/etc/quagga/ And then start the daemons  /usr/local/etc/rc.d/quagga start And you can then login to the zebra daemon to check the interface and the routing tables as you would do on a cisco router, then we will need to login to the IS-IS and BGP daemons. You can edit the zebra.conf file and you can also check and modify it by logging to the zebra daemon port 2601. /usr/local/etc/quagga/zebra.conf ! Zebra configuration saved from vty  !   2014/03/22 09:28:01  !  hostname zebra  password cisco  enable password cisco  !  interface em0   ipv6 nd suppress­ra  !  interface em1   ipv6 address 2001:db8:678:ffff::200/64   ip address 10.201.0.101/24   ipv6 nd suppress­ra  ! !  interface lo   description test of desc.   ipv6 nd suppress­ra  !  interface lo0   ip address 10.0.0.200/32  !  interface usbus0   ipv6 nd suppress­ra  !  ip forwarding  !  !  line vty  ! © Fred Bovy EIRL. IPv6 For Life. Page 148
  • 22.Quagga Configurations. Sunday, March 30, 2014 Telnet to the Zebra daemon $ telnet localhost 2601 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Hello, this is Quagga (version 0.99.22.3). Copyright 1996­2005 Kunihiro Ishiguro, et al. User Access Verification Password:  zebra> en Password:  Zebra sees two interfaces em0 which is the admin interface to which I can telnet as any device on the LAN. Interface em1 is the LAB interface to connect to the Lab Switch and exchange BGP and IS-IS updates to run a aBGP Route-Reflector. Obviously there is also loopback interfaces. Check IP route zebra# show ip route Codes: K ­ kernel route, C ­ connected, S ­ static, R ­ RIP,        O ­ OSPF, I ­ IS­IS, B ­ BGP, A ­ Babel,        > ­ selected route, * ­ FIB route K>* 0.0.0.0/0 via 192.168.100.254, em0 I>* 10.0.0.1/32 [115/10] via 10.201.0.1, em1, 00:22:12 I>* 10.0.0.3/32 [115/20] via 10.201.0.4, em1, 00:22:12                          via 10.201.0.1, em1, 00:22:12 I>* 10.0.0.4/32 [115/10] via 10.201.0.4, em1, 04:35:07 I>* 10.0.0.5/32 [115/20] via 10.201.0.1, em1, 00:22:12                          via 10.201.0.4, em1, 00:22:12 I>* 10.0.0.6/32 [115/20] via 10.201.0.1, em1, 00:22:12 I>* 10.0.0.7/32 [115/20] via 10.201.0.4, em1, 04:35:07 C>* 10.0.0.200/32 is directly connected, lo0 I>* 10.0.1.0/30 [115/20] via 10.201.0.4, em1, 00:22:12                          via 10.201.0.1, em1, 00:22:12 I>* 10.0.1.4/30 [115/20] via 10.201.0.1, em1, 00:22:12 I>* 10.0.1.8/30 [115/20] via 10.201.0.1, em1, 00:22:12 I>* 10.0.1.12/30 [115/20] via 10.201.0.4, em1, 04:35:07 I>* 10.0.1.16/30 [115/20] via 10.201.0.4, em1, 04:35:07 I>* 10.0.1.20/30 [115/30] via 10.201.0.4, em1, 00:22:12                           via 10.201.0.1, em1, 00:22:12 I>* 10.1.0.0/30 [115/20] via 10.201.0.4, em1, 04:35:07 © Fred Bovy EIRL. IPv6 For Life. Page 149
  • 22.Quagga Configurations. Sunday, March 30, 2014 I>* 10.1.0.4/30 [115/30] via 10.201.0.4, em1, 00:22:12                          via 10.201.0.1, em1, 00:22:12 I>* 10.2.0.0/30 [115/20] via 10.201.0.1, em1, 00:22:12 I>* 10.2.0.4/30 [115/30] via 10.201.0.1, em1, 00:22:12                          via 10.201.0.4, em1, 00:22:12 C>* 10.201.0.0/24 is directly connected, em1 C>* 127.0.0.0/8 is directly connected, lo0 I>* 172.16.1.0/30 [115/30] via 10.201.0.1, em1, 00:22:12 C>* 192.168.100.0/24 is directly connected, em0 B>* 202.3.0.0/24 [200/5] via 10.0.0.7 (recursive via 10.201.0.4), 07:01:45 B>* 202.3.1.0/24 [200/5] via 10.0.0.7 (recursive via 10.201.0.4), 07:01:45 B>* 202.3.2.0/24 [200/5] via 10.0.0.7 (recursive via 10.201.0.4), 07:01:45 B>* 202.3.3.0/24 [200/5] via 10.0.0.7 (recursive via 10.201.0.4), 07:01:45 B>* 202.3.4.0/24 [200/5] via 10.0.0.7 (recursive via 10.201.0.4), 07:01:45 B>* 202.3.5.0/24 [200/5] via 10.0.0.7 (recursive via 10.201.0.4), 07:01:45 B>* 202.3.6.0/24 [200/5] via 10.0.0.7 (recursive via 10.201.0.4), 07:01:45 B>* 202.3.7.0/24 [200/5] via 10.0.0.7 (recursive via 10.201.0.4), 07:01:45 B>* 202.3.8.0/24 [200/5] via 10.0.0.7 (recursive via 10.201.0.4), 07:01:45 B>* 202.3.9.0/24 [200/5] via 10.0.0.7 (recursive via 10.201.0.4), 07:01:45 Another config mistake, we forgot to configure the R1 interface to Quagga with IS-IS. isisd# show isis neighbor Area DEAD:   System Id           Interface   L  State        Holdtime SNPA   R4                  em1         2  Up           7        ca00.0dbc.0070 Only one IS-IS neighbor! We should see two! On R1 IS-IS config was missing, put it! interface GigabitEthernet0/0.1  encapsulation dot1Q 1 native  ip address 10.201.0.1 255.255.255.0  ip router isis fred  ipv6 address 2001:DB8:678:FFFF::1/64  ipv6 router isis fred  glbp 1 ip 10.201.0.222  glbp 2 ipv6 autoconfig End isisd# show isis neighbor Area DEAD:   System Id           Interface   L  State        Holdtime SNPA   R1                  em1         2  Up           10       ca01.0dbc.0008   R4                  em1         2  Up           28       ca00.0dbc.0070 © Fred Bovy EIRL. IPv6 For Life. Page 150
  • 22.Quagga Configurations. Sunday, March 30, 2014 We could check the IS-IS neighbors from the pseudo node LSP in the IS-IS database of the multipoint transit Networks:  isisd# show isis database R1.01­00  detail  Area DEAD: IS­IS Level­2 link­state database: LSP ID                  PduLen  SeqNumber   Chksum  Holdtime  ATT/P/OL R1.01­00                   63   0x00000002  0x88bf     561    0/0/0   Metric      : 0        IS            : R1.00   Metric      : 0        IS            : R4.00   Metric      : 0        IS            : isisd.00 Check IPv6 Route 23. Quagga IS-IS Configuration IS-IS Configuration file You need to edit the config file isisd.conf, you can change it from a telnet session later. © Fred Bovy EIRL. IPv6 For Life. Page 151 Illustration 15: My Working Station with GNS3 and Wireshark windows
  • 23.Quagga IS-IS Configuration. Sunday, March 30, 2014 ! ! Zebra configuration saved from vty !   2014/03/22 10:11:24 ! hostname isisd password cisco enable password cisco log stdout ! interface em0 ! interface em1  ip router isis DEAD  ipv6 router isis DEAD  isis circuit­type level­2­only ! interface lo0  ip router isis DEAD  isis passive  ipv6 router isis DEAD  isis circuit­type level­2­only ! interface usbus0 ! ! router isis DEAD  net 39.b000.0000.0000.0201.00  metric­style wide  is­type level­2­only ! line vty ! If you have installed Quagga on the freeBSD Clone: Password:  isisd­quagga2# sh run Current configuration: ! hostname isisd­quagga2 password cisco enable password cisco log stdout ! interface em0 ! interface em1  ip router isis DEAD  ipv6 router isis DEAD  isis circuit­type level­2­only © Fred Bovy EIRL. IPv6 For Life. Page 152
