[c-nsp] ipv6 tunnels and static routes
Pierfrancesco Caci
p.caci at seabone.net
Thu Mar 31 08:49:48 EST 2005
Hello,
I've been banging my head all day with this problem.
Background: a 6PE network, static and connected routes are
redistributed into iBGP with a route-map which applies no-export and
does some sanity filtering.
I have a tunnel from a GSR towards a linux machine, and I've assigned
a /48 to the "customer" using a static route. These are the relevant
configurations
interface Tunnel1001
description tunnel IPv6 Test Pf
no ip address
no ip directed-broadcast
load-interval 30
ipv6 address 2001:41A8:600:2::5/126
tunnel source Loopback0
tunnel destination x.x.141.114
tunnel mode ipv6ip
end
On the linux machine we have:
auto seabone-decix
iface seabone-decix inet6 v4tunnel
address 2001:41A8:600:2::6
netmask 126
local x.x.141.114
endpoint 195.22.211.248
ttl 128
which yields:
seabone-decix: ipv6/ip remote 195.22.211.248 local x.x.141.114 ttl 128
51: seabone-decix at NONE: <POINTOPOINT,NOARP,UP> mtu 1480 qdisc noqueue
link/sit x.x.141.114 peer 195.22.211.248
inet6 2001:41a8:600:2::6/126 scope global
inet6 fe80::c0a8:206/128 scope link
default via 2001:41a8:600:2::5 dev seabone-decix proto zebra metric 1024 mtu 1480 advmss 1420
On the 12000 we get:
G12406A-FR_INT01#sh ipv6 route 2001:41a8:604::
IPv6 Routing Table - 334 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
S 2001:41A8:604::/48 [1/0]
via 2001:41A8:600:2::6, Tunnel1001, 00:16:12
G12406A-FR_INT01#sh bgp ipv6 2001:41A8:604::/48
BGP routing table entry for 2001:41A8:604::/48, version 159784
Paths: (1 available, best #1, table Global-IPv6-Table, not advertised to EBGP peer)
Advertised to update-groups:
1
Local
2001:41A8:600:2::6 from 0.0.0.0 (195.22.211.248)
Origin incomplete, metric 0, localpref 100, weight 32768, valid, sourced, best
Community: no-export
On another router of the net we can see:
R_7206A-MI_MM_19#sh ipv6 route 2001:41A8:604::1
IPv6 Routing Table - 336 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
B 2001:41A8:604::/48 [200/0]
via ::FFFF:195.22.211.248, IPv6-mpls
R_7206A-MI_MM_19#sh bgp ipv6 2001:41A8:604::/48
BGP routing table entry for 2001:41A8:604::/48, version 327808
Paths: (2 available, best #2, table Global-IPv6-Table, not advertised to EBGP peer)
Not advertised to any peer
Local
::FFFF:195.22.211.248 (metric 121) from 195.22.208.252 (195.22.208.252)
Origin incomplete, metric 0, localpref 100, valid, internal
Community: 6762:92 no-export
Originator: 195.22.211.248, Cluster list: 0.0.0.1, 0.0.0.4
Local
::FFFF:195.22.211.248 (metric 121) from 195.22.208.225 (195.22.208.225)
Origin incomplete, metric 0, localpref 100, valid, internal, best
Community: 6762:92 no-export
Originator: 195.22.211.248, Cluster list: 0.0.0.1, 0.0.0.4
Pings and traceroutes done on the GSR where the tunnel is defined work properly:
G12406A-FR_INT01#ping 2001:41A8:604::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:41A8:604::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 260/289/316 ms
G12406A-FR_INT01#trace 2001:41A8:604::1
Type escape sequence to abort.
Tracing the route to 2001:41A8:604::1
1 2001:41A8:600:2::6 268 msec 280 msec 280 msec
2 2001:41A8:604::1 280 msec 320 msec 248 msec
...while from another router:
R_7206A-MI_MM_19#ping 2001:41A8:604::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:41A8:604::1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R_7206A-MI_MM_19#trace 2001:41A8:604::1
Type escape sequence to abort.
Tracing the route to 2001:41A8:604::1
1 2001:41A8:600::1E 12 msec 8 msec 12 msec
2 * * *
The last responding hop is the loopback of the GSR.
Tag-switching infos on the 12000:
G12406A-FR_INT01#sh ipv6 cef tunnel 1001
2001:41A8:600:2::4/126
attached to Tunnel1001
tag information
local tag: aggregate(902)
2001:41A8:604::/48
nexthop 2001:41A8:600:2::6 Tunnel1001
tag information
local tag: dynamic(915)
G12406A-FR_INT01#sh bgp ipv6 tags
Network Next Hop In tag/Out tag
[....]
2001:41A8:600:2::4/126
:: 902/notag
2001:41A8:604::/48
2001:41A8:600:2::6
915/notag
[....]
on the other router:
R_7206A-MI_MM_19#sh bgp ipv6 tag
Network Next Hop In tag/Out tag
[....]
2001:41A8:600:2::4/126
::FFFF:195.22.211.248
notag/902
::FFFF:195.22.211.248
notag/902
2001:41A8:604::/48
::FFFF:195.22.211.248
notag/915
::FFFF:195.22.211.248
notag/915
[....]
so it seems that tags match properly
R_7206A-MI_MM_19#sh ipv6 cef 2001:41A8:604::/48
2001:41A8:604::/48
nexthop ::FFFF:195.22.211.248
fast tag rewrite with Fa0/0, 195.22.208.2, tags imposed: {440 915}
The GSR is running 12.0(26)S5, while the other router has 12.3(7)T6
I found a few bugs (looking for ipv6 and 12.0(26)) that could match,
but they seem to be resolved for 12.0(26)S5, unless I totally
misunderstood them.
One of those in particular, CSCdy84998, mentions route reflector
clients. The GSR in this context is a RRC of another router.
I have another similar setup on the abovementioned 7206 where the
static route is correctly working and is reachable from
outside. Comparing the iBGP informations for the 2 statics doesn't
give any hint, as they look the same.
Anyone that can help ?
Thanks
Pf
--
-------------------------------------------------------------------------------
Pierfrancesco Caci | Network & System Administrator - INOC-DBA: 6762*PFC
p.caci at seabone.net | Telecom Italia Sparkle - http://etabeta.noc.seabone.net/
Linux paperino 2.4.20 #1 Mon Dec 2 17:02:14 CET 2002 i686 GNU/Linux
More information about the cisco-nsp
mailing list