[c-nsp] 6rd on ASR1k
Harold Ritter
hritter at cisco.com
Mon Oct 31 10:09:26 EDT 2011
Can you at least ping the BR IPv6 Anycast address (2XXX:YYYY:206::/128)?
Regards
Le 11-10-31 09:19, « Ruslan Pustovoytov » <rus-p at inbox.ru> a écrit :
>I change 6rd relay IPv4 address 192.88.99.127 to 192.88.98.127 in BR
>config (loopback10) and windiws 6to4 relay.
>The picture is the same, ICMPv6 packet successfully going through the
>network and egressing from the last iface directly connected to ASR. But
>I don't see this packets in debug output.
>
>
>
>Harold Ritter (hritter) пишет:
>> Could you try using a prefix other than 192.88.99.0/24 and see if it
>>makes a diffrence.
>>
>> Envoyé de mon iPhone
>>
>> Le 2011-10-31 à 02:15, "Ruslan Pustovoytov" <rus-p at inbox.ru> a écrit :
>>
>>
>>> 1. Ok.
>>> 2. Exactly.
>>>
>>>
>>>
>>> Harold Ritter пишет:
>>>
>>>> Hi Ruslan,
>>>>
>>>> Two things:
>>>>
>>>>
>>>> 1. It would be safer not to use the 192.88.99/24 prefix for this
>>>> purpose, as this prefix has been reserved for the 6to4 relay
>>>> anycast address (RFC3068).
>>>> 2. According to the information below, the BR will try to forward
>>>> the return traffic to 192.88.5.250 (prefix 192.88 + suffix =
>>>> 0x5fa = 5.250). Is this the address assigned to the Windows7
>>>> Ethernet interface?
>>>>
>>>>
>>>> Regards
>>>>
>>>>
>>>>
>>>>
>>>> *Ruslan Pustovoytov <rus-p at inbox.ru <mailto:rus-p at inbox.ru>>*
>>>> Envoyé par : cisco-nsp-bounces at puck.nether.net
>>>><mailto:cisco-nsp-bounces at puck.nether.net>
>>>>
>>>> 27/10/2011 09:42 AM
>>>>
>>>>
>>>> A
>>>> Harold Ritter <hritter at cisco.com <mailto:hritter at cisco.com>>
>>>> cc
>>>> cisco-nsp at puck.nether.net <mailto:cisco-nsp at puck.nether.net>
>>>> Objet
>>>> Re: [c-nsp] 6rd on ASR1k
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Excuse me for a long delay.
>>>>
>>>> I check all of my configuration on client and BR.
>>>> In my lab I have no native 6RD client so I use Windows machine with
>>>>some
>>>> hack.
>>>>
>>>> My client is Windows7 and I use it's 6to4 adapter to emulate 6RD
>>>> functionality.
>>>> When I assign "real" IPv4 address to Local Area network adapter, 6to4
>>>> adapter became functional.
>>>> Then delete automatic 6to4 IPv6 address (2002:....) and add new IPv6
>>>> address accordingly to 6RD rules.
>>>> Also change default 6to4 relay to my 6RD relay IPv4 address
>>>>(192.88.99.127)
>>>>
>>>> Tunnel 6TO4 Adapter:
>>>>
>>>> IPv6-address. . . . . . . . . . . . : 2XXX:YYYY:206:5fa::abca
>>>> Default gateway. . . . . . . . . : 2002:c058:637f::1
>>>>
>>>> My prefix-length for 6RD config in BR is 16 bit.
>>>> So, only left two octets of IPv4 address coded into 6RD IPv6 address.
>>>>
>>>> I add default route for IPv6 family via command:
>>>> netsh interface ipv6>add route ::/0 6to4 2002:0c58:637f::1
>>>> Route table looks like this:
>>>>
>>>> IPv6 таблица маршрута
>>>>
>>>>=======================================================================
>>>>====
>>>> Ðктивные маршруты:
>>>> Метрика Сетевой Ð°Ð´Ñ€ÐµÑ Ð¨Ð»ÑŽÐ·
>>>> 13 281 ::/0 2002:c058:637f::1
>>>> 1 306 ::1/128 On-link
>>>> 12 58 2001::/32 On-link
>>>> 12 306 2001:0:5ef5:79fd:8f5:2c30:4d73:fa05/128
>>>> On-link
>>>> 13 1025 2002::/16 On-link
>>>> 13 281 2a02:2168:206:5fa::/64 On-link
>>>> 13 281 2a02:2168:206:5fa::abca/128
>>>> On-link
>>>> 12 306 fe80::/64 On-link
>>>> 12 306 fe80::8f5:2c30:4d73:fa05/128
>>>> On-link
>>>> 1 306 ff00::/8 On-link
>>>> 12 306 ff00::/8 On-link
>>>>
>>>>=======================================================================
>>>>====
>>>> ПоÑтоÑнные маршруты:
>>>> Метрика Сетевой Ð°Ð´Ñ€ÐµÑ Ð¨Ð»ÑŽÐ·
>>>> 0 4294967295 ::/0 2002:c058:637f::1
>>>>
>>>>=======================================================================
>>>>====
>>>>
>>>> Then I ping 2XXX:YYYY:200:800::2 address.
>>>> When I did command "deb ipv6 icmp" on ASR I see some ICMP but its did
>>>> not relevant for me.
