Configuring BGP Sessions in IPv6

My colleagues were faced with an IPv6 implementation case where the router IOS feature set prevented them from configuring the BGP sessions. I labbed something for them and thought this overall IPv6 BGP session configuration would be worth of documenting here because there are some differences when compared to the usual IPv4-only BGP configurations.

I have two routers here: a Cisco Catalyst 6500 with Sup720 and IOS 15.1(1)SY (Advanced IP Services) (actually a switch but anyway) and a Cisco 3925 with IOS 15.2(4)M3 (IP Base).

cat6500(config)#do terminal monitor
cat6500(config)#ipv6 unicast-routing
cat6500(config)#int g1/25
cat6500(config-if)#ipv6 add 2001:db8::1/64
cat6500(config-if)#int lo0
cat6500(config-if)#ipv6 add 2001:db8:1111::1111/128
cat6500(config-if)#
cisco3925(config)#do terminal monitor
cisco3925(config)#ipv6 unicast-routing
cisco3925(config)#ipv6 cef
cisco3925(config)#int g0/0
cisco3925(config-if)#ipv6 add 2001:db8::2/64
cisco3925(config-if)#int lo0
cisco3925(config-if)#ipv6 add 2001:db8:2222::2222/128
cisco3925(config-if)#do ping 2001:db8::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
cisco3925(config-if)#do sh ipv6 neigh
IPv6 Address                              Age Link-layer Addr State Interface
2001:DB8::1                                 0 00xx.yyyy.5c00  REACH Gi0/0
FE80::21A:ZZZZ:ZZZZ:5C00                   17 00xx.yyyy.5c00  STALE Gi0/0
cisco3925(config-if)#

So the IPv6 reachability is fine between the routers. Let’s setup the BGP session:

cat6500(config-if)#router bgp 1
cat6500(config-router)#neighbor 2001:db8::2 remote-as 2
cat6500(config-router)#do sh run part router bgp 1
...
router bgp 1
 bgp log-neighbor-changes
 neighbor 2001:DB8::2 remote-as 2
!
...
cat6500(config-router)#do sh ip bgp all summary
cat6500(config-router)#

Hmm? There seems to be no BGP process running at all. Configuration is there but nothing is shown with the “show ip bgp” command. (As a side note, with IPv4 the “neighbor x.x.x.x remote-as y” is enough to get the BGP process started and the BGP session established if reachability is present.)

Let’s configure the other router first:

cisco3925(config-if)#router bgp 2
cisco3925(config-router)#neighbor 2001:db8::1 remote-as 1
cisco3925(config-router)#do sh run part router bgp 2
...
router bgp 2
 bgp log-neighbor-changes
 neighbor 2001:DB8::1 remote-as 1
!
...
cisco3925(config-router)#do sh ip bgp all summary
cisco3925(config-router)#

Same situation here with 3925. At this point, let’s enable some debugging for the BGP updates to be sure we notice when something happens:

cat6500(config-router)#do debug bgp ipv4 unicast updates
BGP updates debugging is on for address family: IPv4 Unicast
cat6500(config-router)#do debug bgp ipv6 unicast updates
BGP updates debugging is on for address family: IPv4 Unicast IPv6 Unicast
cat6500(config-router)#
cisco3925(config-router)#do debug bgp ipv4 unicast updates
BGP updates debugging is on for address family: IPv4 Unicast
cisco3925(config-router)#do debug bgp ipv6 unicast updates
BGP updates debugging is on for address family: IPv4 Unicast IPv6 Unicast
cisco3925(config-router)#

Let’s try to activate the BGP neighbor:

cat6500(config-router)#neighbor 2001:db8::2 activate
cat6500(config-router)#do sh ip bgp all sum
For address family: IPv4 Unicast
BGP router identifier 192.168.2.1, local AS number 1
BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2001:DB8::2     4            2       0       0        1    0    0 never    Idle
cat6500(config-router)#

