[c-nsp] IOS IPv6 CEF adjacencies on 12xxx

Tue Dec 9 13:15:49 EST 2008

Can anybody here give me a pointer to how these work?

I've the following setup:

      WAN
[  ]---------[  ] 
[RA]         [RB]
[  ]---------[  ]

RA is 12410 with E5 facing LAN and E2 (4 port POS card) facing WAN (12.0(32)SY4) 
RB is 12012 with E2 facing LAN and E2 (4 port POS card) facing WAN (12.0(32)S5)

both POS links are bundled so the only way for these hosts to communicate
over the bundle is ipv6ip like such:

interface Tunnel0
 description ipv6ip to rb
 no ip address
 no ip directed-broadcast
 ipv6 address 2001:db8::1/126
 ipv6 enable
 tunnel source 1.1.1.1
 tunnel destination 1.1.1.2
 tunnel mode ipv6ip
end

(IPv6 over GRE is not an option as RB would require a tunnel card)

now, the interesting thing, is that one in every three ICMP packets sent from the LAN of RA 
(E5) to the LAN of RB cause an ICMPv6 "destination unreachable" message to be sent back 
to the host from the LAN interface of RA, like such:

wkst-q5$ ping6 2001:db8:b::1
PING 2001:db8:b::1(2001:db8:b::1) 56 data bytes
64 bytes from 2001:db8:b::1: icmp_seq=1 ttl=59 time=101 ms
>From 2001:db8:a::1 icmp_seq=2 Destination unreachable: No route
>From 2001:db8:a::1 icmp_seq=3 Destination unreachable: No route
64 bytes from 2001:db8:b::1: icmp_seq=4 ttl=59 time=42.4 ms
>From 2001:db8:a::1 icmp_seq=5 Destination unreachable: No route
>From 2001:db8:a::1 icmp_seq=6 Destination unreachable: No route
64 bytes from 2001:db8:b::1: icmp_seq=7 ttl=59 time=28.6 ms

where 2001:db8:a::1  in this case is the E5 LAN facing card on RA.

Both tunnel interfaces seem to have autogenerated link local addresses:

ra#sh ipv6 int tun0
Tunnel0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::C316:9EE 
  Description: ipv6ip to ra
  Global unicast address(es):
    2001:DB8::1, subnet is 2001:DB8::/126 
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::1:FF00:2
    FF02::1:FF16:9EE
  MTU is 1480 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds
  Hosts use stateless autoconfig for addresses.

rb#sh ipv6 int tun0
Tunnel0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::C316:9ED 
  Description: ipv6ip to ra
  Global unicast address(es):
    2001:DB8::2, subnet is 2001:DB8::/126 
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::1:FF00:2
    FF02::1:FF16:9ED
  MTU is 1480 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds
  Hosts use stateless autoconfig for addresses.

Yet neither of course have an Ipv6 neighborship (not required I would imagine?)

ra#sh ipv6 neighbors tun0
IPv6 Address                              Age Link-layer Addr State Interface

rb#sh ipv6 neighbors tun0
IPv6 Address                              Age Link-layer Addr State Interface

Also, from the perspective of CEF, all seems to be ok on the surface:

ra#sh ipv6 cef tun0                     
2001:DB8:B::/48
     nexthop FE80::C316:9ED Tunnel0 
2001:DB8:1::/126
     attached to Tunnel0 

rb#sh ipv6 cef tun0                     
2001:DB8:A::/48
     nexthop FE80::C316:9ED Tunnel0 
2001:DB8:1::/126
     attached to Tunnel0 

ra#sh ipv6 cef exact-route 2001:db8:a::1 2001:db8:b::1
 2001:DB8:A::1     -> 2001:DB8:B::1 interface Tunnel0

rb#sh ipv6 cef exact-route 2001:db8:b::1 2001:db8:a::1
 2001:DB8:B::1     -> 2001:DB8:A::1 interface Tunnel0

**BUT**

if you dig deeper, you find that this isn't the case at all:

ra#execute-on slot <LANCARD> sh ipv6 cef exact-route 2001:db8:a::1 2001:db8:b::1
 2001:DB8:A::1     -> 2001:DB8:B::1 interface Tunnel0
 Adjacency is incomplete so not cef switched

ra#execute-on slot <WANCARD> sh ipv6 cef exact-route 2001:db8:a::1 2001:db8:b::1
 2001:DB8:A::1     -> 2001:DB8:B::1 interface Tunnel0
 Adjacency is incomplete so not cef switched

but this message does not appear on rb

So, it looks like the lack of adjacency is the cause, 
before I go open a TAC case (and get told to clear dCEF tables/
reboot linecards) , is there anything non-invasive I could try to debug/resolve this?

Thanks in advance. 

------------------------------------------------
David Freedman
Group Network Engineering 
Claranet Limited
http://www.clara.net