[c-nsp] 6rd on ASR1k
Ruslan Pustovoytov
rus-p at inbox.ru
Tue Nov 1 02:47:00 EDT 2011
No, I cannot.
But I verify that IPv4 packet with protocol 41 in payload successfully
reach ASR1k.
I create access-list 114 for this and attach it to interface on ASR1k
where packets come from the network.
interface Loopback10
description 6RD
ip address 192.88.98.127 255.255.255.255
!
interface Tunnel0
no ip address
no ip redirects
ipv6 address 2XXX:YYYY:206::1/128 anycast
tunnel source Loopback10
tunnel mode ipv6ip 6rd
tunnel 6rd ipv4 prefix-len 16
tunnel 6rd prefix 2XXX:YYYY:206::/48
!
interface GigabitEthernet0/0/1.531
encapsulation dot1Q 531
ip address XX.YY.255.210 255.255.255.252
ip access-group 114 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
ipv6 route 2XXX:YYYY:206::/48 Tunnel0
cod-gw01#show ip access-lists 114
Extended IP access list 114
10 permit 41 host AA.BB.140.250 any (4 matches)
20 permit ip any any (32 matches)
I ping IPv6 anycast address 2XXX:YYYY:206::1 from 6rd client and got 4
matches (default ping packet count), please see output above.
Debug ipv6 icmp show only node advetisment and node solicitation not for
my host.
Harold Ritter пишет:
> Can you at least ping the BR IPv6 Anycast address (2XXX:YYYY:206::/128)?
>
> Regards
>
>
> Le 11-10-31 09:19, « Ruslan Pustovoytov » <rus-p at inbox.ru> a écrit :
>
>
>> I change 6rd relay IPv4 address 192.88.99.127 to 192.88.98.127 in BR
>> config (loopback10) and windiws 6to4 relay.
>> The picture is the same, ICMPv6 packet successfully going through the
>> network and egressing from the last iface directly connected to ASR. But
>> I don't see this packets in debug output.
>>
>>
>>
>> Harold Ritter (hritter) пишет:
>>
>>> Could you try using a prefix other than 192.88.99.0/24 and see if it
>>> makes a diffrence.
>>>
>>> Envoyé de mon iPhone
>>>
>>> Le 2011-10-31 à 02:15, "Ruslan Pustovoytov" <rus-p at inbox.ru> a écrit :
>>>
>>>
>>>
>>>> 1. Ok.
>>>> 2. Exactly.
>>>>
>>>>
>>>>
>>>> Harold Ritter пишет:
>>>>
>>>>
>>>>> Hi Ruslan,
>>>>>
>>>>> Two things:
>>>>>
>>>>>
>>>>> 1. It would be safer not to use the 192.88.99/24 prefix for this
>>>>> purpose, as this prefix has been reserved for the 6to4 relay
>>>>> anycast address (RFC3068).
>>>>> 2. According to the information below, the BR will try to forward
>>>>> the return traffic to 192.88.5.250 (prefix 192.88 + suffix =
>>>>> 0x5fa = 5.250). Is this the address assigned to the Windows7
>>>>> Ethernet interface?
>>>>>
>>>>>
>>>>> Regards
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *Ruslan Pustovoytov <rus-p at inbox.ru <mailto:rus-p at inbox.ru>>*
>>>>> Envoyé par : cisco-nsp-bounces at puck.nether.net
>>>>> <mailto:cisco-nsp-bounces at puck.nether.net>
>>>>>
>>>>> 27/10/2011 09:42 AM
>>>>>
>>>>>
>>>>> A
>>>>> Harold Ritter <hritter at cisco.com <mailto:hritter at cisco.com>>
>>>>> cc
>>>>> cisco-nsp at puck.nether.net <mailto:cisco-nsp at puck.nether.net>
>>>>> Objet
>>>>> Re: [c-nsp] 6rd on ASR1k
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Excuse me for a long delay.
>>>>>
>>>>> I check all of my configuration on client and BR.
>>>>> In my lab I have no native 6RD client so I use Windows machine with
>>>>> some
>>>>> hack.
