[c-nsp] 6rd on ASR1k

Harold Ritter (hritter) hritter at cisco.com
Mon Oct 31 07:24:00 EDT 2011


Could you try using a prefix other than 192.88.99.0/24 and see if it makes a diffrence.

Envoyé de mon iPhone

Le 2011-10-31 à 02:15, "Ruslan Pustovoytov" <rus-p at inbox.ru> a écrit :

> 
> 1. Ok.
> 2. Exactly.
> 
> 
> 
> Harold Ritter пишет:
>> Hi Ruslan,
>> 
>> Two things:
>> 
>> 
>>   1. It would be safer not to use the 192.88.99/24 prefix for this
>>      purpose, as this prefix has been reserved for the 6to4 relay
>>      anycast address (RFC3068).
>>   2. According to the information below, the BR will try to forward
>>      the return traffic to 192.88.5.250 (prefix 192.88 + suffix =
>>      0x5fa = 5.250). Is this the address assigned to the Windows7
>>      Ethernet interface?
>> 
>> 
>> Regards
>> 
>> 
>> 
>> 
>> *Ruslan Pustovoytov <rus-p at inbox.ru <mailto:rus-p at inbox.ru>>*
>> Envoyé par : cisco-nsp-bounces at puck.nether.net <mailto:cisco-nsp-bounces at puck.nether.net>
>> 
>> 27/10/2011 09:42 AM
>> 
>>    
>> A
>>    Harold Ritter <hritter at cisco.com <mailto:hritter at cisco.com>>
>> cc
>>    cisco-nsp at puck.nether.net <mailto:cisco-nsp at puck.nether.net>
>> Objet
>>    Re: [c-nsp] 6rd on ASR1k
>> 
>> 
>> 
>>    
>> 
>> 
>> 
>> 
>> 
>> Excuse me for a long delay.
>> 
>> I check all of my configuration on client and BR.
>> In my lab I have no native 6RD client so I use Windows machine with some
>> hack.
>> 
>> My client is Windows7 and I use it's 6to4 adapter to emulate 6RD
>> functionality.
>> When I assign "real" IPv4 address to Local Area network adapter, 6to4
>> adapter became functional.
>> Then delete automatic 6to4 IPv6 address (2002:....) and add new IPv6
>> address accordingly to 6RD rules.
>> Also change default 6to4 relay to my 6RD relay IPv4 address (192.88.99.127)
>> 
>> Tunnel 6TO4 Adapter:
>> 
>>  IPv6-address. . . . . . . . . . . . : 2XXX:YYYY:206:5fa::abca
>>  Default gateway. . . . . . . . . : 2002:c058:637f::1
>> 
>> My prefix-length for 6RD config in BR is 16 bit.
>> So, only left two octets of IPv4 address coded into 6RD IPv6 address.
>> 
>> I add default route for IPv6 family  via command:
>> netsh interface ipv6>add route ::/0 6to4 2002:0c58:637f::1
>> Route table looks like this:
>> 
>> IPv6 таблица маршрута
>> ===========================================================================
>> Активные маршруты:
>> Метрика   Сетевой адрес            Шлюз
>> 13    281 ::/0                     2002:c058:637f::1
>> 1    306 ::1/128                 On-link
>> 12     58 2001::/32                On-link
>> 12    306 2001:0:5ef5:79fd:8f5:2c30:4d73:fa05/128
>>                                   On-link
>> 13   1025 2002::/16                On-link
>> 13    281 2a02:2168:206:5fa::/64   On-link
>> 13    281 2a02:2168:206:5fa::abca/128
>>                                   On-link
>> 12    306 fe80::/64                On-link
>> 12    306 fe80::8f5:2c30:4d73:fa05/128
>>                                   On-link
>> 1    306 ff00::/8                 On-link
>> 12    306 ff00::/8                 On-link
>> ===========================================================================
>> Постоянные маршруты:
>> Метрика   Сетевой адрес            Шлюз
>> 0 4294967295 ::/0                     2002:c058:637f::1
>> ===========================================================================
>> 
>> Then I ping 2XXX:YYYY:200:800::2 address.
>> When I did command "deb ipv6 icmp" on ASR I see some ICMP but its did
>> not relevant for me.
>> Wireshark on Windows 6RD client show me that all ICMP packet envelop
>> with right IPv4 header and successfully leaving the host.
>> Also last interface in my network directly attached to ASR show
>> increments on egress direction in packet filter with protocol 41 in