>>>> Wireshark on Windows 6RD client show me that all ICMP packet envelop
>>>> with right IPv4 header and successfully leaving the host.
>>>> Also last interface in my network directly attached to ASR show
>>>> increments on egress direction in packet filter with protocol 41 in
>>>> payload as mask value when I pinging.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Harold Ritter пишет:
>>>>
>>>>> Ruslan,
>>>>>
>>>>> Just to make sure, do you have a default route on the 6rd client
>>>>>pointing
>>>>> at the 6rd BR? Since you are pinging the ASR1k itself, could you
>>>>>please
>>>>> run a "deb ipv6 icmp" on the ASR to see if the ICMP packets are
>>>>>received.
>>>>>
>>>>> Regards
>>>>>
>>>>>
>>>>>
>>>>> Le 11-10-14 01:57, « Ruslan Pustovoitov » <rus-p at mostelekom.net
>>>>><mailto:rus-p at mostelekom.net>> a écrit :
>>>>>
>>>>> >> Hi Harold !
>>>>>
>>>>>> This is my config relevant to 6rd.
>>>>>> Also, I don't know how to debug packets with protocol 41 in IP
>>>>>>payload
>>>>>> in ASR.
>>>>>> Debug in form "debug ip packet #access-list" do not working for non
>>>>>> software routers.
>>>>>>
>>>>>>
>>>>>>
>>>>>> interface Loopback10
>>>>>> description 6RD_Relay
>>>>>> ip address 192.88.99.127 255.255.255.255
>>>>>> !
>>>>>> interface Tunnel0
>>>>>> no ip address
>>>>>> no ip redirects
>>>>>> ipv6 address 2XXX:YYYY:206::/128 anycast
>>>>>> tunnel source Loopback10
>>>>>> tunnel mode ipv6ip 6rd
>>>>>> tunnel 6rd ipv4 prefix-len 16
>>>>>> tunnel 6rd prefix 2XXX:YYYY:206::/48
>>>>>> !
>>>>>> ! Incoming interface for IPv6 encapsulated in IPv4 packets
>>>>>> interface GigabitEthernet0/0/1.531
>>>>>> encapsulation dot1Q 531
>>>>>> ip address ZZZ.ZZZ.255.210 255.255.255.252
>>>>>> no ip redirects
>>>>>> no ip unreachables
>>>>>> no ip proxy-arp
>>>>>> !
>>>>>> interface GigabitEthernet0/0/0.550
>>>>>> encapsulation dot1Q 550
>>>>>> ipv6 address 2XXX:YYYY:200:800::2/126
>>>>>> ipv6 nd ra suppress
>>>>>> !
>>>>>> ipv6 route 2XXX:YYYY:206::/48 Tunnel0
>>>>>>
>>>>>>
>>>>>>
>>>>>> I try to ping 2XXX:YYYY:200:800::2
>>>>>> This is the local IPv6 address for ASR.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Harold Ritter пишет:
>>>>>> >>> Ruslan,
>>>>>>
>>>>>>> Can you provide the BR config and the address you are trying to
>>>>>>>ping.
>>>>>>>
>>>>>>> Regards
>>>>>>>
>>>>>>>
>>>>>>> Le 11-10-07 04:40, « Ruslan Pustovoitov » <rus-p at mostelekom.net
>>>>>>><mailto:rus-p at mostelekom.net>> a
>>>>>>> écrit :
>>>>>>>
>>>>>>> >>> >>>> Hi all
>>>>>>>
>>>>>>>> I try to setup 6rd on asr1k accordingly to
>>>>>>>> http://docwiki.cisco.com/wiki/6rd_Configuration_Example
>>>>>>>> Then I ping6 IPv6 host from client and see that IPv6 packet
>>>>>>>>envelops in
>>>>>>>> IPv4 with right IPv4 destination (6rd relay IPv4 address).
>>>>>>>> This IPv4 packet seccessfully reach asr1k and nothing else.
>>>>>>>>Packets
>>>>>>>> silently disappear.
>>>>>>>>
>>>>>>>> The output of "show tunnel 6rd tunnel 0Interface Tunnel0" dont
>>>>>>>>show
>>>>>>>> any
>>>>>>>> counters info:
>>>>>>>> Tunnel Source: 192.88.99.127
>>>>>>>> 6RD: Operational, V6 Prefix: 2YYY:ZZZZ:206::/48
>>>>>>>> V4 Prefix, Length: 16, Value: 192.88.0.0
>>>>>>>> V4 Suffix, Length: 0, Value: 0.0.0.0
>>>>>>>> General Prefix: 2YYY:ZZZZ:206:637F::/64
>>>>>>>>
>>>>>>>>
>>>>>>>> Also, I don't see any IPv6 packet going from asr1k to IPv6
>>>>>>>>directly
>>>>>>>> connected host where I run tcpdump.
>>>>>>>> Client seccessfully pinging 6rd relay 192.88.99.127
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>>>>>>><mailto:cisco-nsp at puck.nether.net>
>>>>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>>>>> >>>> >>>
>>>>>>>>
>>>>>>> >>> >
>>>>>>>
>>>>> _______________________________________________
>>>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>>>><mailto:cisco-nsp at puck.nether.net>
>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>>
>>>> _______________________________________________
>>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>>><mailto:cisco-nsp at puck.nether.net>
>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>
>>>>
>
More information about the cisco-nsp
mailing list