  • 23.Quagga IS-IS Configuration. Sunday, March 30, 2014 ! interface lo0  ip router isis DEAD  isis passive  ipv6 router isis DEAD  isis circuit­type level­2­only ! interface usbus0 ! ! router isis DEAD  net 39.b000.0000.0000.0202.00  metric­style wide  is­type level­2­only ! line vty ! end isisd­quagga2#  Telnet to IS-IS daemon Then you can telnet to the IS-IS daemon to do some checking $ telnet localhost 2608 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Hello, this is Quagga (version 0.99.22.3). Copyright 1996­2005 Kunihiro Ishiguro, et al. User Access Verification Password:  isisd> en Password:  isisd#  isisd# sh isis neighbor  Area DEAD:   System Id           Interface   L  State        Holdtime SNPA   R1                  em1         2  Up           8        ca01.5c18.0008   R4                  em1         2  Up           26       ca00.5c18.0070 isisd# sh isis neighbor detail  Area DEAD:   R1                       Interface: em1, Level: 2, State: Up, Expires in 7s     Adjacency flaps: 1, Last: 1h7m39s ago © Fred Bovy EIRL. IPv6 For Life. Page 153
  • 23.Quagga IS-IS Configuration. Sunday, March 30, 2014     Circuit type: L1L2, Speaks: IPv4, IPv6     SNPA: ca01.5c18.0008, LAN id: R1.01     LAN Priority: 64, is DIS, DIS flaps: 1, Last: 1h7m37s ago     Area Address(es):       39.b000       39.c000     IPv4 Address(es):       10.201.0.1     IPv6 Address(es):       fe80::c801:5cff:fe18:8   R4                       Interface: em1, Level: 2, State: Up, Expires in 28s     Adjacency flaps: 1, Last: 35m31s ago     Circuit type: L1L2, Speaks: IPv4, IPv6     SNPA: ca00.5c18.0070, LAN id: R1.01     LAN Priority: 64, is not DIS, DIS flaps: 1, Last: 35m29s ago     Area Address(es):       39.b000       39.d000     IPv4 Address(es):       10.201.0.4     IPv6 Address(es):       fe80::c800:5cff:fe18:70 isisd# show isis database  Area DEAD: IS­IS Level­2 link­state database: LSP ID                  PduLen  SeqNumber   Chksum  Holdtime  ATT/P/OL R1.00­00                  592   0x000000c4  0x11f8    1182    0/0/0 R1.01­00                   63   0x000000a7  0x3d65     945    0/0/0 R3.00­00                  581   0x000000bd  0x14ff     430    0/0/0 R4.00­00                  592   0x000000c9  0xabee     365    0/0/0 R5.00­00                  581   0x000000bd  0x9286     927    0/0/0 isisd.00­00          *    120   0x000000e4  0x7d64     715    0/0/0     6 LSPs We have 6 LSPs, R1 Pseudonode #1 R1.01­00 included. This one is generated by the  multipoint network DIS Let's first check R1 Router LSP then the R1.01 pseudonode  LSP. isisd# show isis database R1.00­00  detail  Area DEAD: IS­IS Level­2 link­state database: LSP ID                  PduLen  SeqNumber   Chksum  Holdtime  ATT/P/OL R1.00­00                  646   0x000000fb  0x616b    1152    0/0/0   Area Address: 39.b000   Area Address: 39.c000   Area Address: 39.d000 © Fred Bovy EIRL. IPv6 For Life. Page 154
  • 23.Quagga IS-IS Configuration. Sunday, March 30, 2014   NLPID       : 0xCC   NLPID       : 0x8E   Hostname    : R1   IPv4 Address: 10.0.0.1   Metric      : 10       IS            : R1.01   Metric      : 10       IS            : R5.00   Metric      : 10       IS            : R3.00   Metric      : 10       IS            : R4.00   Metric      : 10       IPv4­Internal : 10.0.1.0 255.255.255.252   Metric      : 10       IPv4­Internal : 10.0.1.4 255.255.255.252   Metric      : 0        IPv4­Internal : 10.0.0.1 255.255.255.255   Metric      : 20       IPv4­Internal : 10.0.0.3 255.255.255.255   Metric      : 10       IPv4­Internal : 10.0.0.4 255.255.255.255   Metric      : 10       IPv4­Internal : 10.0.0.5 255.255.255.255   Metric      : 10       IPv4­Internal : 10.0.0.6 255.255.255.255   Metric      : 20       IPv4­Internal : 10.0.0.7 255.255.255.255   Metric      : 10       IPv4­Internal : 10.0.1.8 255.255.255.252   Metric      : 20       IPv4­Internal : 10.0.1.16 255.255.255.252   Metric      : 20       IPv4­Internal : 10.1.0.0 255.255.255.252   Metric      : 30       IPv4­Internal : 10.1.0.4 255.255.255.252   Metric      : 10       IPv4­Internal : 10.2.0.0 255.255.255.252   Metric      : 20       IPv4­Internal : 10.2.0.4 255.255.255.252   Metric      : 10       IPv4­Internal : 10.201.0.0 255.255.255.0   Metric      : 20       IPv4­Internal : 172.16.1.0 255.255.255.252   Metric      : 30       IPv4­Internal : 172.16.1.4 255.255.255.252   Metric      : 10       IPv4­Internal : 172.16.6.0 255.255.255.0   Metric      : 10       IPv6­Internal : 2001:db8:678:1::/64   Metric      : 10       IPv6­Internal : 2001:db8:678:2::/64   Metric      : 20       IPv6­Internal : 2001:db8:5a:f6::/64   Metric      : 30       IPv6­Internal : 2001:db8:5a:f7::/64   Metric      : 10       IPv6­Internal : 2001:db8:678:3::/64   Metric      : 20       IPv6­Internal : 2001:db8:678:17::/64   Metric      : 0        IPv6­Internal : 2001:db8:678:9000::1/128   Metric      : 20       IPv6­Internal : 2001:db8:678:9003::3/128   Metric      : 10       IPv6­Internal : 2001:db8:678:9004::4/128   Metric      : 10       IPv6­Internal : 2001:db8:678:9005::5/128   Metric      : 20       IPv6­Internal : 2001:db8:678:a000::/64   Metric      : 30       IPv6­Internal : 2001:db8:678:a001::/64   Metric      : 20       IPv6­Internal : 2001:db8:678:b000::1/128   Metric      : 10       IPv6­Internal : 2001:db8:678:c000::6/128   Metric      : 10       IPv6­Internal : 2001:db8:678:d004::/64   Metric      : 20       IPv6­Internal : 2001:db8:678:d005::/64   Metric      : 10       IPv6­Internal : 2001:db8:678:d101::/64   Metric      : 10       IPv6­Internal : 2001:db8:678:ffff::/64 isisd# show isis database R1.01­00 Area DEAD: IS­IS Level­2 link­state database: LSP ID                  PduLen  SeqNumber   Chksum  Holdtime  ATT/P/OL R1.01­00                   63   0x000000a7  0x3d65     925    0/0/0 © Fred Bovy EIRL. IPv6 For Life. Page 155
