My colleagues were faced with an IPv6 implementation case where the router IOS feature set prevented them from configuring the BGP sessions. I labbed something for them and thought this overall IPv6 BGP session configuration would be worth of documenting here because there are some differences when compared to the usual IPv4-only BGP configurations.
I have two routers here: a Cisco Catalyst 6500 with Sup720 and IOS 15.1(1)SY (Advanced IP Services) (actually a switch but anyway) and a Cisco 3925 with IOS 15.2(4)M3 (IP Base).
cat6500(config)#do terminal monitor cat6500(config)#ipv6 unicast-routing cat6500(config)#int g1/25 cat6500(config-if)#ipv6 add 2001:db8::1/64 cat6500(config-if)#int lo0 cat6500(config-if)#ipv6 add 2001:db8:1111::1111/128 cat6500(config-if)#
cisco3925(config)#do terminal monitor cisco3925(config)#ipv6 unicast-routing cisco3925(config)#ipv6 cef cisco3925(config)#int g0/0 cisco3925(config-if)#ipv6 add 2001:db8::2/64 cisco3925(config-if)#int lo0 cisco3925(config-if)#ipv6 add 2001:db8:2222::2222/128 cisco3925(config-if)#do ping 2001:db8::1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8::1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms cisco3925(config-if)#do sh ipv6 neigh IPv6 Address Age Link-layer Addr State Interface 2001:DB8::1 0 00xx.yyyy.5c00 REACH Gi0/0 FE80::21A:ZZZZ:ZZZZ:5C00 17 00xx.yyyy.5c00 STALE Gi0/0 cisco3925(config-if)#
So the IPv6 reachability is fine between the routers. Let’s setup the BGP session:
cat6500(config-if)#router bgp 1 cat6500(config-router)#neighbor 2001:db8::2 remote-as 2 cat6500(config-router)#do sh run part router bgp 1 ... router bgp 1 bgp log-neighbor-changes neighbor 2001:DB8::2 remote-as 2 ! ... cat6500(config-router)#do sh ip bgp all summary cat6500(config-router)#
Hmm? There seems to be no BGP process running at all. Configuration is there but nothing is shown with the “show ip bgp” command. (As a side note, with IPv4 the “neighbor x.x.x.x remote-as y” is enough to get the BGP process started and the BGP session established if reachability is present.)
Let’s configure the other router first:
cisco3925(config-if)#router bgp 2 cisco3925(config-router)#neighbor 2001:db8::1 remote-as 1 cisco3925(config-router)#do sh run part router bgp 2 ... router bgp 2 bgp log-neighbor-changes neighbor 2001:DB8::1 remote-as 1 ! ... cisco3925(config-router)#do sh ip bgp all summary cisco3925(config-router)#
Same situation here with 3925. At this point, let’s enable some debugging for the BGP updates to be sure we notice when something happens:
cat6500(config-router)#do debug bgp ipv4 unicast updates BGP updates debugging is on for address family: IPv4 Unicast cat6500(config-router)#do debug bgp ipv6 unicast updates BGP updates debugging is on for address family: IPv4 Unicast IPv6 Unicast cat6500(config-router)#
cisco3925(config-router)#do debug bgp ipv4 unicast updates BGP updates debugging is on for address family: IPv4 Unicast cisco3925(config-router)#do debug bgp ipv6 unicast updates BGP updates debugging is on for address family: IPv4 Unicast IPv6 Unicast cisco3925(config-router)#
Let’s try to activate the BGP neighbor:
cat6500(config-router)#neighbor 2001:db8::2 activate cat6500(config-router)#do sh ip bgp all sum For address family: IPv4 Unicast BGP router identifier 192.168.2.1, local AS number 1 BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 2001:DB8::2 4 2 0 0 1 0 0 never Idle cat6500(config-router)#
Nice! The BGP process clearly started. Note that the address family is still IPv4 Unicast even though the neighbor address is IPv6 address! This is due to the multiprotocol BGP. Basically the transport of the BGP session is not related to the protocol whose prefixes are being exchanged (= the address family). Btw, don’t care about the BGP router ID, I have some other configuration here as well so the BGP process picked up one of the IPv4 addresses for the router ID. Let’s see the configuration now:
cat6500(config-router)#do sh run part router bgp 1
...
router bgp 1
bgp log-neighbor-changes
neighbor 2001:DB8::2 remote-as 2
!
address-family ipv4
neighbor 2001:DB8::2 activate
exit-address-family
!
...
cat6500(config-router)#
Ok… we have now an address family of IPv4 shown in the configuration, and our neighbor has been activated under that address family. Looks weird.
