[c-nsp] 6rd on ASR1k
Harold Ritter
hritter at cisco.com
Tue Nov 1 09:17:45 EDT 2011
Ruslan,
Since you use an ipv4 prefix length of 16, you need to make sure that the
first 16 bits of the prefix you use on the workstation are the same as the
ones you use on the BR. Does the prefix you use on the workstation in the
192.88/16 range as well. If not, could you please unconfigure the "tunnel
6rd ipv4 prefix-len 16" command and retry.
Regards
Le 11-11-01 02:47, « Ruslan Pustovoytov » <rus-p at inbox.ru> a écrit
>No, I cannot.
>But I verify that IPv4 packet with protocol 41 in payload successfully
>reach ASR1k.
>I create access-list 114 for this and attach it to interface on ASR1k
>where packets come from the network.
>
>interface Loopback10
> description 6RD
> ip address 192.88.98.127 255.255.255.255
>!
>interface Tunnel0
> no ip address
> no ip redirects
> ipv6 address 2XXX:YYYY:206::1/128 anycast
> tunnel source Loopback10
> tunnel mode ipv6ip 6rd
> tunnel 6rd ipv4 prefix-len 16
> tunnel 6rd prefix 2XXX:YYYY:206::/48
>!
>interface GigabitEthernet0/0/1.531
> encapsulation dot1Q 531
> ip address XX.YY.255.210 255.255.255.252
> ip access-group 114 in
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip virtual-reassembly
>
>ipv6 route 2XXX:YYYY:206::/48 Tunnel0
>
>
>
>cod-gw01#show ip access-lists 114
>Extended IP access list 114
> 10 permit 41 host AA.BB.140.250 any (4 matches)
> 20 permit ip any any (32 matches)
>
>
>
>I ping IPv6 anycast address 2XXX:YYYY:206::1 from 6rd client and got 4
>matches (default ping packet count), please see output above.
>
>Debug ipv6 icmp show only node advetisment and node solicitation not for
>my host.
>
>
>
>
>Harold Ritter пишет:
>> Can you at least ping the BR IPv6 Anycast address (2XXX:YYYY:206::/128)?
>>
>> Regards
>>
>>
>> Le 11-10-31 09:19, « Ruslan Pustovoytov » <rus-p at inbox.ru> a écrit :
>>
>>
>>> I change 6rd relay IPv4 address 192.88.99.127 to 192.88.98.127 in BR
>>> config (loopback10) and windiws 6to4 relay.
>>> The picture is the same, ICMPv6 packet successfully going through the
>>> network and egressing from the last iface directly connected to ASR.
>>>But
>>> I don't see this packets in debug output.
>>>
>>>
>>>
>>> Harold Ritter (hritter) пишет:
>>>
>>>> Could you try using a prefix other than 192.88.99.0/24 and see if it
>>>> makes a diffrence.
>>>>
>>>> Envoyé de mon iPhone
>>>>
>>>> Le 2011-10-31 à 02:15, "Ruslan Pustovoytov" <rus-p at inbox.ru> a écrit :
>>>>
>>>>
>>>>
>>>>> 1. Ok.
>>>>> 2. Exactly.
>>>>>
>>>>>
>>>>>
>>>>> Harold Ritter пишет:
>>>>>
>>>>>
>>>>>> Hi Ruslan,
>>>>>>
>>>>>> Two things:
>>>>>>
>>>>>>
>>>>>> 1. It would be safer not to use the 192.88.99/24 prefix for this
>>>>>> purpose, as this prefix has been reserved for the 6to4 relay
>>>>>> anycast address (RFC3068).
>>>>>> 2. According to the information below, the BR will try to forward
>>>>>> the return traffic to 192.88.5.250 (prefix 192.88 + suffix =
>>>>>> 0x5fa = 5.250). Is this the address assigned to the Windows7
>>>>>> Ethernet interface?
>>>>>>
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> *Ruslan Pustovoytov <rus-p at inbox.ru <mailto:rus-p at inbox.ru>>*
>>>>>> Envoyé par : cisco-nsp-bounces at puck.nether.net
>>>>>> <mailto:cisco-nsp-bounces at puck.nether.net>
>>>>>>
>>>>>> 27/10/2011 09:42 AM
>>>>>>
>>>>>>
>>>>>> A
>>>>>> Harold Ritter <hritter at cisco.com <mailto:hritter at cisco.com>>
>>>>>> cc
>>>>>> cisco-nsp at puck.nether.net <mailto:cisco-nsp at puck.nether.net>
>>>>>> Objet
>>>>>> Re: [c-nsp] 6rd on ASR1k
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Excuse me for a long delay.
