[c-nsp] 6rd on ASR1k
Ruslan Pustovoytov
rus-p at inbox.ru
Wed Nov 2 04:43:26 EDT 2011
If I delete "tunnel 6rd ipv4 prefix-len 16" from configuration and use
my /48 6rd prefix, 6rd delegated prefix will be 80 bit length.
I am not sure whether this configuration is supported.
So, I going second way, change IPv4 address of BR to178.140.5.241 and
change all other thingth related to the hack )
Ping working!
I forgot about octets not visible to BR due to prefix-length command and
fully stateless technique.
If ASR will track this octets it will be statefull, therefore this right
behaviour.
Thank you!
Harold Ritter пишет:
> Ruslan,
>
> OK, I think we have found the issue. You use a 16 bit prefix length
> ("tunnel 6rd ipv4 prefix-len 16") which means that only the last 16 bits
> of the ipv4 address will be inserted in the 6RD ipv6 address. The gateway
> assumes the prefix is the same as the local (192.88/16) and tries to send
> the reply back to 192.88.5.250. You just need to either use the same
> prefix (/16) on both the client and BR or remove the following command;
> "tunnel 6rd ipv4 prefix-len 16". If you do that make sure you insert the
> full 32 bits ipv4 address on the workstation (manual procedure be cause of
> your 6to4 hack).
>
> Regards
>
>
> Le 11-11-01 09:22, « Ruslan Pustovoytov » <rus-p at inbox.ru> a écrit :
>
>
>> I use 178.140.5.250 IPv4 address on workstation.
>> It is not changed.
>> What is the reason to change it?
>>
>>
>>> Ruslan,
>>>
>>> I meant the IPv4 address you use on the workstation. Could you please
>>> let
>>> us know what it is.
>>>
>>> Regards
>>>
>>>
>>> Le 11-11-01 02:53, « Ruslan Pustovoytov » <rus-p at inbox.ru> a écrit :
>>>
>>>
>>>
>>>> Did you mean IPv4 6RD relay address ?
>>>> Yes, I changed it from 192.88.99.127 to 192.88.98.127
>>>>
>>>>
>>>>
>>>>> Did you also change the IPv4 prefix you use on the workstation?
>>>>>
>>>>>
>>>>>
>>>>> Le 11-10-31 09:19, « Ruslan Pustovoytov » <rus-p at inbox.ru> a écrit :
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> I change 6rd relay IPv4 address 192.88.99.127 to 192.88.98.127 in BR
>>>>>> config (loopback10) and windiws 6to4 relay.
>>>>>> The picture is the same, ICMPv6 packet successfully going through the
>>>>>> network and egressing from the last iface directly connected to ASR.
>>>>>> But
>>>>>> I don't see this packets in debug output.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Harold Ritter (hritter) пишет:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Could you try using a prefix other than 192.88.99.0/24 and see if it
>>>>>>> makes a diffrence.
>>>>>>>
>>>>>>> Envoyé de mon iPhone
>>>>>>>
>>>>>>> Le 2011-10-31 à 02:15, "Ruslan Pustovoytov" <rus-p at inbox.ru> a
>>>>>>> écrit :
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> 1. Ok.
>>>>>>>> 2. Exactly.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Harold Ritter пишет:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> Hi Ruslan,
>>>>>>>>>
>>>>>>>>> Two things:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 1. It would be safer not to use the 192.88.99/24 prefix for this
>>>>>>>>> purpose, as this prefix has been reserved for the 6to4 relay
>>>>>>>>> anycast address (RFC3068).
>>>>>>>>> 2. According to the information below, the BR will try to
>>>>>>>>> forward
>>>>>>>>> the return traffic to 192.88.5.250 (prefix 192.88 + suffix =
>>>>>>>>> 0x5fa = 5.250). Is this the address assigned to the Windows7
>>>>>>>>> Ethernet interface?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Regards
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *Ruslan Pustovoytov <rus-p at inbox.ru <mailto:rus-p at inbox.ru>>*
>>>>>>>>> Envoyé par : cisco-nsp-bounces at puck.nether.net
>>>>>>>>> <mailto:cisco-nsp-bounces at puck.nether.net>
>>>>>>>>>
>>>>>>>>> 27/10/2011 09:42 AM
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> A
>>>>>>>>> Harold Ritter <hritter at cisco.com <mailto:hritter at cisco.com>>
>>>>>>>>> cc
>>>>>>>>> cisco-nsp at puck.nether.net <mailto:cisco-nsp at puck.nether.net>
>>>>>>>>> Objet
>>>>>>>>> Re: [c-nsp] 6rd on ASR1k
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Excuse me for a long delay.
>>>>>>>>>
>>>>>>>>> I check all of my configuration on client and BR.
>>>>>>>>> In my lab I have no native 6RD client so I use Windows machine
>>>>>>>>> with
>>>>>>>>> some
>>>>>>>>> hack.