I’ll configure the other router as well:
cisco3925(config-router)#neighbor 2001:db8::1 activate cisco3925(config-router)# Apr 24 16:04:04.955: %BGP-5-ADJCHANGE: neighbor 2001:DB8::1 Up cisco3925(config-router)#do sh ip bgp all sum For address family: IPv4 Unicast BGP router identifier 172.20.47.116, local AS number 2 BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 2001:DB8::1 4 1 4 4 1 0 0 00:00:06 0 cisco3925(config-router)#
Note that the BGP session came up immediately since the BGP process was started here as well and the routers were able to reach each other. No prefixes are there because we haven’t announced anything yet. And, we haven’t done anything with the “IPv4 Unicast” part yet…
cisco3925(config-router)#do sh run part router bgp 2
...
router bgp 2
bgp log-neighbor-changes
neighbor 2001:DB8::1 remote-as 1
!
address-family ipv4
neighbor 2001:DB8::1 activate
exit-address-family
!
...
cisco3925(config-router)#
I’ll just try to announce the loopback on cat6500:
cat6500(config-router)#network 2001:db8:1111::1111/128 ^ % Invalid input detected at '^' marker. cat6500(config-router)#network ? % Unrecognized command cat6500(config-router)#
So, since the configuration has now been converted to an address family configuration we need to use that. Because I have your attention still, I’ll try something here:
cat6500(config-router)#address-family ipv4 cat6500(config-router-af)#network 2001:db8:1111::1111/128 ^ % Invalid input detected at '^' marker. cat6500(config-router-af)#network ? A.B.C.D Network number cat6500(config-router-af)#address-family ipv6 cat6500(config-router-af)#network 2001:db8:1111::1111/128 cat6500(config-router-af)# Apr 24 16:15:52.387: BGP(1): redist event (1) request for 2001:DB8:1111::1111/128 cat6500(config-router-af)# Apr 24 16:16:01.284: BGP(1): 2001:DB8:1111::1111/128 route sourced locally Apr 24 16:16:01.284: BGP: topo global:IPv6 Unicast:base Remove_fwdroute for 2001:DB8:1111::1111/128 cat6500(config-router-af)#do sh run part router bgp 1 ... router bgp 1 bgp log-neighbor-changes neighbor 2001:DB8::2 remote-as 2 ! address-family ipv4 neighbor 2001:DB8::2 activate exit-address-family ! address-family ipv6 network 2001:DB8:1111::1111/128 exit-address-family ! ... cat6500(config-router-af)#
The prefix was not shown in the other router yet.
Let’s give up with the IPv4 Unicast address family and activate IPv6 (we are still in the IPv6 address family configuration mode):
cat6500(config-router-af)#neighbor 2001:db8::2 activate
cat6500(config-router-af)#
Apr 24 16:20:17.893: %BGP-5-NBR_RESET: Neighbor 2001:DB8::2 reset (Capability changed)
Apr 24 16:20:17.893: %BGP-5-ADJCHANGE: neighbor 2001:DB8::2 Down Capability changed
Apr 24 16:20:17.893: %BGP_SESSION-5-ADJCHANGE: neighbor 2001:DB8::2 IPv4 Unicast topology base removed from session Capability changed
Apr 24 16:20:18.377: %BGP_SESSION-5-ADJCHANGE: neighbor 2001:DB8::2 IPv6 Unicast topology base removed from session Capability changed
Apr 24 16:20:18.377: %BGP-5-ADJCHANGE: neighbor 2001:DB8::2 Up
cat6500(config-router-af)#
cisco3925(config-router)# Apr 24 16:20:17.899: %BGP-5-ADJCHANGE: neighbor 2001:DB8::1 Down Peer closed the session Apr 24 16:20:17.899: %BGP_SESSION-5-ADJCHANGE: neighbor 2001:DB8::1 IPv4 Unicast topology base removed from session Peer closed the session Apr 24 16:20:18.383: %BGP-5-ADJCHANGE: neighbor 2001:DB8::1 Up cisco3925(config-router)#
BGP session was flapped due to address family reconfigurations. I’ll go and activate IPv6 address family on the other router as well:
cisco3925(config-router)#address-family ipv6 cisco3925(config-router-af)#nei 2001:db8::1 activate cisco3925(config-router-af)# Apr 24 16:21:57.971: %BGP-5-ADJCHANGE: neighbor 2001:DB8::1 Down Capability changed Apr 24 16:21:57.971: %BGP_SESSION-5-ADJCHANGE: neighbor 2001:DB8::1 IPv4 Unicast topology base removed from session Capability changed Apr 24 16:21:58.279: %BGP-5-ADJCHANGE: neighbor 2001:DB8::1 Up cisco3925(config-router-af)# Apr 24 16:21:58.283: BGP(1): 2001:DB8::1 rcvd UPDATE w/ attr: nexthop 2001:DB8::1 (FE80::21A:30FF:FEDB:5C00), origin i, metric 0, merged path 1, AS_PATH Apr 24 16:21:58.283: BGP(1): 2001:DB8::1 rcvd Apr 24 16:21:58.283: BGP(1): Revise route installing 2001:DB8:1111::1111/128 -> 2001:DB8::1 (FE80::21A:30FF:FEDB:5C00) to main IPv6 table cisco3925(config-router-af)#
cat6500(config-router-af)# Apr 24 16:21:57.966: %BGP-5-NBR_RESET: Neighbor 2001:DB8::2 reset (Peer closed the session) Apr 24 16:21:57.966: %BGP-5-ADJCHANGE: neighbor 2001:DB8::2 Down Peer closed the session Apr 24 16:21:57.966: %BGP_SESSION-5-ADJCHANGE: neighbor 2001:DB8::2 IPv4 Unicast topology base removed from session Peer closed the session Apr 24 16:21:58.274: %BGP-5-ADJCHANGE: neighbor 2001:DB8::2 Up cat6500(config-router-af)# Apr 24 16:21:58.278: BGP(1): (base) 2001:DB8::2 send UPDATE (format) 2001:DB8:1111::1111/128, next 2001:DB8::1, metric 0, path Local cat6500(config-router-af)#
Looks fine, we immediately got signs about a BGP prefix update.