>>>>>
>>>>> My client is Windows7 and I use it's 6to4 adapter to emulate 6RD
>>>>> functionality.
>>>>> When I assign "real" IPv4 address to Local Area network adapter, 6to4
>>>>> adapter became functional.
>>>>> Then delete automatic 6to4 IPv6 address (2002:....) and add new IPv6
>>>>> address accordingly to 6RD rules.
>>>>> Also change default 6to4 relay to my 6RD relay IPv4 address
>>>>> (192.88.99.127)
>>>>>
>>>>> Tunnel 6TO4 Adapter:
>>>>>
>>>>> IPv6-address. . . . . . . . . . . . : 2XXX:YYYY:206:5fa::abca
>>>>> Default gateway. . . . . . . . . : 2002:c058:637f::1
>>>>>
>>>>> My prefix-length for 6RD config in BR is 16 bit.
>>>>> So, only left two octets of IPv4 address coded into 6RD IPv6 address.
>>>>>
>>>>> I add default route for IPv6 family via command:
>>>>> netsh interface ipv6>add route ::/0 6to4 2002:0c58:637f::1
>>>>> Route table looks like this:
>>>>>
>>>>> IPv6 таблица маршрута
>>>>>
>>>>> =======================================================================
>>>>> ====
>>>>> Ðктивные маршруты:
>>>>> Метрика Сетевой Ð°Ð´Ñ€ÐµÑ Ð¨Ð»ÑŽÐ·
>>>>> 13 281 ::/0 2002:c058:637f::1
>>>>> 1 306 ::1/128 On-link
>>>>> 12 58 2001::/32 On-link
>>>>> 12 306 2001:0:5ef5:79fd:8f5:2c30:4d73:fa05/128
>>>>> On-link
>>>>> 13 1025 2002::/16 On-link
>>>>> 13 281 2a02:2168:206:5fa::/64 On-link
>>>>> 13 281 2a02:2168:206:5fa::abca/128
>>>>> On-link
>>>>> 12 306 fe80::/64 On-link
>>>>> 12 306 fe80::8f5:2c30:4d73:fa05/128
>>>>> On-link
>>>>> 1 306 ff00::/8 On-link
>>>>> 12 306 ff00::/8 On-link
>>>>>
>>>>> =======================================================================
>>>>> ====
>>>>> ПоÑтоÑнные маршруты:
>>>>> Метрика Сетевой Ð°Ð´Ñ€ÐµÑ Ð¨Ð»ÑŽÐ·
>>>>> 0 4294967295 ::/0 2002:c058:637f::1
>>>>>
>>>>> =======================================================================
>>>>> ====
>>>>>
>>>>> Then I ping 2XXX:YYYY:200:800::2 address.
>>>>> When I did command "deb ipv6 icmp" on ASR I see some ICMP but its did
>>>>> not relevant for me.
>>>>> Wireshark on Windows 6RD client show me that all ICMP packet envelop
>>>>> with right IPv4 header and successfully leaving the host.
>>>>> Also last interface in my network directly attached to ASR show
>>>>> increments on egress direction in packet filter with protocol 41 in
>>>>> payload as mask value when I pinging.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Harold Ritter пишет:
>>>>>
>>>>>
>>>>>> Ruslan,
>>>>>>
>>>>>> Just to make sure, do you have a default route on the 6rd client
>>>>>> pointing
>>>>>> at the 6rd BR? Since you are pinging the ASR1k itself, could you
>>>>>> please
>>>>>> run a "deb ipv6 icmp" on the ASR to see if the ICMP packets are
>>>>>> received.
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>>
>>>>>>
>>>>>> Le 11-10-14 01:57, « Ruslan Pustovoitov » <rus-p at mostelekom.net
>>>>>> <mailto:rus-p at mostelekom.net>> a écrit :
>>>>>>
>>>>>> >> Hi Harold !
>>>>>>
>>>>>>
>>>>>>> This is my config relevant to 6rd.
>>>>>>> Also, I don't know how to debug packets with protocol 41 in IP
>>>>>>> payload
>>>>>>> in ASR.