>>>>>>
>>>>>> I check all of my configuration on client and BR.
>>>>>> In my lab I have no native 6RD client so I use Windows machine with
>>>>>> some
>>>>>> hack.
>>>>>>
>>>>>> My client is Windows7 and I use it's 6to4 adapter to emulate 6RD
>>>>>> functionality.
>>>>>> When I assign "real" IPv4 address to Local Area network adapter,
>>>>>>6to4
>>>>>> adapter became functional.
>>>>>> Then delete automatic 6to4 IPv6 address (2002:....) and add new IPv6
>>>>>> address accordingly to 6RD rules.
>>>>>> Also change default 6to4 relay to my 6RD relay IPv4 address
>>>>>> (192.88.99.127)
>>>>>>
>>>>>> Tunnel 6TO4 Adapter:
>>>>>>
>>>>>> IPv6-address. . . . . . . . . . . . : 2XXX:YYYY:206:5fa::abca
>>>>>> Default gateway. . . . . . . . . : 2002:c058:637f::1
>>>>>>
>>>>>> My prefix-length for 6RD config in BR is 16 bit.
>>>>>> So, only left two octets of IPv4 address coded into 6RD IPv6
>>>>>>address.
>>>>>>
>>>>>> I add default route for IPv6 family via command:
>>>>>> netsh interface ipv6>add route ::/0 6to4 2002:0c58:637f::1
>>>>>> Route table looks like this:
>>>>>>
>>>>>> IPv6 таблица маршрута
>>>>>>
>>>>>>
>>>>>>=====================================================================
>>>>>>==
>>>>>> ====
>>>>>> Ðктивные маршруты:
>>>>>> Метрика Сетевой Ð°Ð´Ñ€ÐµÑ Ð¨Ð»ÑŽÐ·
>>>>>> 13 281 ::/0 2002:c058:637f::1
>>>>>> 1 306 ::1/128 On-link
>>>>>> 12 58 2001::/32 On-link
>>>>>> 12 306 2001:0:5ef5:79fd:8f5:2c30:4d73:fa05/128
>>>>>> On-link
>>>>>> 13 1025 2002::/16 On-link
>>>>>> 13 281 2a02:2168:206:5fa::/64 On-link
>>>>>> 13 281 2a02:2168:206:5fa::abca/128
>>>>>> On-link
>>>>>> 12 306 fe80::/64 On-link
>>>>>> 12 306 fe80::8f5:2c30:4d73:fa05/128
>>>>>> On-link
>>>>>> 1 306 ff00::/8 On-link
>>>>>> 12 306 ff00::/8 On-link
>>>>>>
>>>>>>
>>>>>>=====================================================================
>>>>>>==
>>>>>> ====
>>>>>> ПоÑтоÑнные маршруты:
>>>>>> Метрика Сетевой Ð°Ð´Ñ€ÐµÑ Ð¨Ð»ÑŽÐ·
>>>>>> 0 4294967295 ::/0 2002:c058:637f::1
>>>>>>
>>>>>>
>>>>>>=====================================================================
>>>>>>==
>>>>>> ====
>>>>>>
>>>>>> Then I ping 2XXX:YYYY:200:800::2 address.
>>>>>> When I did command "deb ipv6 icmp" on ASR I see some ICMP but its
>>>>>>did
>>>>>> not relevant for me.
>>>>>> Wireshark on Windows 6RD client show me that all ICMP packet envelop
>>>>>> with right IPv4 header and successfully leaving the host.
>>>>>> Also last interface in my network directly attached to ASR show
>>>>>> increments on egress direction in packet filter with protocol 41 in
>>>>>> payload as mask value when I pinging.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Harold Ritter пишет:
>>>>>>
>>>>>>
>>>>>>> Ruslan,
>>>>>>>
>>>>>>> Just to make sure, do you have a default route on the 6rd client
>>>>>>> pointing
>>>>>>> at the 6rd BR? Since you are pinging the ASR1k itself, could you
>>>>>>> please
>>>>>>> run a "deb ipv6 icmp" on the ASR to see if the ICMP packets are
>>>>>>> received.
>>>>>>>
>>>>>>> Regards
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Le 11-10-14 01:57, « Ruslan Pustovoitov » <rus-p at mostelekom.net
>>>>>>> <mailto:rus-p at mostelekom.net>> a écrit :
>>>>>>>
>>>>>>> >> Hi Harold !