cisco3925(config-router-af)#do sh ip bgp all For address family: IPv4 Unicast For address family: IPv6 Unicast BGP table version is 2, local router ID is 172.20.47.116 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 2001:DB8:1111::1111/128 2001:DB8::1 0 0 1 i For address family: IPv4 Multicast cisco3925(config-router-af)#do ping 2001:db8:1111::1111 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:1111::1111, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms cisco3925(config-router-af)#network 2001:db8:2222::2222/128 cisco3925(config-router-af)# Apr 24 16:25:07.403: BGP(1): 2001:DB8:2222::2222/128 route sourced locally Apr 24 16:25:07.403: BGP: topo global:IPv6 Unicast:base Remove_fwdroute for 2001:DB8:2222::2222/128 Apr 24 16:25:07.403: BGP(1): redist event (1) request for 2001:DB8:2222::2222/128 Apr 24 16:25:07.403: BGP(1): (base) 2001:DB8::1 send UPDATE (format) 2001:DB8:2222::2222/128, next 2001:DB8::2, metric 0, path Local cisco3925(config-router-af)#
cat6500(config-router-af)# Apr 24 16:25:07.399: BGP(1): 2001:DB8::2 rcvd UPDATE w/ attr: nexthop 2001:DB8::2 (FE80::C671:FEFF:FE88:A980), origin i, metric 0, merged path 2, AS_PATH Apr 24 16:25:07.399: BGP(1): 2001:DB8::2 rcvd 2001:DB8:2222::2222/128 Apr 24 16:25:07.399: BGP(1): Revise route installing 2001:DB8:2222::2222/128 -> 2001:DB8::2 (FE80::C671:FEFF:FE88:A980) to main IPv6 table cat6500(config-router-af)#do sh ip bgp all sum For address family: IPv4 Unicast BGP router identifier 192.168.2.1, local AS number 1 BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 2001:DB8::2 4 2 9 10 1 0 0 00:03:44 0 For address family: IPv6 Unicast BGP router identifier 192.168.2.1, local AS number 1 BGP table version is 3, main routing table version 3 2 network entries using 336 bytes of memory 2 path entries using 208 bytes of memory 2/2 BGP path/bestpath attribute entries using 272 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 840 total bytes of memory BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 2001:DB8::2 4 2 9 10 3 0 0 00:03:44 1 cat6500(config-router-af)#do sh ip bgp all For address family: IPv4 Unicast For address family: IPv6 Unicast BGP table version is 3, local router ID is 192.168.2.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 2001:DB8:1111::1111/128 :: 0 32768 i *> 2001:DB8:2222::2222/128 2001:DB8::2 0 0 2 i For address family: IPv4 Multicast cat6500(config-router-af)#
Let’s go and disable the IPv4 Unicast address family because we don’t need it:
cat6500(config-router-af)#address-family ipv4 cat6500(config-router-af)#no neigh 2001:db8::2 activate cat6500(config-router-af)# Apr 24 16:27:09.864: BGP(1): no valid path for 2001:DB8:2222::2222/128 Apr 24 16:27:09.864: %BGP_SESSION-5-ADJCHANGE: neighbor 2001:DB8::2 IPv4 Unicast topology base removed from session Neighbor deleted Apr 24 16:27:09.864: %BGP-5-ADJCHANGE: neighbor 2001:DB8::2 Down Neighbor deleted Apr 24 16:27:09.864: %BGP_SESSION-5-ADJCHANGE: neighbor 2001:DB8::2 IPv6 Unicast topology base removed from session Neighbor deleted cat6500(config-router-af)# Apr 24 16:27:09.864: BGP(1): nettable_walker 2001:DB8:2222::2222/128 no best path Apr 24 16:27:09.864: BGP: topo global:IPv6 Unicast:base Remove_fwdroute for 2001:DB8:2222::2222/128 cat6500(config-router-af)# Apr 24 16:27:19.812: %BGP-5-ADJCHANGE: neighbor 2001:DB8::2 Up cat6500(config-router-af)# Apr 24 16:27:19.816: BGP(1): (base) 2001:DB8::2 send UPDATE (format) 2001:DB8:1111::1111/128, next 2001:DB8::1, metric 0, path Local Apr 24 16:27:19.816: BGP(1): 2001:DB8::2 rcvd UPDATE w/ attr: nexthop 2001:DB8::2 (FE80::C671:FEFF:FE88:A980), origin i, metric 0, merged path 2, AS_PATH Apr 24 16:27:19.816: BGP(1): 2001:DB8::2 rcvd 2001:DB8:2222::2222/128 Apr 24 16:27:19.816: BGP(1): Revise route installing 2001:DB8:2222::2222/128 -> 2001:DB8::2 (FE80::C671:FEFF:FE88:A980) to main IPv6 table cat6500(config-router-af)#