  • 23.Quagga IS-IS Configuration. Sunday, March 30, 2014 isisd# show isis database R1.01­00 detail Area DEAD: IS­IS Level­2 link­state database: LSP ID                  PduLen  SeqNumber   Chksum  Holdtime  ATT/P/OL R1.01­00                   63   0x000000a7  0x3d65     921    0/0/0   Metric      : 0        IS            : R1.00   Metric      : 0        IS            : R4.00   Metric      : 0        IS            : isisd.00 Check a Router LSP and see if if is correct. We should see for each level the right neighbors. They are in Red below: R1#show isis database  R4.00­00 detai IS­IS Level­1 LSP R4.00­00 LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL R4.00­00              0x0000021D   0x4185        493               0/0/0   Area Address: 39.b000   Area Address: 39.d000   NLPID:        0xCC 0x8E    Hostname: R4   IP Address:   10.0.0.4   Metric: 10         IP 10.0.1.16 255.255.255.252   Metric: 10         IP 10.1.0.0 255.255.255.252   Metric: 10         IP 10.201.0.0 255.255.255.0   Metric: 0          IP 10.0.0.4 255.255.255.255   IPv6 Address: 2001:DB8:678:9004::4   Metric: 10         IPv6 2001:DB8:678:17::/64   Metric: 10         IPv6 2001:DB8:678:A000::/64   Metric: 10         IPv6 2001:DB8:678:FFFF::/64   Metric: 0          IPv6 2001:DB8:678:9004::4/128   Metric: 10         IS R1.01   Metric: 10         IS R3.00   Metric: 10         IS R7.00   Metric: 148        IP­Interarea 10.0.0.200 255.255.255.255            IS­IS Level­2 LSP R4.00­00 LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL R4.00­00              0x000000F8   0xBE63        997               0/0/0   Area Address: 39.b000   Area Address: 39.d000   Area Address: 39.c000   NLPID:        0xCC 0x8E    Hostname: R4   IP Address:   10.0.0.4   Metric: 10         IP 10.0.1.0 255.255.255.252   Metric: 10         IP 10.0.1.12 255.255.255.252   IPv6 Address: 2001:DB8:678:9004::4 © Fred Bovy EIRL. IPv6 For Life. Page 156
  • 23.Quagga IS-IS Configuration. Sunday, March 30, 2014   Metric: 10         IPv6 2001:DB8:678:1::/64   Metric: 10         IPv6 2001:DB8:678:22::/64   Metric: 10         IS R1.01   Metric: 10         IS R3.00   Metric: 10         IS R1.00   Metric: 10         IP 10.0.0.1 255.255.255.255   Metric: 10         IP 10.0.0.3 255.255.255.255   Metric: 0          IP 10.0.0.4 255.255.255.255   Metric: 20         IP 10.0.0.5 255.255.255.255   Metric: 20         IP 10.0.0.6 255.255.255.255   Metric: 10         IP 10.0.0.7 255.255.255.255   Metric: 20         IP 10.0.1.8 255.255.255.252   Metric: 10         IP 10.0.1.16 255.255.255.252   Metric: 10         IP 10.1.0.0 255.255.255.252   Metric: 20         IP 10.1.0.4 255.255.255.252   Metric: 20         IP 10.2.0.0 255.255.255.252   Metric: 30         IP 10.2.0.4 255.255.255.252   Metric: 10         IP 10.201.0.0 255.255.255.0   Metric: 30         IP 172.16.1.0 255.255.255.252   Metric: 20         IP 172.16.1.4 255.255.255.252   Metric: 20         IP 172.16.6.0 255.255.255.0   Metric: 30         IPv6 2001:DB8:5A:F6::/64   Metric: 20         IPv6 2001:DB8:5A:F7::/64   Metric: 20         IPv6 2001:DB8:678:3::/64   Metric: 10         IPv6 2001:DB8:678:17::/64   Metric: 10         IPv6 2001:DB8:678:9000::1/128   Metric: 10         IPv6 2001:DB8:678:9003::3/128   Metric: 0          IPv6 2001:DB8:678:9004::4/128   Metric: 20         IPv6 2001:DB8:678:9005::5/128   Metric: 10         IPv6 2001:DB8:678:A000::/64   Metric: 20         IPv6 2001:DB8:678:A001::/64 And check the LSP of a Level-1 router... R3#show isis data R6.00­00 detail  IS­IS Level­1 LSP R6.00­00 LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL R6.00­00              0x000000F2   0xF831        618               0/0/0   Area Address: 39.c000   NLPID:        0xCC 0x8E    Hostname: R6   IP Address:   10.0.0.6   Metric: 10         IP 10.2.0.0 255.255.255.252   Metric: 10         IP 10.2.0.4 255.255.255.252   Metric: 10         IP 172.16.1.0 255.255.255.252   Metric: 0          IP 172.16.6.0 255.255.255.0   Metric: 0          IP 10.0.0.6 255.255.255.255   IPv6 Address: 2001:DB8:678:C000::6 © Fred Bovy EIRL. IPv6 For Life. Page 157
  • 23.Quagga IS-IS Configuration. Sunday, March 30, 2014   Metric: 10         IPv6 2001:DB8:678:D004::/64   Metric: 10         IPv6 2001:DB8:678:D005::/64   Metric: 10         IPv6 2001:DB8:5A:F6::/64   Metric: 0          IPv6 2001:DB8:678:D101::/64   Metric: 0          IPv6 2001:DB8:678:C000::6/128   Metric: 10         IS R5.00   Metric: 10         IS R1.00 R3#  Two Quagga installed isisd­quagga2# show isis neighbor  Area DEAD:   System Id           Interface   L  State        Holdtime SNPA   isisd               em1         2  Up           28       0800.2772.bd9b   R1                  em1         2  Up           21       0002.0000.1111   R4                  em1         2  Up           7        ca08.0eb7.0070 isisd­quagga2#  isisd­quagga2# show isis database  Area DEAD: IS­IS Level­2 link­state database: LSP ID                  PduLen  SeqNumber   Chksum  Holdtime  ATT/P/OL R1.00­00                  376   0x00000085  0xe907    1034    0/0/0 R3.00­00                  262   0x0000007a  0xce04    1059    0/0/0 R4.00­00                  257   0x00000078  0x272a    1084    0/0/0 R4.01­00                   73   0x00000073  0xd461     821    0/0/0 R5.00­00                  293   0x0000007b  0x3e52    1063    0/0/0 isisd.00­00               118   0x00000090  0x9975     764    0/0/0 isisd­quagga2.00­00  *    140   0x00000084  0x0475     738    0/0/0     7 LSPs isisd­quagga2# From this output we know that R4 is the DIS for the LAN connecting the 2 Quaggas PC with Routers and below we can check the LSP generated from R4 pseudo-node R4.01. Only the pseudo-node have the first number above zero. isisd­quagga2# show isis database R4.01­00  detail  Area DEAD: IS­IS Level­2 link­state database: LSP ID                  PduLen  SeqNumber   Chksum  Holdtime  ATT/P/OL R4.01­00                   73   0x00000073  0xd461     706    0/0/0   Metric      : 0        IS­Extended   : R4.00   Metric      : 0        IS­Extended   : R1.00   Metric      : 0        IS­Extended   : isisd­quagga2.00   Metric      : 0        IS­Extended   : isisd.00 From R1 R1#show isis database isisd.00­00  detail          IS­IS Level­2 LSP isisd.00­00 © Fred Bovy EIRL. IPv6 For Life. Page 158