>>>>>>> Debug in form "debug ip packet #access-list" do not working for non
>>>>>>> software routers.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> interface Loopback10
>>>>>>> description 6RD_Relay
>>>>>>> ip address 192.88.99.127 255.255.255.255
>>>>>>> !
>>>>>>> interface Tunnel0
>>>>>>> no ip address
>>>>>>> no ip redirects
>>>>>>> ipv6 address 2XXX:YYYY:206::/128 anycast
>>>>>>> tunnel source Loopback10
>>>>>>> tunnel mode ipv6ip 6rd
>>>>>>> tunnel 6rd ipv4 prefix-len 16
>>>>>>> tunnel 6rd prefix 2XXX:YYYY:206::/48
>>>>>>> !
>>>>>>> ! Incoming interface for IPv6 encapsulated in IPv4 packets
>>>>>>> interface GigabitEthernet0/0/1.531
>>>>>>> encapsulation dot1Q 531
>>>>>>> ip address ZZZ.ZZZ.255.210 255.255.255.252
>>>>>>> no ip redirects
>>>>>>> no ip unreachables
>>>>>>> no ip proxy-arp
>>>>>>> !
>>>>>>> interface GigabitEthernet0/0/0.550
>>>>>>> encapsulation dot1Q 550
>>>>>>> ipv6 address 2XXX:YYYY:200:800::2/126
>>>>>>> ipv6 nd ra suppress
>>>>>>> !
>>>>>>> ipv6 route 2XXX:YYYY:206::/48 Tunnel0
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I try to ping 2XXX:YYYY:200:800::2
>>>>>>> This is the local IPv6 address for ASR.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Harold Ritter пишет:
>>>>>>> >>> Ruslan,
>>>>>>>
>>>>>>>
>>>>>>>> Can you provide the BR config and the address you are trying to
>>>>>>>> ping.
>>>>>>>>
>>>>>>>> Regards
>>>>>>>>
>>>>>>>>
>>>>>>>> Le 11-10-07 04:40, « Ruslan Pustovoitov » <rus-p at mostelekom.net
>>>>>>>> <mailto:rus-p at mostelekom.net>> a
>>>>>>>> écrit :
>>>>>>>>
>>>>>>>> >>> >>>> Hi all
>>>>>>>>
>>>>>>>>
>>>>>>>>> I try to setup 6rd on asr1k accordingly to
>>>>>>>>> http://docwiki.cisco.com/wiki/6rd_Configuration_Example
>>>>>>>>> Then I ping6 IPv6 host from client and see that IPv6 packet
>>>>>>>>> envelops in
>>>>>>>>> IPv4 with right IPv4 destination (6rd relay IPv4 address).
>>>>>>>>> This IPv4 packet seccessfully reach asr1k and nothing else.
>>>>>>>>> Packets
>>>>>>>>> silently disappear.
>>>>>>>>>
>>>>>>>>> The output of "show tunnel 6rd tunnel 0Interface Tunnel0" dont
>>>>>>>>> show
>>>>>>>>> any
>>>>>>>>> counters info:
>>>>>>>>> Tunnel Source: 192.88.99.127
>>>>>>>>> 6RD: Operational, V6 Prefix: 2YYY:ZZZZ:206::/48
>>>>>>>>> V4 Prefix, Length: 16, Value: 192.88.0.0
>>>>>>>>> V4 Suffix, Length: 0, Value: 0.0.0.0
>>>>>>>>> General Prefix: 2YYY:ZZZZ:206:637F::/64
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Also, I don't see any IPv6 packet going from asr1k to IPv6
>>>>>>>>> directly
>>>>>>>>> connected host where I run tcpdump.
>>>>>>>>> Client seccessfully pinging 6rd relay 192.88.99.127
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>>>>>>>> <mailto:cisco-nsp at puck.nether.net>
>>>>>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>>>>>> >>>> >>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>> >>> >
>>>>>>>>
>>>>>>>>
>>>>>> _______________________________________________
>>>>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>>>>> <mailto:cisco-nsp at puck.nether.net>
>>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>>>> <mailto:cisco-nsp at puck.nether.net>
>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>>
>>>>>
>>>>>
>
>
>
>
>
More information about the cisco-nsp
mailing list