[j-nsp] 6PE without family inet6 labeled-unicast
Andrey Kostin
ankost at podolsk.ru
Fri Jul 20 15:58:56 EDT 2018
Hello juniper-nsp,
I've accidentally encountered an interesting behavior and wondering if
anyone already seen it before or may be it's documented. So pointing to
the docs is appreciated.
The story:
We began to activate ipv6 for customers connected from cable network
after cable provider eventually added ipv6 support. We receive prefixes
from cable network via eBGP and then redistribute them inside our AS
with iBGP. There are two PE connected to cable network and receiving
same prefixes, so for traffic load-balancing we change next-hop to
anycast loopback address shared by those two PE and use dedicated LSPs
to that IP with "no-install" for real PE loopback addresses.
IPv6 wasn't deemed to use MPLS and existing plain iBGP sessions between
IPv6 addresses with family inet6 unicast were supposed to be reused.
However, the same export policy with term that changes next-hop for
specific community is used for both family inet and inet6, so it
started to assign IPv4 next-hop to IPv6 prefixes implicitly.
Here is the example of one prefix.
## here PE receives prefix from eBGP neighbor:
uuuu at re1.agg01.LLL2> show route XXXX:XXXX:e1bc::/46
inet6.0: 52939 destinations, 105912 routes (52920 active, 1 holddown,
24 hidden)
+ = Active Route, - = Last Active, * = Both
XXXX:XXXX:e1bc::/46*[BGP/170] 5d 13:16:26, MED 100, localpref 100
AS path: EEEE I, validation-state: unverified
> to XXXX:XXXX:ffff:f200:0:2:2:2 via ae2.202
## Now PE advertises it to iBGP neighbor with next-hop changed to plain
IP:
uuuu at re1.agg01.LLL2> show route XXXX:XXXX:e1bc::/46
advertising-protocol bgp XXXX:XXXX:1::1:140
inet6.0: 52907 destinations, 105843 routes (52883 active, 6 holddown,
24 hidden)
Prefix Nexthop MED Lclpref AS
path
* XXXX:XXXX:e1bc::/46 YYY.YYY.155.141 100 100 EEEE
I
## Same output as above with details
{master}
uuuu at re1.agg01.LLL2> show route XXXX:XXXX:e1bc::/46
advertising-protocol bgp XXXX:XXXX:1::1:140 detail ## Session is
between v6 addresses
inet6.0: 52902 destinations, 105836 routes (52881 active, 3 holddown,
24 hidden)
* XXXX:XXXX:e1bc::/46 (3 entries, 1 announced)
BGP group internal-v6 type Internal
Nexthop: YYY.YYY.155.141 ## v6
prefix advertised with plain v4 next-hop
Flags: Nexthop Change
MED: 100
Localpref: 100
AS path: [IIII] EEEE I
Communities: IIII:10102 no-export
## iBGP neighbor receives prefix with tooled next hop and uses
established LSPs to forward traffic:
uuuu at re0.bdr01.LLL> show route XXXX:XXXX:e1bc::/46
inet6.0: 52955 destinations, 323835 routes (52877 active, 10 holddown,
79 hidden)
+ = Active Route, - = Last Active, * = Both
XXXX:XXXX:e1bc::/46*[BGP/170] 5d 13:01:12, MED 100, localpref 100, from
XXXX:XXXX:1::1:240
AS path: EEEE I, validation-state: unverified
to YYY.YYY.155.14 via ae1.0, label-switched-path
BE-bdr01.LLL-vvvv-agg01.LLL2-1
to YYY.YYY.155.9 via ae12.0, label-switched-path
BE-bdr01.LLL-vvvv-agg01.LLL2-2
to YYY.YYY.155.95 via ae4.0, label-switched-path
BE-bdr01.LLL-vvvv-agg01.LLL-1
to YYY.YYY.155.9 via ae12.0, label-switched-path
BE-bdr01.LLL-vvvv-agg01.LLL-2
uuuu at re0.bdr01.LLL> show route XXXX:XXXX:e1bc::/46 detail | match
"Protocol|XXXX:XXXX|BE-"
XXXX:XXXX:e1bc::/46 (3 entries, 1 announced)
Source: XXXX:XXXX:1::1:240
Label-switched-path BE-bdr01.LLL-vvvv-agg01.LLL2-1
Label-switched-path BE-bdr01.LLL-vvvv-agg01.LLL2-2
Label-switched-path BE-bdr01.LLL-vvvv-agg01.LLL-1
Label-switched-path BE-bdr01.LLL-vvvv-agg01.LLL-2
Protocol next hop: ::ffff:YYY.YYY.155.141
### Seems that IPv4 next hop has been converted to compatible form
Task: BGP_IIII.XXXX:XXXX:1::1:240
Source: XXXX:XXXX:1::7
## The policy assigning next-hop is the same for v4 and v6 sessions,
only one term is shown:
uuuu at re1.agg01.LLL2> show configuration protocols bgp group internal-v4
export
export [ deny-rfc3330 to-bgp ];
{master}
uuuu at re1.agg01.LLL2> show configuration protocols bgp group internal-v6
export
export [ deny-rfc3330 to-bgp ];
uuuu at re1.agg01.LLL2> show configuration policy-options policy-statement
to-bgp | display inheritance no-comments
term vvvv-vvvv {
from {
community vvvv-vvvv;
tag 33;
}
then {
next-hop YYY.YYY.155.141;
accept;
}
}
uuuu at re0.bdr01.LLL> show route forwarding-table destination
XXXX:XXXX:e1bc::/46
Routing table: default.inet6
Internet6:
Destination Type RtRef Next hop Type Index NhRef
Netif
XXXX:XXXX:e1bc::/46 user 0 indr 1049181 37
ulst 1050092 4
YYY.YYY.155.14 ucst 1775 1
ae1.0
YYY.YYY.155.9 Push 486887 1859
1 ae12.0
YYY.YYY.155.95 ucst 2380 1
ae4.0
YYY.YYY.155.9 Push 486892 2555
1 ae12.0
The result is that we have IPv6 traffic forwarded via MPLS without 6PE
configured properly. ipv6-tunneling is configured under "protocols mpls"
but no "family inet6 labeled-unicast explicit-null" under v4 iBGP
session.
It works as far as we have v6 enabled on all MPLS links, so packets are
not dropped because of implicit-null label.
Looks sketchy but it works. Has anybody seen/used it before?
--
Kind regards,
Andrey Kostin
More information about the juniper-nsp
mailing list