  • 23.Quagga IS-IS Configuration. Sunday, March 30, 2014 LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL isisd.00­00           0x00000091   0x9776        548               0/0/0   Area Address: 39.b000   NLPID:        0xCC 0x8E    Hostname: isisd   IP Address:   10.0.0.200   Router ID:    10.0.0.200   Metric: 10         IP 10.201.0.0/24   Metric: 10         IP 10.0.0.200/32   Metric: 10         IPv6 2001:DB8:678:FFFF::/64   Metric: 10         IPv6 2001:DB8:678:FFFF::/64   Metric: 10         IS­Extended R4.01 R1#show isis database isisd­quagga2.00­00  detail  IS­IS Level­2 LSP isisd­quagga2.00­00 LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL isisd­quagga2.00­00   0x00000085   0x0276        480               0/0/0   Area Address: 39.b000   NLPID:        0xCC 0x8E    Hostname: isisd­quagga2   IP Address:   10.0.0.201   Router ID:    10.0.0.201   Metric: 10         IP 10.201.0.0/24   Metric: 10         IP 10.0.0.201/32   Metric: 10         IPv6 2001:DB8:678:FFFF::/64   Metric: 10         IPv6 2001:DB8:678:FFFF::/64   Metric: 10         IPv6 2001:DB8:678:FFFF::/64   Metric: 10         IS­Extended R4.01 From R1 all IS-IS Neighbors R1#show clns neighbors  System Id      Interface   SNPA                State  Holdtime  Type Protocol R4             Gi1/0       ca08.0eb7.0008      Up     27        L2   IS­IS R5             Gi2/0       ca0c.0ec6.001c      Up     26        L1L2 IS­IS R3             Gi3/0       ca0a.0eb7.0054      Up     26        L2   IS­IS R6             Gi4/0       ca0d.0ec6.001c      Up     24        L1   IS­IS R4             Gi0/0.1     ca08.0eb7.0070      Up     9         L2   IS­IS isisd­quagga2  Gi0/0.1     0800.2797.3120      Up     28        L2   IS­IS isisd          Gi0/0.1     0800.2772.bd9b      Up     28        L2   IS­IS R1#sh isis database                              IS­IS Level­1 Link State Database: LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL R1.00­00            * 0x00000098   0x3A7E        868               1/0/0 R5.00­00              0x00000089   0xFD3A        1161              1/0/0 R6.00­00              0x0000007A   0x955B        736               0/0/0 IS­IS Level­2 Link State Database: LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL R1.00­00            * 0x00000087   0xE509        782               0/0/0 R3.00­00              0x0000007C   0xCA06        700               0/0/0 R4.00­00              0x0000007A   0x232C        743               0/0/0 R4.01­00              0x00000076   0xCE64        1190              0/0/0 R5.00­00              0x0000007D   0x3A54        816               0/0/0 isisd.00­00           0x00000092   0x9577        607               0/0/0 isisd­quagga2.00­00   0x00000086   0xFF77        545               0/0/0 © Fred Bovy EIRL. IPv6 For Life. Page 159
  • 23.Quagga IS-IS Configuration. Sunday, March 30, 2014 24. Quagga BGP Configuration BGP Configuration file Checking BGP also checks IS-IS as the BGP next-hop to the PC loopback is propagated by Quagga. ! ­*­ bgp ­*­ ! ! BGPd sample configuratin file ! ! $Id: bgpd.conf.sample,v 1.1 2002/12/13 20:15:29 paul Exp $ ! hostname bgpd password cisco !enable password please­set­at­here ! !bgp mulitple­instance ! router bgp 100  bgp router­id 10.201.0.1   neighbor 10.0.0.5 remote­as 100   neighbor 10.0.0.5 route­reflector­client   neighbor 10.0.0.1 remote­as 100   neighbor 10.0.0.1 route­reflector­client   neighbor 10.0.0.3 remote­as 100   neighbor 10.0.0.3 route­reflector­client   neighbor 10.0.0.4 remote­as 100   neighbor 10.0.0.4 route­reflector­client   neighbor 10.0.0.6 remote­as 100   neighbor 10.0.0.6 route­reflector­client   neighbor 10.0.0.7 remote­as 100   neighbor 10.0.0.7 route­reflector­client    address­family ipv6   neighbor 10.0.0.1 activate   neighbor 10.0.0.3 activate   neighbor 10.0.0.4 activate   neighbor 10.0.0.6 activate   neighbor 10.0.0.7 activate   address­family ipv4   neighbor 10.0.0.1 activate   neighbor 10.0.0.3 activate   neighbor 10.0.0.4 activate   neighbor 10.0.0.6 activate   neighbor 10.0.0.7 activate ! ! ! access­list all permit any ! !route­map set­nexthop permit 10 © Fred Bovy EIRL. IPv6 For Life. Page 160
  • 24.Quagga BGP Configuration. Sunday, March 30, 2014 ! match ip address all ! set ip next­hop 10.0.0.1 ! !log file bgpd.log ! log stdout Telnet to the BGP daemon $ telnet localhost 2605 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Hello, this is Quagga (version 0.99.22.3). Copyright 1996­2005 Kunihiro Ishiguro, et al. User Access Verification Password:  bgpd> enable bgpd# show bgp summary  BGP router identifier 10.0.0.200, local AS number 100 RIB entries 21, using 1512 bytes of memory Peers 6, using 15 KiB of memory Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd 10.0.0.1        4   100    1305    1318        0    0    0 21:51:59        0 10.0.0.3        4   100    1305    1318        0    0    0 21:51:52        0 10.0.0.4        4   100    1307    1318        0    0    0 00:40:43        0 10.0.0.6        4   100    1304    1318        0    0    0 21:51:57        0 10.0.0.7        4   100    1307    1316        0    0    0 00:40:45       11 Total number of neighbors 5       bgpd# bgpd# show bgp neighbors 10.0.0.5 BGP neighbor is 10.0.0.5, remote AS 100, local AS 100, internal link   BGP version 4, remote router ID 10.0.0.5   BGP state = Established, up for 21:58:38   Last read 00:00:33, hold time is 180, keepalive interval is 60 seconds   Neighbor capabilities:     4 Byte AS: advertised and received     Route refresh: advertised and received(old & new)     Address family IPv4 Unicast: advertised and received     Address family IPv6 Unicast: received   Message statistics:     Inq depth is 0     Outq depth is 0                          Sent       Rcvd     Opens:                  1          0     Notifications:          0          0     Updates:                3          1     Keepalives:          1320       1310     Route Refresh:          0          0 © Fred Bovy EIRL. IPv6 For Life. Page 161
  • 24.Quagga BGP Configuration. Sunday, March 30, 2014     Capability:             0          0     Total:               1324       1311   Minimum time between advertisement runs is 5 seconds  For address family: IPv4 Unicast   Route­Reflector Client   Community attribute sent to this neighbor(both)   10 accepted prefixes   Connections established 1; dropped 0   Last reset never Local host: 10.0.0.200, Local port: 179 Foreign host: 10.0.0.5, Foreign port: 59344 Nexthop: 10.0.0.200 Nexthop global: ::1 Nexthop local: fe80::1 BGP connection: non shared network Read thread: on  Write thread: off bgpd# show bgp 2001:db8:abc3::/48 BGP routing table entry for 2001:db8:abc3::/48 Paths: (1 available, best #1, table Default­IP­Routing­Table)   Not advertised to any peer   65000     2001:db8:678:b000::1 (metric 20) from 10.0.0.7 (10.0.0.7)       Origin incomplete, metric 0, localpref 150, valid, internal, best       Last update: Sun Mar 23 17:53:04 2014                                                           25. Verifying the Routing is OK Take a quick look on the Routing table, pick up and IS-IS or BGP entry and get down to check that all works OK. There is an example below with routing tables and BGP Path: zebra# show ipv6 route isis Codes: K ­ kernel route, C ­ connected, S ­ static, R ­ RIPng,        O ­ OSPFv6, I ­ IS­IS, B ­ BGP, A ­ Babel,        > ­ selected route, * ­ FIB route I>* 2001:db8:5a:f6::/64 [115/30] via fe80::c801:dff:febc:8, em1, 