>> payload as mask value when I pinging.
>> 
>> 
>> 
>> 
>> 
>> Harold Ritter пишет:
>> > Ruslan,
>> >
>> > Just to make sure, do you have a default route on the 6rd client pointing
>> > at the 6rd BR? Since you are pinging the ASR1k itself, could you please
>> > run a "deb ipv6 icmp" on the ASR to see if the ICMP packets are received.
>> >
>> > Regards
>> >
>> >
>> >
>> > Le 11-10-14 01:57, « Ruslan Pustovoitov » <rus-p at mostelekom.net <mailto:rus-p at mostelekom.net>> a écrit :
>> >
>> >  >> Hi Harold !
>> >>
>> >> This is my config relevant to 6rd.
>> >> Also, I don't know how to debug packets with protocol 41 in IP payload
>> >> in ASR.
>> >> Debug in form "debug ip packet #access-list" do not working for non
>> >> software routers.
>> >>
>> >>
>> >>
>> >> interface Loopback10
>> >> description 6RD_Relay
>> >> ip address 192.88.99.127 255.255.255.255
>> >> !
>> >> interface Tunnel0
>> >> no ip address
>> >> no ip redirects
>> >> ipv6 address 2XXX:YYYY:206::/128 anycast
>> >> tunnel source Loopback10
>> >> tunnel mode ipv6ip 6rd
>> >> tunnel 6rd ipv4 prefix-len 16
>> >> tunnel 6rd prefix 2XXX:YYYY:206::/48
>> >> !
>> >> ! Incoming interface for IPv6 encapsulated in IPv4 packets
>> >> interface GigabitEthernet0/0/1.531
>> >> encapsulation dot1Q 531
>> >> ip address ZZZ.ZZZ.255.210 255.255.255.252
>> >> no ip redirects
>> >> no ip unreachables
>> >> no ip proxy-arp
>> >> !
>> >> interface GigabitEthernet0/0/0.550
>> >> encapsulation dot1Q 550
>> >> ipv6 address 2XXX:YYYY:200:800::2/126
>> >> ipv6 nd ra suppress
>> >> !
>> >> ipv6 route 2XXX:YYYY:206::/48 Tunnel0
>> >>
>> >>
>> >>
>> >> I try to ping 2XXX:YYYY:200:800::2
>> >> This is the local IPv6 address for ASR.
>> >>
>> >>
>> >>
>> >>
>> >> Harold Ritter пишет:
>> >>    >>> Ruslan,
>> >>>
>> >>> Can you provide the BR config and the address you are trying to ping.
>> >>>
>> >>> Regards
>> >>>
>> >>>
>> >>> Le 11-10-07 04:40, « Ruslan Pustovoitov » <rus-p at mostelekom.net <mailto:rus-p at mostelekom.net>> a
>> >>> écrit :
>> >>>
>> >>>  >>>      >>>> Hi all
>> >>>>
>> >>>> I try to setup 6rd on asr1k accordingly to
>> >>>> http://docwiki.cisco.com/wiki/6rd_Configuration_Example
>> >>>> Then I ping6 IPv6 host from client and see that IPv6 packet envelops in
>> >>>> IPv4 with right IPv4 destination (6rd relay IPv4 address).
>> >>>> This IPv4 packet seccessfully reach asr1k and nothing else. Packets
>> >>>> silently disappear.
>> >>>>
>> >>>> The output of  "show tunnel 6rd tunnel 0Interface Tunnel0" dont show
>> >>>> any
>> >>>> counters info:
>> >>>>  Tunnel Source: 192.88.99.127
>> >>>>  6RD: Operational, V6 Prefix: 2YYY:ZZZZ:206::/48
>> >>>>       V4 Prefix, Length: 16, Value: 192.88.0.0
>> >>>>       V4 Suffix, Length: 0, Value: 0.0.0.0
>> >>>>  General Prefix: 2YYY:ZZZZ:206:637F::/64
>> >>>>
>> >>>>
>> >>>> Also, I don't see any IPv6 packet going from asr1k to IPv6 directly
>> >>>> connected host where I run tcpdump.
>> >>>> Client seccessfully pinging 6rd relay 192.88.99.127
>> >>>>
>> >>>>
>> >>>> _______________________________________________
>> >>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net <mailto:cisco-nsp at puck.nether.net>
>> >>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> >>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> >>>>    >>>>        >>>
>> >>>  >>>      >
>> >
>> >
>> > _______________________________________________
>> > cisco-nsp mailing list  cisco-nsp at puck.nether.net <mailto:cisco-nsp at puck.nether.net>
>> > https://puck.nether.net/mailman/listinfo/cisco-nsp
>> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>> 
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net <mailto:cisco-nsp at puck.nether.net>
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> 
> 



More information about the cisco-nsp mailing list