>>>>>>>
>>>>>>>
>>>>>>>> This is my config relevant to 6rd.
>>>>>>>> Also, I don't know how to debug packets with protocol 41 in IP
>>>>>>>> payload
>>>>>>>> in ASR.
>>>>>>>> Debug in form "debug ip packet #access-list" do not working for
>>>>>>>>non
>>>>>>>> software routers.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> interface Loopback10
>>>>>>>> description 6RD_Relay
>>>>>>>> ip address 192.88.99.127 255.255.255.255
>>>>>>>> !
>>>>>>>> interface Tunnel0
>>>>>>>> no ip address
>>>>>>>> no ip redirects
>>>>>>>> ipv6 address 2XXX:YYYY:206::/128 anycast
>>>>>>>> tunnel source Loopback10
>>>>>>>> tunnel mode ipv6ip 6rd
>>>>>>>> tunnel 6rd ipv4 prefix-len 16
>>>>>>>> tunnel 6rd prefix 2XXX:YYYY:206::/48
>>>>>>>> !
>>>>>>>> ! Incoming interface for IPv6 encapsulated in IPv4 packets
>>>>>>>> interface GigabitEthernet0/0/1.531
>>>>>>>> encapsulation dot1Q 531
>>>>>>>> ip address ZZZ.ZZZ.255.210 255.255.255.252
>>>>>>>> no ip redirects
>>>>>>>> no ip unreachables
>>>>>>>> no ip proxy-arp
>>>>>>>> !
>>>>>>>> interface GigabitEthernet0/0/0.550
>>>>>>>> encapsulation dot1Q 550
>>>>>>>> ipv6 address 2XXX:YYYY:200:800::2/126
>>>>>>>> ipv6 nd ra suppress
>>>>>>>> !
>>>>>>>> ipv6 route 2XXX:YYYY:206::/48 Tunnel0
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> I try to ping 2XXX:YYYY:200:800::2
>>>>>>>> This is the local IPv6 address for ASR.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Harold Ritter пишет:
>>>>>>>> >>> Ruslan,
>>>>>>>>
>>>>>>>>
>>>>>>>>> Can you provide the BR config and the address you are trying to
>>>>>>>>> ping.
>>>>>>>>>
>>>>>>>>> Regards
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Le 11-10-07 04:40, « Ruslan Pustovoitov » <rus-p at mostelekom.net
>>>>>>>>> <mailto:rus-p at mostelekom.net>> a
>>>>>>>>> écrit :
>>>>>>>>>
>>>>>>>>> >>> >>>> Hi all
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> I try to setup 6rd on asr1k accordingly to
>>>>>>>>>> http://docwiki.cisco.com/wiki/6rd_Configuration_Example
>>>>>>>>>> Then I ping6 IPv6 host from client and see that IPv6 packet
>>>>>>>>>> envelops in
>>>>>>>>>> IPv4 with right IPv4 destination (6rd relay IPv4 address).
>>>>>>>>>> This IPv4 packet seccessfully reach asr1k and nothing else.
>>>>>>>>>> Packets
>>>>>>>>>> silently disappear.
>>>>>>>>>>
>>>>>>>>>> The output of "show tunnel 6rd tunnel 0Interface Tunnel0" dont
>>>>>>>>>> show
>>>>>>>>>> any
>>>>>>>>>> counters info:
>>>>>>>>>> Tunnel Source: 192.88.99.127
>>>>>>>>>> 6RD: Operational, V6 Prefix: 2YYY:ZZZZ:206::/48
>>>>>>>>>> V4 Prefix, Length: 16, Value: 192.88.0.0
>>>>>>>>>> V4 Suffix, Length: 0, Value: 0.0.0.0
>>>>>>>>>> General Prefix: 2YYY:ZZZZ:206:637F::/64
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Also, I don't see any IPv6 packet going from asr1k to IPv6
>>>>>>>>>> directly
>>>>>>>>>> connected host where I run tcpdump.
>>>>>>>>>> Client seccessfully pinging 6rd relay 192.88.99.127
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>>>>>>>>> <mailto:cisco-nsp at puck.nether.net>
>>>>>>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>>>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>>>>>>> >>>> >>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> >>> >
>>>>>>>>>
>>>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>>>>>> <mailto:cisco-nsp at puck.nether.net>
>>>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>>>>
>>>>>>>
>>>>>> _______________________________________________
>>>>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>>>>> <mailto:cisco-nsp at puck.nether.net>
>>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>>>
>>>>>>
>>>>>>
>>
>>
>>
>>
>>
>
More information about the cisco-nsp
mailing list