00:19:32 I>* 2001:db8:5a:f7::/64 [115/30] via fe80::c800:dff:febc:70, em1, 01:46:58 I>* 2001:db8:678:1::/64 [115/20] via fe80::c801:dff:febc:8, em1, 00:19:32 I>* 2001:db8:678:2::/64 [115/20] via fe80::c801:dff:febc:8, em1, 00:19:32 I>* 2001:db8:678:3::/64 [115/20] via fe80::c801:dff:febc:8, em1, 00:19:32 I>* 2001:db8:678:17::/64 [115/20] via fe80::c800:dff:febc:70, em1, 01:46:58 I>* 2001:db8:678:22::/64 [115/20] via fe80::c800:dff:febc:70, em1, 01:46:58 I>* 2001:db8:678:33::/64 [115/30] via fe80::c801:dff:febc:8, em1, 00:19:32 I>* 2001:db8:678:9000::1/128 [115/10] via fe80::c801:dff:febc:8, em1, 00:19:32 I>* 2001:db8:678:9003::3/128 [115/20] via fe80::c801:dff:febc:8, em1, 00:19:32 I>* 2001:db8:678:9004::4/128 [115/10] via fe80::c800:dff:febc:70, em1, 01:46:58 I>* 2001:db8:678:9005::5/128 [115/20] via fe80::c801:dff:febc:8, em1, 00:19:32 I>* 2001:db8:678:a000::/64 [115/20] via fe80::c800:dff:febc:70, em1, 01:46:58 I>* 2001:db8:678:a001::/64 [115/30] via fe80::c800:dff:febc:70, em1, 01:46:58 © Fred Bovy EIRL. IPv6 For Life. Page 162
  • 25.Verifying the Routing is OK. Sunday, March 30, 2014 I>* 2001:db8:678:b000::1/128 [115/20] via fe80::c800:dff:febc:70, em1, 01:46:58 I>* 2001:db8:678:c000::6/128 [115/20] via fe80::c801:dff:febc:8, em1, 00:19:32 I>* 2001:db8:678:d004::/64 [115/20] via fe80::c801:dff:febc:8, em1, 00:19:32 I>* 2001:db8:678:d005::/64 [115/30] via fe80::c801:dff:febc:8, em1, 00:19:32 I>* 2001:db8:678:d101::/64 [115/20] via fe80::c801:dff:febc:8, em1, 00:19:32 zebra#  zebra# show ipv6 route bgp  Codes: K ­ kernel route, C ­ connected, S ­ static, R ­ RIPng,        O ­ OSPFv6, I ­ IS­IS, B ­ BGP, A ­ Babel,        > ­ selected route, * ­ FIB route B>* 2001:db8:abc0::/48 [200/0] via 2001:db8:678:b000::1 (recursive via  fe80::c800:dff:febc:70), em1, 00:54:31 B>* 2001:db8:abc1::/48 [200/0] via 2001:db8:678:b000::1 (recursive via  fe80::c800:dff:febc:70), em1, 00:54:31 B>* 2001:db8:abc2::/48 [200/0] via 2001:db8:678:b000::1 (recursive via  fe80::c800:dff:febc:70), em1, 00:54:31 B>* 2001:db8:abc3::/48 [200/0] via 2001:db8:678:b000::1 (recursive via  fe80::c800:dff:febc:70), em1, 00:54:31 B>* 2001:db8:abc4::/48 [200/0] via 2001:db8:678:b000::1 (recursive via  fe80::c800:dff:febc:70), em1, 00:54:31 B>* 2001:db8:abc5::/48 [200/0] via 2001:db8:678:b000::1 (recursive via  fe80::c800:dff:febc:70), em1, 00:54:31 B>* 2001:db8:abc6::/48 [200/0] via 2001:db8:678:b000::1 (recursive via  fe80::c800:dff:febc:70), em1, 00:54:31 B>* 2001:db8:abc7::/48 [200/0] via 2001:db8:678:b000::1 (recursive via  fe80::c800:dff:febc:70), em1, 00:54:31 B>* 2001:db8:abc8::/48 [200/0] via 2001:db8:678:b000::1 (recursive via  fe80::c800:dff:febc:70), em1, 00:54:31 B>* 2001:db8:abc9::/48 [200/0] via 2001:db8:678:b000::1 (recursive via  fe80::c800:dff:febc:70), em1, 00:54:31 B>* 2001:db8:abca::/48 [200/0] via 2001:db8:678:b000::1 (recursive via  fe80::c800:dff:febc:70), em1, 00:54:31 zebra#  rom any Core router that IS-IS and BGP routing is OK: On Quagga we check the Routing table from Zebra daemon. But we can check that everything is OK from a Core Router as BGP sessions need IS-IS routes to establish. So let's verify BGP: R3#show bgp ipv6 unicast  BGP table version is 177, local router ID is 10.0.0.3 Status codes: s suppressed, d damped, h history, * valid, > best, i ­ internal,               r RIB­failure, S Stale Origin codes: i ­ IGP, e ­ EGP, ? ­ incomplete    Network          Next Hop            Metric LocPrf Weight Path * i2001:DB8:ABC0::/48                     2001:DB8:678:B000::1                                              0    150      0 65000 ? *>i                 2001:DB8:678:B000::1                                              0    150      0 65000 ? * i2001:DB8:ABC1::/48                     2001:DB8:678:B000::1                                              0    150      0 65000 ? *>i                 2001:DB8:678:B000::1                                              0    150      0 65000 ? * i2001:DB8:ABC2::/48                     2001:DB8:678:B000::1 © Fred Bovy EIRL. IPv6 For Life. Page 163
  • 25.Verifying the Routing is OK. Sunday, March 30, 2014                                              0    150      0 65000 ? *>i                 2001:DB8:678:B000::1                                              0    150      0 65000 ? * i2001:DB8:ABC3::/48                     2001:DB8:678:B000::1 [BREAK]      R3#show bgp ipv6 unicast  2001:DB8:ABC0::/48 BGP routing table entry for 2001:DB8:ABC0::/48, version 177 Paths: (2 available, best #2, table Default)   Not advertised to any peer   65000     2001:DB8:678:B000::1 (metric 10) from 10.0.0.200 (10.0.0.200)       Origin incomplete, metric 0, localpref 150, valid, internal       Originator: 10.0.0.7, Cluster list: 10.0.0.200   65000     2001:DB8:678:B000::1 (metric 10) from 10.0.0.5 (10.0.0.5)       Origin incomplete, metric 0, localpref 150, valid, internal, best       Originator: 10.0.0.7, Cluster list: 10.0.0.5 The Quagga So now a Router learns the BGP path from 2 Route Reflectors and we have some resiliency in our Network. No problem if we need to shutdown a RR for maintenance. We can check that IS-IS is properly running on Quagga and the stability of the Quagga router, check IS-IS flaps for instance. $ telnet localhost 2608 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Hello, this is Quagga (version 0.99.22.3). Copyright 1996­2005 Kunihiro Ishiguro, et al. User Access Verification Password:  Password: isisd# show isis neighbor  Area DEAD:   System Id           Interface   L  State        Holdtime SNPA   R4                  em1         2  Up           26       ca00.0dbc.0070   R1                  em1         2  Up           10       ca01.0dbc.0008 isisd# show isis neighbor detail  Area DEAD:   R4                       Interface: em1, Level: 2, State: Up, Expires in 21s     Adjacency flaps: 1, Last: 1h33m3s ago     Circuit type: L1L2, Speaks: IPv4, IPv6     SNPA: ca00.0dbc.0070, LAN id: R1.01     LAN Priority: 64, is not DIS, DIS flaps: 3, Last: 5m37s ago     Area Address(es):       39.b000       39.d000     IPv4 Address(es): © Fred Bovy EIRL. IPv6 For Life. Page 164
  • 25.Verifying the Routing is OK. Sunday, March 30, 2014       10.201.0.4     IPv6 Address(es):       fe80::c800:dff:febc:70   R1                       Interface: em1, Level: 2, State: Up, Expires in 8s     Adjacency flaps: 1, Last: 5m39s ago     Circuit type: L1L2, Speaks: IPv4, IPv6     SNPA: ca01.0dbc.0008, LAN id: R1.01     LAN Priority: 64, is DIS, DIS flaps: 1, Last: 5m37s ago     Area Address(es):       39.b000       39.c000     IPv4 Address(es):       10.201.0.1     IPv6 Address(es):       fe80::c801:dff:febc:8 LOOKS GOOD ! If you have got 2 Quagga PCs running IS­IS and BGP, you can check the second  Quagga © Fred Bovy EIRL. IPv6 For Life. Page 165