Nice! The BGP process clearly started. Note that the address family is still IPv4 Unicast even though the neighbor address is IPv6 address! This is due to the multiprotocol BGP. Basically the transport of the BGP session is not related to the protocol whose prefixes are being exchanged (= the address family). Btw, don’t care about the BGP router ID, I have some other configuration here as well so the BGP process picked up one of the IPv4 addresses for the router ID. Let’s see the configuration now:

cat6500(config-router)#do sh run part router bgp 1
...
router bgp 1
 bgp log-neighbor-changes
 neighbor 2001:DB8::2 remote-as 2
 !
 address-family ipv4
  neighbor 2001:DB8::2 activate
 exit-address-family
!
...
cat6500(config-router)#

Ok… we have now an address family of IPv4 shown in the configuration, and our neighbor has been activated under that address family. Looks weird.

I’ll configure the other router as well:

cisco3925(config-router)#neighbor 2001:db8::1 activate
cisco3925(config-router)#
Apr 24 16:04:04.955: %BGP-5-ADJCHANGE: neighbor 2001:DB8::1 Up
cisco3925(config-router)#do sh ip bgp all sum
For address family: IPv4 Unicast
BGP router identifier 172.20.47.116, local AS number 2
BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2001:DB8::1     4            1       4       4        1    0    0 00:00:06        0
cisco3925(config-router)#

Note that the BGP session came up immediately since the BGP process was started here as well and the routers were able to reach each other. No prefixes are there because we haven’t announced anything yet. And, we haven’t done anything with the “IPv4 Unicast” part yet…

cisco3925(config-router)#do sh run part router bgp 2
...
router bgp 2
 bgp log-neighbor-changes
 neighbor 2001:DB8::1 remote-as 1
 !
 address-family ipv4
  neighbor 2001:DB8::1 activate
 exit-address-family
!
...
cisco3925(config-router)#

I’ll just try to announce the loopback on cat6500:

cat6500(config-router)#network 2001:db8:1111::1111/128
                                  ^
% Invalid input detected at '^' marker.

cat6500(config-router)#network ?
% Unrecognized command
cat6500(config-router)#

So, since the configuration has now been converted to an address family configuration we need to use that. Because I have your attention still, I’ll try something here:

cat6500(config-router)#address-family ipv4
cat6500(config-router-af)#network 2001:db8:1111::1111/128
                                     ^
% Invalid input detected at '^' marker.

cat6500(config-router-af)#network ?
A.B.C.D  Network number

cat6500(config-router-af)#address-family ipv6
cat6500(config-router-af)#network 2001:db8:1111::1111/128
cat6500(config-router-af)#
Apr 24 16:15:52.387: BGP(1): redist event (1) request for 2001:DB8:1111::1111/128
cat6500(config-router-af)#
Apr 24 16:16:01.284: BGP(1): 2001:DB8:1111::1111/128 route sourced locally
Apr 24 16:16:01.284: BGP: topo global:IPv6 Unicast:base Remove_fwdroute for 2001:DB8:1111::1111/128
cat6500(config-router-af)#do sh run part router bgp 1
...
router bgp 1
 bgp log-neighbor-changes
 neighbor 2001:DB8::2 remote-as 2
 !
 address-family ipv4
  neighbor 2001:DB8::2 activate
 exit-address-family
 !
 address-family ipv6
  network 2001:DB8:1111::1111/128
 exit-address-family
!
...
cat6500(config-router-af)#

The prefix was not shown in the other router yet.