>>>>>>>>>
>>>>>>>>> My client is Windows7 and I use it's 6to4 adapter to emulate 6RD
>>>>>>>>> functionality.
>>>>>>>>> When I assign "real" IPv4 address to Local Area network adapter,
>>>>>>>>> 6to4
>>>>>>>>> adapter became functional.
>>>>>>>>> Then delete automatic 6to4 IPv6 address (2002:....) and add new
>>>>>>>>> IPv6
>>>>>>>>> address accordingly to 6RD rules.
>>>>>>>>> Also change default 6to4 relay to my 6RD relay IPv4 address
>>>>>>>>> (192.88.99.127)
>>>>>>>>>
>>>>>>>>> Tunnel 6TO4 Adapter:
>>>>>>>>>
>>>>>>>>> IPv6-address. . . . . . . . . . . . : 2XXX:YYYY:206:5fa::abca
>>>>>>>>> Default gateway. . . . . . . . . : 2002:c058:637f::1
>>>>>>>>>
>>>>>>>>> My prefix-length for 6RD config in BR is 16 bit.
>>>>>>>>> So, only left two octets of IPv4 address coded into 6RD IPv6
>>>>>>>>> address.
>>>>>>>>>
>>>>>>>>> I add default route for IPv6 family via command:
>>>>>>>>> netsh interface ipv6>add route ::/0 6to4 2002:0c58:637f::1
>>>>>>>>> Route table looks like this:
>>>>>>>>>
>>>>>>>>> IPv6 таблица маршрута
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ===================================================================
>>>>>>>>> ==
>>>>>>>>> ==
>>>>>>>>> ====
>>>>>>>>> Ðктивные маршруты:
>>>>>>>>> Метрика Сетевой Ð°Ð´Ñ€ÐµÑ Ð¨Ð»ÑŽÐ·
>>>>>>>>> 13 281 ::/0 2002:c058:637f::1
>>>>>>>>> 1 306 ::1/128 On-link
>>>>>>>>> 12 58 2001::/32 On-link
>>>>>>>>> 12 306 2001:0:5ef5:79fd:8f5:2c30:4d73:fa05/128
>>>>>>>>> On-link
>>>>>>>>> 13 1025 2002::/16 On-link
>>>>>>>>> 13 281 2a02:2168:206:5fa::/64 On-link
>>>>>>>>> 13 281 2a02:2168:206:5fa::abca/128
>>>>>>>>> On-link
>>>>>>>>> 12 306 fe80::/64 On-link
>>>>>>>>> 12 306 fe80::8f5:2c30:4d73:fa05/128
>>>>>>>>> On-link
>>>>>>>>> 1 306 ff00::/8 On-link
>>>>>>>>> 12 306 ff00::/8 On-link
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ===================================================================
>>>>>>>>> ==
>>>>>>>>> ==
>>>>>>>>> ====
>>>>>>>>> ПоÑтоÑнные маршруты:
>>>>>>>>> Метрика Сетевой Ð°Ð´Ñ€ÐµÑ Ð¨Ð»ÑŽÐ·
>>>>>>>>> 0 4294967295 ::/0 2002:c058:637f::1
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ===================================================================
>>>>>>>>> ==
>>>>>>>>> ==
>>>>>>>>> ====
>>>>>>>>>
>>>>>>>>> Then I ping 2XXX:YYYY:200:800::2 address.
>>>>>>>>> When I did command "deb ipv6 icmp" on ASR I see some ICMP but its
>>>>>>>>> did
>>>>>>>>> not relevant for me.
>>>>>>>>> Wireshark on Windows 6RD client show me that all ICMP packet
>>>>>>>>> envelop
>>>>>>>>> with right IPv4 header and successfully leaving the host.
>>>>>>>>> Also last interface in my network directly attached to ASR show
>>>>>>>>> increments on egress direction in packet filter with protocol 41
>>>>>>>>> in
>>>>>>>>> payload as mask value when I pinging.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Harold Ritter пишет:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> Ruslan,
>>>>>>>>>>
>>>>>>>>>> Just to make sure, do you have a default route on the 6rd client
>>>>>>>>>> pointing
>>>>>>>>>> at the 6rd BR? Since you are pinging the ASR1k itself, could you
>>>>>>>>>> please
>>>>>>>>>> run a "deb ipv6 icmp" on the ASR to see if the ICMP packets are
>>>>>>>>>> received.
>>>>>>>>>>
>>>>>>>>>> Regards
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Le 11-10-14 01:57, « Ruslan Pustovoitov » <rus-p at mostelekom.net
>>>>>>>>>> <mailto:rus-p at mostelekom.net>> a écrit :
>>>>>>>>>>
>>>>>>>>>> >> Hi Harold !
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> This is my config relevant to 6rd.