  • 26.pfSense. Sunday, March 30, 2014 26. pfSense I installed a pfSense box in a VM which makes a Gateway beetween the Internet and my Virtual Lab. Very interesting but no real support for IPv6 by now! Just hope that next versioin will have it! A great IPv4 Firewall but limited support for IPv6! Questions ? fred@fredbovy.com Mobile +33614461069  Mobile +33781209749 Office +33972409194 © Fred Bovy EIRL. IPv6 For Life. Page 166
  • 27.Final Configurations. Sunday, March 30, 2014 27. Final Configurations 27.1 The Core Level-1-2 Routers R1 hostname R1 ! ip cef ipv6 unicast­routing ipv6 cef !interface Loopback0  ip address 10.0.0.1 255.255.255.255  ipv6 address 2001:DB8:678:9000::1/128 ! interface GigabitEthernet0/0  no ip address  duplex full  speed 1000  media­type gbic  negotiation auto © Fred Bovy EIRL. IPv6 For Life. Page 167 Drawing 1: Last Setup
  • 27.Final Configurations. Sunday, March 30, 2014  isis network point­to­point  ! interface GigabitEthernet0/0.1  encapsulation dot1Q 1 native  ip address 10.201.0.1 255.255.255.0  ip router isis fred  ipv6 address 2001:DB8:678:FFFF::1/64  ipv6 router isis fred  glbp 1 ip 10.201.0.222  glbp 2 ipv6 autoconfig ! interface GigabitEthernet1/0  ip address 10.0.1.1 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:1::1/64  ipv6 router isis fred  isis circuit­type level­2­only  isis network point­to­point  ! interface GigabitEthernet2/0  ip address 10.0.1.9 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:3::1/64  ipv6 router isis fred  isis network point­to­point  ! interface GigabitEthernet3/0  ip address 10.0.1.5 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:2::1/64  ipv6 router isis fred  isis circuit­type level­2­only  isis network point­to­point  ! interface GigabitEthernet4/0  ip address 10.2.0.1 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:D004::7/64  ipv6 router isis fred  isis network point­to­point  !          !          router isis fred  net 39.b000.0000.0000.0001.00  net 39.c000.0000.0000.0001.00  metric­style wide © Fred Bovy EIRL. IPv6 For Life. Page 168
  • 27.Final Configurations. Sunday, March 30, 2014  redistribute isis ip level­2 into level­1 route­map leak  passive­interface Loopback0 ! router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 password 1 secret  neighbor 10.0.0.5 update­source Loopback0  neighbor 10.0.0.200 remote­as 100  neighbor 10.0.0.200 update­source Loopback0  neighbor 10.0.0.201 remote­as 100  neighbor 10.0.0.201 update­source Loopback0  !  address­family ipv4   neighbor 10.0.0.5 activate   neighbor 10.0.0.200 activate   neighbor 10.0.0.201 activate   no auto­summary   no synchronization  exit­address­family  !          address­family ipv6   neighbor 10.0.0.5 activate   neighbor 10.0.0.200 activate   neighbor 10.0.0.201 activate  exit­address­family !          access­list 1 permit 10.0.0.0 0.0.0.255 route­map leak permit 10   match ip address 1 R3 hostname R3 ! ip cef ipv6 unicast­routing ipv6 cef ! interface Loopback0  ip address 10.0.0.3 255.255.255.255  ipv6 address 2001:DB8:678:9003::3/128 ! interface GigabitEthernet0/0  ip address 10.1.0.6 255.255.255.252  ip router isis fred  duplex full  speed 1000  media­type gbic  negotiation auto  ipv6 address 2001:DB8:678:3::3/64  ipv6 router isis fred © Fred Bovy EIRL. IPv6 For Life. Page 169
  • 27.Final Configurations. Sunday, March 30, 2014  isis network point­to­point  ! interface GigabitEthernet1/0  ip address 10.0.1.18 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:17::3/64  ipv6 enable  ipv6 router isis fred  isis network point­to­point  ! interface GigabitEthernet2/0  ip address 10.0.1.21 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:33::3/64  ipv6 enable  ipv6 router isis fred  isis circuit­type level­2­only  isis network point­to­point  ! interface GigabitEthernet3/0  ip address 10.0.1.6 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:2::3/64  ipv6 enable  ipv6 router isis fred  isis circuit­type level­2­only  isis network point­to­point  ! router isis fred  net 39.b000.0000.0000.0003.00  net 39.d000.0000.0000.0003.00  metric­style wide  redistribute isis ip level­2 into level­1 route­map leak  passive­interface Loopback0 ! router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 password 1 secret  neighbor 10.0.0.5 update­source Loopback0  neighbor 10.0.0.200 remote­as 100  neighbor 10.0.0.200 update­source Loopback0  neighbor 10.0.0.201 remote­as 100  neighbor 10.0.0.201 update­source Loopback0  !  address­family ipv4   neighbor 10.0.0.5 activate   neighbor 10.0.0.200 activate   neighbor 10.0.0.201 activate   no auto­summary   no synchronization  exit­address­family  !          address­family ipv6   neighbor 10.0.0.5 activate   neighbor 10.0.0.200 activate © Fred Bovy EIRL. IPv6 For Life. Page 170
  • 27.Final Configurations. Sunday, March 30, 2014   neighbor 10.0.0.201 activate  exit­address­family !          !          !          access­list 1 permit 10.0.0.0 0.0.0.255 !         route­map leak permit 10  match ip address 1 R4 hostname R4 ! ip cef ipv6 unicast­routing ipv6 cef interface Loopback0  ip address 10.0.0.4 255.255.255.255  ipv6 address 2001:DB8:678:9004::4/128 ! interface GigabitEthernet0/0  ip address 10.0.1.2 255.255.255.252  ip router isis fred  duplex full  speed 1000  media­type gbic  negotiation auto  ipv6 address 2001:DB8:678:1::4/64  ipv6 router isis fred  isis circuit­type level­2­only  isis network point­to­point  !          interface GigabitEthernet1/0  ip address 10.0.1.17 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:17::4/64  ipv6 router isis fred  isis network point­to­point  !          interface GigabitEthernet2/0  ip address 10.0.1.13 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:22::3/64  ipv6 router isis fred  isis circuit­type level­2­only  isis network point­to­point  !          interface GigabitEthernet3/0  ip address 10.1.0.1 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:A000::1/64  ipv6 router isis fred  isis network point­to­point  !          interface GigabitEthernet4/0 © Fred Bovy EIRL. IPv6 For Life. Page 171