Let’s give up with the IPv4 Unicast address family and activate IPv6 (we are still in the IPv6 address family configuration mode):

cat6500(config-router-af)#neighbor 2001:db8::2 activate
cat6500(config-router-af)#
Apr 24 16:20:17.893: %BGP-5-NBR_RESET: Neighbor 2001:DB8::2 reset (Capability changed)
Apr 24 16:20:17.893: %BGP-5-ADJCHANGE: neighbor 2001:DB8::2 Down Capability changed
Apr 24 16:20:17.893: %BGP_SESSION-5-ADJCHANGE: neighbor 2001:DB8::2 IPv4 Unicast topology base removed from session  Capability changed
Apr 24 16:20:18.377: %BGP_SESSION-5-ADJCHANGE: neighbor 2001:DB8::2 IPv6 Unicast topology base removed from session  Capability changed
Apr 24 16:20:18.377: %BGP-5-ADJCHANGE: neighbor 2001:DB8::2 Up
cat6500(config-router-af)#
cisco3925(config-router)#
Apr 24 16:20:17.899: %BGP-5-ADJCHANGE: neighbor 2001:DB8::1 Down Peer closed the session
Apr 24 16:20:17.899: %BGP_SESSION-5-ADJCHANGE: neighbor 2001:DB8::1 IPv4 Unicast topology base removed from session  Peer closed the session
Apr 24 16:20:18.383: %BGP-5-ADJCHANGE: neighbor 2001:DB8::1 Up
cisco3925(config-router)#

BGP session was flapped due to address family reconfigurations. I’ll go and activate IPv6 address family on the other router as well:

cisco3925(config-router)#address-family ipv6
cisco3925(config-router-af)#nei 2001:db8::1 activate
cisco3925(config-router-af)#
Apr 24 16:21:57.971: %BGP-5-ADJCHANGE: neighbor 2001:DB8::1 Down Capability changed
Apr 24 16:21:57.971: %BGP_SESSION-5-ADJCHANGE: neighbor 2001:DB8::1 IPv4 Unicast topology base removed from session  Capability changed
Apr 24 16:21:58.279: %BGP-5-ADJCHANGE: neighbor 2001:DB8::1 Up
cisco3925(config-router-af)#
Apr 24 16:21:58.283: BGP(1): 2001:DB8::1 rcvd UPDATE w/ attr: nexthop 2001:DB8::1 (FE80::21A:30FF:FEDB:5C00), origin i, metric 0, merged path 1, AS_PATH
Apr 24 16:21:58.283: BGP(1): 2001:DB8::1 rcvd
Apr 24 16:21:58.283: BGP(1): Revise route installing 2001:DB8:1111::1111/128 -> 2001:DB8::1 (FE80::21A:30FF:FEDB:5C00) to main IPv6 table
cisco3925(config-router-af)#
cat6500(config-router-af)#
Apr 24 16:21:57.966: %BGP-5-NBR_RESET: Neighbor 2001:DB8::2 reset (Peer closed the session)
Apr 24 16:21:57.966: %BGP-5-ADJCHANGE: neighbor 2001:DB8::2 Down Peer closed the session
Apr 24 16:21:57.966: %BGP_SESSION-5-ADJCHANGE: neighbor 2001:DB8::2 IPv4 Unicast topology base removed from session  Peer closed the session
Apr 24 16:21:58.274: %BGP-5-ADJCHANGE: neighbor 2001:DB8::2 Up
cat6500(config-router-af)#
Apr 24 16:21:58.278: BGP(1): (base) 2001:DB8::2 send UPDATE (format) 2001:DB8:1111::1111/128, next 2001:DB8::1, metric 0, path Local
cat6500(config-router-af)#

Looks fine, we immediately got signs about a BGP prefix update.

cisco3925(config-router-af)#do sh ip bgp all
For address family: IPv4 Unicast

For address family: IPv6 Unicast

BGP table version is 2, local router ID is 172.20.47.116
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network          Next Hop            Metric LocPrf Weight Path
*>  2001:DB8:1111::1111/128
                 2001:DB8::1              0             0 1 i