cisco3925(config-router-af)#address-family ipv4 cisco3925(config-router-af)#no neigh 2001:db8::1 activate cisco3925(config-router-af)#
So finally we have only the IPv6 address family present:
cat6500(config-router-af)#do sh ip bgp all sum
For address family: IPv6 Unicast
BGP router identifier 192.168.2.1, local AS number 1
BGP table version is 5, main routing table version 5
2 network entries using 336 bytes of memory
2 path entries using 208 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 840 total bytes of memory
BGP activity 2/0 prefixes, 3/1 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2001:DB8::2 4 2 7 7 5 0 0 00:02:00 1
cat6500(config-router-af)#
cisco3925(config-router-af)#do sh ip bgp all sum
For address family: IPv6 Unicast
BGP router identifier 172.20.47.116, local AS number 2
BGP table version is 5, main routing table version 5
2 network entries using 344 bytes of memory
2 path entries using 176 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 816 total bytes of memory
BGP activity 3/1 prefixes, 3/1 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2001:DB8::1 4 1 7 7 5 0 0 00:02:24 1
cisco3925(config-router-af)#
The final configurations:
cat6500(config-router-af)#do sh run part router bgp 1
...
router bgp 1
bgp log-neighbor-changes
neighbor 2001:DB8::2 remote-as 2
!
address-family ipv4
no neighbor 2001:DB8::2 activate
exit-address-family
!
address-family ipv6
network 2001:DB8:1111::1111/128
neighbor 2001:DB8::2 activate
exit-address-family
!
...
cat6500(config-router-af)#
cisco3925(config-router-af)#do sh run part router bgp 2
...
router bgp 2
bgp log-neighbor-changes
neighbor 2001:DB8::1 remote-as 1
!
address-family ipv4
no neighbor 2001:DB8::1 activate
exit-address-family
!
address-family ipv6
network 2001:DB8:2222::2222/128
neighbor 2001:DB8::1 activate
exit-address-family
!
...
cisco3925(config-router-af)#
This ends our example of IPv6 BGP session configuration. The bottom line here is: you need to configure the IPv6 BGP neighbor configurations in the IPv6 address family configuration mode, and neighbor activation command is needed.
Actually you do can enable IPv4 AFI for an IPv6 neighbor, but that is solely for propagating IPv4 routing information. More usual setup is to use IPv4 TCP transport for propagating either and/or IPv6 prefix information, with this kind of a (pseudo) configuration
neighbor 1.2.3.4 remote-as 1
address-family ipv6
neighbor 1.2.3.4 activate
network x:x::/32
The problem comes with a next-hop information; There is a BGP “rule” which states that the next-hop information must be from the same address family as the NLRI is. In other words, if you carry IPv6 routes, you’ll have to have an IPv6 next-hop within the NLRI. If you are propagating IPv6 information over IPv4-only BGP session, you don’t have this information. That’s why you’ll have to configure “IPv4-mapped IPv6 address” and either propagate it through IGP (if multihop) or simply configure it on the connected interface (if one hop). Example
Gi0/0
ip address 1.2.3.5/24
ipv6 address ::ffff:1.2.3.5/104
Notice the /104 network mask! If you had /30, IPv6 mask would become /126, respectively.
Thanks Joni! I’ll just hope I don’t have to configure v4v6 mapped addresses anywhere ever 😀