  • 27.Final Configurations. Sunday, March 30, 2014  no ip address  negotiation auto !          interface GigabitEthernet4/0.1  encapsulation dot1Q 1 native  ip address 10.201.0.4 255.255.255.0  ip router isis fred  ipv6 address 2001:DB8:678:FFFF::4/64  ipv6 router isis fred  glbp 1 ip 10.201.0.222  glbp 2 ipv6 autoconfig ! router isis fred  net 39.b000.0000.0000.0003.00  net 39.d000.0000.0000.0003.00  metric­style wide  redistribute isis ip level­2 into level­1 route­map leak  passive­interface Loopback0 ! router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 password 1 secret  neighbor 10.0.0.5 update­source Loopback0  neighbor 10.0.0.200 remote­as 100  neighbor 10.0.0.200 update­source Loopback0  neighbor 10.0.0.201 remote­as 100  neighbor 10.0.0.201 update­source Loopback0  !  address­family ipv4   neighbor 10.0.0.5 activate   neighbor 10.0.0.200 activate   neighbor 10.0.0.201 activate   no auto­summary   no synchronization  exit­address­family  !          address­family ipv6   neighbor 10.0.0.5 activate   neighbor 10.0.0.200 activate   neighbor 10.0.0.201 activate  exit­address­family ! access­list 1 permit 10.0.0.0 0.0.0.255 ! route­map leak permit 10  match ip address 1 ! R5 hostname R5 ! boot­start­marker boot­end­marker ! logging message­counter syslog ! no aaa new­model © Fred Bovy EIRL. IPv6 For Life. Page 172
  • 27.Final Configurations. Sunday, March 30, 2014 ip source­route ip cef ipv6 unicast­routing ipv6 cef ! ! interface Loopback0  ip address 10.0.0.5 255.255.255.255  ipv6 address 2001:DB8:678:9005::5/128 ! ! interface GigabitEthernet0/0  ip address 10.0.1.22 255.255.255.252  duplex full  speed 1000  media­type gbic  negotiation auto  ipv6 address 2001:DB8:678:33::5/64  ipv6 ospf 1 area 0 !          interface GigabitEthernet1/0  ip address 10.0.1.10 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:3::5/64  ipv6 router isis fred  ipv6 ospf 1 area 0  isis network point­to­point  ! interface GigabitEthernet2/0  ip address 10.0.1.14 255.255.255.252  ip router isis fred  shutdown  negotiation auto  ipv6 address 2001:DB8:678:22::5/64  ipv6 router isis fred  ipv6 ospf 1 area 0  isis circuit­type level­2­only  isis network point­to­point  ! interface GigabitEthernet3/0  ip address 10.0.1.22 255.255.255.252  ip router isis fred  shutdown   negotiation auto  ipv6 address 2001:DB8:678:33::5/64  ipv6 router isis fred  isis circuit­type level­2­only  isis network point­to­point  ! interface GigabitEthernet4/0  ip address 10.2.0.5 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:D005::5/64  ipv6 router isis fred  ipv6 ospf 1 area 2  isis network point­to­point  ! © Fred Bovy EIRL. IPv6 For Life. Page 173
  • 27.Final Configurations. Sunday, March 30, 2014 router isis fred  net 39.b000.0000.0000.0005.00  net 39.c000.0000.0000.0005.00  metric­style wide  redistribute isis ip level­2 into level­1 route­map leak  passive­interface Loopback0 ! router bgp 100  bgp log­neighbor­changes  neighbor fred peer­group  neighbor fred remote­as 100  neighbor fred description all clients  neighbor fred password 1 secret  neighbor fred update­source Loopback0  neighbor 10.0.0.1 peer­group fred  neighbor 10.0.0.3 peer­group fred  neighbor 10.0.0.4 peer­group fred  neighbor 10.0.0.6 peer­group fred  neighbor 10.0.0.7 peer­group fred  neighbor 10.0.0.200 remote­as 100  neighbor 10.0.0.200 update­source Loopback0  neighbor 10.0.0.201 remote­as 100  neighbor 10.0.0.201 update­source Loopback0  !  address­family ipv4   neighbor fred route­reflector­client   neighbor fred maximum­prefix 5000 warning­only   neighbor 10.0.0.1 activate   neighbor 10.0.0.3 activate   neighbor 10.0.0.4 activate   neighbor 10.0.0.6 activate   neighbor 10.0.0.7 activate   neighbor 10.0.0.200 activate   neighbor 10.0.0.201 activate   no auto­summary   no synchronization  exit­address­family  !  address­family ipv6   neighbor fred route­reflector­client   neighbor fred maximum­prefix 5000 warning­only   neighbor 10.0.0.1 activate   neighbor 10.0.0.3 activate   neighbor 10.0.0.4 activate   neighbor 10.0.0.6 activate   neighbor 10.0.0.7 activate   neighbor 10.0.0.200 activate   neighbor 10.0.0.201 activate   no synchronization   maximum­paths 2  exit­address­family !              access­list 1 permit 10.0.0.0 0.0.0.255 ipv6 router ospf 1  log­adjacency­changes ! route­map leak permit 10  match ip address 1 !           © Fred Bovy EIRL. IPv6 For Life. Page 174
  • 27.Final Configurations. Sunday, March 30, 2014          26.2 The Customer Edge Level-1 Routers R6 ! hostname R6 ip cef ! ipv6 unicast­routing ipv6 cef ! interface Loopback0  ip address 10.0.0.6 255.255.255.255  ipv6 address 2001:DB8:678:C000::6/128 !        interface GigabitEthernet1/0  ip address 10.2.0.2 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:D004::6/64  ipv6 router isis fred  isis network point­to­point  !          interface GigabitEthernet2/0  ip address 10.2.0.6 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:D005::6/64  ipv6 router isis fred  isis network point­to­point  !          interface GigabitEthernet3/0  ip address 172.16.1.1 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:5A:F6::6/64  ipv6 router isis fred  isis network point­to­point   isis csnp­interval 10   ! interface GigabitEthernet4/0.1  encapsulation dot1Q 1 native  ip address 172.16.6.1 255.255.255.0  ipv6 address 2001:DB8:678:D101::6/64 ! router isis fred  net 39.c000.0000.0000.0006.00 © Fred Bovy EIRL. IPv6 For Life. Page 175
  • 27.Final Configurations. Sunday, March 30, 2014  is­type level­1  metric­style wide  passive­interface GigabitEthernet4/0.1  passive­interface Loopback0 !          router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 password 1 secret  neighbor 10.0.0.5 update­source Loopback0  neighbor 10.0.0.200 remote­as 100  neighbor 10.0.0.200 update­source Loopback0  neighbor 10.0.0.201 remote­as 100  neighbor 10.0.0.201 update­source Loopback0  neighbor 2001:DB8:5A:F6::8 remote­as 64000  neighbor 172.16.1.2 remote­as 64000  !  address­family ipv4   neighbor 10.0.0.5 activate   neighbor 10.0.0.5 next­hop­self   neighbor 10.0.0.200 activate   neighbor 10.0.0.200 next­hop­self   neighbor 10.0.0.201 activate   no neighbor 2001:DB8:5A:F6::8 activate   neighbor 172.16.1.2 activate   no auto­summary   no synchronization  exit­address­family  !  address­family ipv6   neighbor 10.0.0.5 activate   neighbor 10.0.0.5 route­map fred out   neighbor 10.0.0.200 activate   neighbor 10.0.0.200 route­map fred out   neighbor 10.0.0.201 activate   neighbor 2001:DB8:5A:F6::8 activate   no synchronization   maximum­paths 2  exit­address­family !          route­map fred permit 10  set ipv6 next­hop 2001:DB8:678:C000::6 !          R7 hostname R7 ! ip cef ! © Fred Bovy EIRL. IPv6 For Life. Page 176