For address family: IPv4 Multicast

cisco3925(config-router-af)#do ping 2001:db8:1111::1111
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:1111::1111, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
cisco3925(config-router-af)#network 2001:db8:2222::2222/128
cisco3925(config-router-af)#
Apr 24 16:25:07.403: BGP(1): 2001:DB8:2222::2222/128 route sourced locally
Apr 24 16:25:07.403: BGP: topo global:IPv6 Unicast:base Remove_fwdroute for 2001:DB8:2222::2222/128
Apr 24 16:25:07.403: BGP(1): redist event (1) request for 2001:DB8:2222::2222/128
Apr 24 16:25:07.403: BGP(1): (base) 2001:DB8::1 send UPDATE (format) 2001:DB8:2222::2222/128, next 2001:DB8::2, metric 0, path Local
cisco3925(config-router-af)#
cat6500(config-router-af)#
Apr 24 16:25:07.399: BGP(1): 2001:DB8::2 rcvd UPDATE w/ attr: nexthop 2001:DB8::2 (FE80::C671:FEFF:FE88:A980), origin i, metric 0, merged path 2, AS_PATH
Apr 24 16:25:07.399: BGP(1): 2001:DB8::2 rcvd 2001:DB8:2222::2222/128
Apr 24 16:25:07.399: BGP(1): Revise route installing 2001:DB8:2222::2222/128 -> 2001:DB8::2 (FE80::C671:FEFF:FE88:A980) to main IPv6 table
cat6500(config-router-af)#do sh ip bgp all sum
For address family: IPv4 Unicast
BGP router identifier 192.168.2.1, local AS number 1
BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2001:DB8::2     4            2       9      10        1    0    0 00:03:44        0

For address family: IPv6 Unicast
BGP router identifier 192.168.2.1, local AS number 1
BGP table version is 3, main routing table version 3
2 network entries using 336 bytes of memory
2 path entries using 208 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 840 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2001:DB8::2     4            2       9      10        3    0    0 00:03:44        1
cat6500(config-router-af)#do sh ip bgp all
For address family: IPv4 Unicast

For address family: IPv6 Unicast

BGP table version is 3, local router ID is 192.168.2.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network          Next Hop            Metric LocPrf Weight Path
*>  2001:DB8:1111::1111/128
                 ::                       0         32768 i
*>  2001:DB8:2222::2222/128
                 2001:DB8::2              0             0 2 i

For address family: IPv4 Multicast

cat6500(config-router-af)#

Let’s go and disable the IPv4 Unicast address family because we don’t need it:

cat6500(config-router-af)#address-family ipv4
cat6500(config-router-af)#no neigh 2001:db8::2 activate
cat6500(config-router-af)#
Apr 24 16:27:09.864: BGP(1): no valid path for 2001:DB8:2222::2222/128
Apr 24 16:27:09.864: %BGP_SESSION-5-ADJCHANGE: neighbor 2001:DB8::2 IPv4 Unicast topology base removed from session  Neighbor deleted
Apr 24 16:27:09.864: %BGP-5-ADJCHANGE: neighbor 2001:DB8::2 Down Neighbor deleted
Apr 24 16:27:09.864: %BGP_SESSION-5-ADJCHANGE: neighbor 2001:DB8::2 IPv6 Unicast topology base removed from session  Neighbor deleted
cat6500(config-router-af)#
Apr 24 16:27:09.864: BGP(1): nettable_walker 2001:DB8:2222::2222/128 no best path
Apr 24 16:27:09.864: BGP: topo global:IPv6 Unicast:base Remove_fwdroute for 2001:DB8:2222::2222/128
cat6500(config-router-af)#
Apr 24 16:27:19.812: %BGP-5-ADJCHANGE: neighbor 2001:DB8::2 Up
cat6500(config-router-af)#
Apr 24 16:27:19.816: BGP(1): (base) 2001:DB8::2 send UPDATE (format) 2001:DB8:1111::1111/128, next 2001:DB8::1, metric 0, path Local
Apr 24 16:27:19.816: BGP(1): 2001:DB8::2 rcvd UPDATE w/ attr: nexthop 2001:DB8::2 (FE80::C671:FEFF:FE88:A980), origin i, metric 0, merged path 2, AS_PATH
Apr 24 16:27:19.816: BGP(1): 2001:DB8::2 rcvd 2001:DB8:2222::2222/128
Apr 24 16:27:19.816: BGP(1): Revise route installing 2001:DB8:2222::2222/128 -> 2001:DB8::2 (FE80::C671:FEFF:FE88:A980) to main IPv6 table
cat6500(config-router-af)#
cisco3925(config-router-af)#address-family ipv4
cisco3925(config-router-af)#no neigh 2001:db8::1 activate
cisco3925(config-router-af)#

