[c-nsp] igp / ebgp problem ipv6

Paul Stewart paul at paulstewart.org
Sat Sep 13 15:12:28 EDT 2008 

Thank you very much Bernhard.... the lack of "always" was it... damn, should
have it know from Ipv4..;)

Works perfect now, have a linux box up on IPv6 and looks good..

[paul at netops ~]$ traceroute6 www.he.net
traceroute to www.he.net (2001:470:0:76::2), 30 hops max, 40 byte packets
 1   (2607:f1f0:0:1::1)  0.945 ms  1.004 ms  1.093 ms
 2   (2607:f1f0::d)  2.183 ms  2.214 ms  2.242 ms
 3   (2607:f1f0::9)  4.497 ms  4.528 ms  4.604 ms
 4   (2607:f1f0::2)  4.534 ms  4.610 ms  4.639 ms
 5  2001:470:1f0d:89::1 (2001:470:1f0d:89::1)  32.940 ms  32.971 ms  33.056
ms
 6  v104.core1.ash1.he.net (2001:470:0:40::2)  32.414 ms  41.266 ms  31.780
ms
 7  10gigabitethernet1-4.core1.pao1.he.net (2001:470:0:35::1)  107.852 ms
107.872 ms  107.897 ms
 8  gige-g1-2.core1.fmt1.he.net (2001:470:0:2e::1)  107.188 ms  107.907 ms
107.956 ms
 9  he.net (2001:470:0:76::2)  106.569 ms  106.609 ms  106.754 ms

Best regards,

Paul


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Bernhard Schmidt
Sent: September 13, 2008 1:52 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] igp / ebgp problem ipv6

Paul Stewart <paul at paulstewart.org> wrote:

Hello Paul,

> We have our first IPv6 block advertising to the world (for quite a while
> now) and have started to actually route some small blocks of it internally
> via OSPF.  Our /32 is advertised via eBGP no problem and the world can see
> it..
>
> Internally, we have a series of /128 loopbacks, /126 point to points, and
a
> /64 block setup for some servers.  Obviously all small chunks of the /32
> assignment.
>
> My problem is that the world can reach our border routers but traffic will
> not route beyond the border.  Internally, we can route traffic no
problem..

My first guess would be that your inbound traffic is routed just fine,
but your internal routers have no route back. This looks like
blackholing in a traceroute from an external host.

Check both "sh ipv6 route <internalhost>" and "sh ipv6 route
<externalhost>" on all routers in the path, I guess the first one will
return a valid route on all your routers but the second one only on your
edge. You need to tell your internal routers how to get out of your
network. If you only have one edge router you can put a default route
into OSPF. You have "default-information originate" in there already,
this will only work if your edge router really has an exact ::/0 route
in his table. Check for that and add "default-information originate
always" if it doesn't.

Bernhard

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list