  • 27.Final Configurations. Sunday, March 30, 2014 ipv6 unicast­routing ipv6 cef ! interface Loopback0  ip address 10.0.0.7 255.255.255.255  ipv6 address 2001:DB8:678:B000::1/128 ! interface GigabitEthernet0/0  ip address 10.1.0.2 255.255.255.252  ip router isis fred  duplex full  speed 1000  media­type gbic  negotiation auto  ipv6 address 2001:DB8:678:A000::7/64  ipv6 router isis fred  isis network point­to­point  ! interface GigabitEthernet1/0  ip address 10.1.0.5 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address 2001:DB8:678:A001::7/64  ipv6 router isis fred  isis network point­to­point  ! interface GigabitEthernet3/0  ip address 172.16.1.5 255.255.255.252  ip router isis fred  negotiation auto  ipv6 address FE80::7 link­local  ipv6 address 2001:DB8:5A:F7::6/64  ipv6 router isis fred  isis network point­to­point   isis csnp­interval 10 !          router isis fred  net 39.d000.0000.0000.0007.00  is­type level­1  metric­style wide  passive­interface Loopback0 ! router bgp 100  bgp log­neighbor­changes  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 password 1 secret  neighbor 10.0.0.5 update­source Loopback0  neighbor 10.0.0.200 remote­as 100  neighbor 10.0.0.200 update­source Loopback0  neighbor 10.0.0.201 remote­as 100 © Fred Bovy EIRL. IPv6 For Life. Page 177
  • 27.Final Configurations. Sunday, March 30, 2014  neighbor 10.0.0.201 update­source Loopback0  neighbor 172.16.1.6 remote­as 65000  neighbor FE80::9%GigabitEthernet3/0 remote­as 65000  !  address­family ipv4   neighbor 10.0.0.5 activate   neighbor 10.0.0.5 next­hop­self   neighbor 10.0.0.200 activate   neighbor 10.0.0.200 next­hop­self   neighbor 10.0.0.201 activate   neighbor 172.16.1.6 activate   neighbor 172.16.1.6 route­map setloc in   no neighbor FE80::9%GigabitEthernet3/0 activate   no auto­summary   no synchronization  exit­address­family  !  address­family ipv6   neighbor 10.0.0.5 activate   neighbor 10.0.0.5 route­map fred out   neighbor 10.0.0.200 activate   neighbor 10.0.0.200 route­map setloc in   neighbor 10.0.0.200 route­map fred out   neighbor 10.0.0.201 activate   neighbor 10.0.0.201 route­map setloc in   neighbor 10.0.0.201 route­map fred out   neighbor FE80::9%GigabitEthernet3/0 activate   neighbor FE80::9%GigabitEthernet3/0 route­map setloc in  exit­address­family !              route­map setloc permit 10  set local­preference 150 !          route­map fred permit 10  set ipv6 next­hop 2001:DB8:678:B000::1 !          No change on ISP R8 and R9 see previous configurations 26.3 Quagga Configurations Quagga1 configuration files from /usr/local/etc/quagga/ Zebra config From /usr/local/etc/quagga/zebra.conf interface em1  ipv6 address 2001:db8:678:ffff::200/64 © Fred Bovy EIRL. IPv6 For Life. Page 178
  • 27.Final Configurations. Sunday, March 30, 2014  ip address 10.201.0.101/24  ipv6 nd suppress­ra ! interface lo0  ip address 10.0.0.200/32 ISIS config From /usr/local/etc/quagga/isisd.conf ! hostname isisd password cisco enable password cisco log stdout ! interface em0 ! interface em1  ip router isis DEAD  ipv6 router isis DEAD  isis circuit­type level­2­only ! interface lo0  ip router isis DEAD  isis passive  ipv6 router isis DEAD  isis circuit­type level­2­only ! interface usbus0 ! ! router isis DEAD  net 39.b000.0000.0000.0201.00  metric­style wide  is­type level­2­only BGP Config From /usr/local/etc/quagga/bgpd.conf ! hostname bgpd password cisco log stdout ! router bgp 100  bgp router­id 10.0.0.201  neighbor 10.0.0.1 remote­as 100  neighbor 10.0.0.1 route­reflector­client © Fred Bovy EIRL. IPv6 For Life. Page 179
  • 27.Final Configurations. Sunday, March 30, 2014  neighbor 10.0.0.3 remote­as 100  neighbor 10.0.0.3 route­reflector­client  neighbor 10.0.0.4 remote­as 100  neighbor 10.0.0.4 route­reflector­client  neighbor 10.0.0.5 remote­as 100  neighbor 10.0.0.5 route­reflector­client  neighbor 10.0.0.6 remote­as 100  neighbor 10.0.0.6 route­reflector­client  neighbor 10.0.0.7 remote­as 100  neighbor 10.0.0.7 route­reflector­client !  address­family ipv6  neighbor 10.0.0.1 activate  neighbor 10.0.0.1 route­reflector­client  neighbor 10.0.0.3 activate  neighbor 10.0.0.3 route­reflector­client  neighbor 10.0.0.4 activate  neighbor 10.0.0.4 route­reflector­client  neighbor 10.0.0.5 activate  neighbor 10.0.0.5 route­reflector­client  neighbor 10.0.0.6 activate  neighbor 10.0.0.6 route­reflector­client  neighbor 10.0.0.7 activate  neighbor 10.0.0.7 route­reflector­client  exit­address­family Quagga2 configuration files from /usr/local/etc/quagga/ Zebra Configuration from /usr/local/etc/quagga/zebra.conf $ telnet localhost 2601 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Hello, this is Quagga (version 0.99.22.3). Copyright 1996­2005 Kunihiro Ishiguro, et al. User Access Verification Password:  quagga2> en Password:  quagga2# sh run Current configuration: © Fred Bovy EIRL. IPv6 For Life. Page 180
  • 27.Final Configurations. Sunday, March 30, 2014 ! hostname quagga2 password cisco enable password cisco ! interface em0  ipv6 nd suppress­ra ! interface em1  ip address 10.201.0.102/24  ipv6 address 2001:db8:678:ffff::202/64  ipv6 nd suppress­ra ! interface lo0  ip address 10.0.0.201/32 ! interface usbus0  ipv6 nd suppress­ra ! ip forwarding ! ! line vty ! end quagga2# wr Configuration saved to /usr/local/etc/quagga/zebra.conf quagga2#  ISIS Config from /usr/local/etc/quagga/isisd.conf interface em1  ip router isis DEAD  ipv6 router isis DEAD  isis circuit­type level­2­only ! interface lo0  ip router isis DEAD  isis passive  ipv6 router isis DEAD  isis circuit­type level­2­only ! interface usbus0 ! ! router isis DEAD  net 39.b000.0000.0000.0202.00  metric­style wide  is­type level­2­only © Fred Bovy EIRL. IPv6 For Life. Page 181
  • 27.Final Configurations. Sunday, March 30, 2014 ! BGP Config from /usr/local/etc/quagga/bgpd.conf router bgp 100  bgp router­id 10.0.0.202  neighbor fred peer­group  neighbor fred remote­as 100  neighbor fred6 peer­group  neighbor 10.0.0.1 peer­group fred  neighbor 10.0.0.3 peer­group fred  neighbor 10.0.0.4 peer­group fred  neighbor 10.0.0.5 peer­group fred  neighbor 10.0.0.6 peer­group fred  neighbor 10.0.0.7 peer­group fred  neighbor 10.0.0.200 peer­group fred !  address­family ipv6  neighbor fred activate  neighbor 10.0.0.1 activate  neighbor 10.0.0.3 activate  neighbor 10.0.0.5 activate  neighbor 10.0.0.6 activate  neighbor 10.0.0.7 activate  neighbor 10.0.0.200 activate  exit­address­family ! © Fred Bovy EIRL. IPv6 For Life. Page 182