So finally we have only the IPv6 address family present:

cat6500(config-router-af)#do sh ip bgp all sum
For address family: IPv6 Unicast
BGP router identifier 192.168.2.1, local AS number 1
BGP table version is 5, main routing table version 5
2 network entries using 336 bytes of memory
2 path entries using 208 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 840 total bytes of memory
BGP activity 2/0 prefixes, 3/1 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2001:DB8::2     4            2       7       7        5    0    0 00:02:00        1
cat6500(config-router-af)#
cisco3925(config-router-af)#do sh ip bgp all sum
For address family: IPv6 Unicast
BGP router identifier 172.20.47.116, local AS number 2
BGP table version is 5, main routing table version 5
2 network entries using 344 bytes of memory
2 path entries using 176 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 816 total bytes of memory
BGP activity 3/1 prefixes, 3/1 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2001:DB8::1     4            1       7       7        5    0    0 00:02:24        1
cisco3925(config-router-af)#

The final configurations:

cat6500(config-router-af)#do sh run part router bgp 1
...
router bgp 1
 bgp log-neighbor-changes
 neighbor 2001:DB8::2 remote-as 2
 !
 address-family ipv4
  no neighbor 2001:DB8::2 activate
  exit-address-family
 !
 address-family ipv6
  network 2001:DB8:1111::1111/128
  neighbor 2001:DB8::2 activate
 exit-address-family
!
...
cat6500(config-router-af)#
cisco3925(config-router-af)#do sh run part router bgp 2
...
router bgp 2
 bgp log-neighbor-changes
 neighbor 2001:DB8::1 remote-as 1
 !
 address-family ipv4
  no neighbor 2001:DB8::1 activate
 exit-address-family
 !
 address-family ipv6
  network 2001:DB8:2222::2222/128
  neighbor 2001:DB8::1 activate
 exit-address-family
!
...
cisco3925(config-router-af)#

This ends our example of IPv6 BGP session configuration. The bottom line here is: you need to configure the IPv6 BGP neighbor configurations in the IPv6 address family configuration mode, and neighbor activation command is needed.

  1. Actually you do can enable IPv4 AFI for an IPv6 neighbor, but that is solely for propagating IPv4 routing information. More usual setup is to use IPv4 TCP transport for propagating either and/or IPv6 prefix information, with this kind of a (pseudo) configuration

    neighbor 1.2.3.4 remote-as 1

    address-family ipv6
    neighbor 1.2.3.4 activate
    network x:x::/32

    The problem comes with a next-hop information; There is a BGP “rule” which states that the next-hop information must be from the same address family as the NLRI is. In other words, if you carry IPv6 routes, you’ll have to have an IPv6 next-hop within the NLRI. If you are propagating IPv6 information over IPv4-only BGP session, you don’t have this information. That’s why you’ll have to configure “IPv4-mapped IPv6 address” and either propagate it through IGP (if multihop) or simply configure it on the connected interface (if one hop). Example

    Gi0/0
    ip address 1.2.3.5/24
    ipv6 address ::ffff:1.2.3.5/104

    Notice the /104 network mask! If you had /30, IPv6 mask would become /126, respectively.

  2. Markku Leiniö

    Thanks Joni! I’ll just hope I don’t have to configure v4v6 mapped addresses anywhere ever :-D

Leave a Reply