>>>>>>>>>>> Also, I don't know how to debug packets with protocol 41 in IP
>>>>>>>>>>> payload
>>>>>>>>>>> in ASR.
>>>>>>>>>>> Debug in form "debug ip packet #access-list" do not working for
>>>>>>>>>>> non
>>>>>>>>>>> software routers.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> interface Loopback10
>>>>>>>>>>> description 6RD_Relay
>>>>>>>>>>> ip address 192.88.99.127 255.255.255.255
>>>>>>>>>>> !
>>>>>>>>>>> interface Tunnel0
>>>>>>>>>>> no ip address
>>>>>>>>>>> no ip redirects
>>>>>>>>>>> ipv6 address 2XXX:YYYY:206::/128 anycast
>>>>>>>>>>> tunnel source Loopback10
>>>>>>>>>>> tunnel mode ipv6ip 6rd
>>>>>>>>>>> tunnel 6rd ipv4 prefix-len 16
>>>>>>>>>>> tunnel 6rd prefix 2XXX:YYYY:206::/48
>>>>>>>>>>> !
>>>>>>>>>>> ! Incoming interface for IPv6 encapsulated in IPv4 packets
>>>>>>>>>>> interface GigabitEthernet0/0/1.531
>>>>>>>>>>> encapsulation dot1Q 531
>>>>>>>>>>> ip address ZZZ.ZZZ.255.210 255.255.255.252
>>>>>>>>>>> no ip redirects
>>>>>>>>>>> no ip unreachables
>>>>>>>>>>> no ip proxy-arp
>>>>>>>>>>> !
>>>>>>>>>>> interface GigabitEthernet0/0/0.550
>>>>>>>>>>> encapsulation dot1Q 550
>>>>>>>>>>> ipv6 address 2XXX:YYYY:200:800::2/126
>>>>>>>>>>> ipv6 nd ra suppress
>>>>>>>>>>> !
>>>>>>>>>>> ipv6 route 2XXX:YYYY:206::/48 Tunnel0
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> I try to ping 2XXX:YYYY:200:800::2
>>>>>>>>>>> This is the local IPv6 address for ASR.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Harold Ritter пишет:
>>>>>>>>>>> >>> Ruslan,
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> Can you provide the BR config and the address you are trying to
>>>>>>>>>>>> ping.
>>>>>>>>>>>>
>>>>>>>>>>>> Regards
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Le 11-10-07 04:40, « Ruslan Pustovoitov »
>>>>>>>>>>>> <rus-p at mostelekom.net
>>>>>>>>>>>> <mailto:rus-p at mostelekom.net>> a
>>>>>>>>>>>> écrit :
>>>>>>>>>>>>
>>>>>>>>>>>> >>> >>>> Hi all
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> I try to setup 6rd on asr1k accordingly to
>>>>>>>>>>>>> http://docwiki.cisco.com/wiki/6rd_Configuration_Example
>>>>>>>>>>>>> Then I ping6 IPv6 host from client and see that IPv6 packet
>>>>>>>>>>>>> envelops in
>>>>>>>>>>>>> IPv4 with right IPv4 destination (6rd relay IPv4 address).
>>>>>>>>>>>>> This IPv4 packet seccessfully reach asr1k and nothing else.
>>>>>>>>>>>>> Packets
>>>>>>>>>>>>> silently disappear.
>>>>>>>>>>>>>
>>>>>>>>>>>>> The output of "show tunnel 6rd tunnel 0Interface Tunnel0"
>>>>>>>>>>>>> dont
>>>>>>>>>>>>> show
>>>>>>>>>>>>> any
>>>>>>>>>>>>> counters info:
>>>>>>>>>>>>> Tunnel Source: 192.88.99.127
>>>>>>>>>>>>> 6RD: Operational, V6 Prefix: 2YYY:ZZZZ:206::/48
>>>>>>>>>>>>> V4 Prefix, Length: 16, Value: 192.88.0.0
>>>>>>>>>>>>> V4 Suffix, Length: 0, Value: 0.0.0.0
>>>>>>>>>>>>> General Prefix: 2YYY:ZZZZ:206:637F::/64
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Also, I don't see any IPv6 packet going from asr1k to IPv6
>>>>>>>>>>>>> directly
>>>>>>>>>>>>> connected host where I run tcpdump.
>>>>>>>>>>>>> Client seccessfully pinging 6rd relay 192.88.99.127
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>>>>>>>>>>>> <mailto:cisco-nsp at puck.nether.net>
>>>>>>>>>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>>>>>>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>>>>>>>>>> >>>> >>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>> >>> >
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>>>>>>>>> <mailto:cisco-nsp at puck.nether.net>
>>>>>>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>>>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>>>>>>>> <mailto:cisco-nsp at puck.nether.net>
>>>>>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>
>>>>>
>>>>>
>>>
>>>
>>>
>>>
>
>
>
>
>
More information about the cisco-nsp
mailing list