In this exercise we will add IPv6 into my IPv4-speaking lab network. This lab consists of four switches, eight routers and one firewall. The firewall is connected to the NIC of my host system and provides access to the real world. All the lab hosts are Virtualbox guests on my computer.
The switches in the middle are not relevant to this article and for that reason we will not go into their configurations.
Episodes in this story will be
Part I The LAB; connections and addresses
Part II OSPF as IGP
Part III BGP route reflectors and their clients
Part IV BGP routes
Part V New site via eBGP
Here is the network diagram for this lab.
(Click to enlarge)
Each link between the routers and switches represents a Virtualbox intnet, each of them being unique. (Exeption: link between FW and Cisco goes through my wlan)
Because Virtualbox does not speak IPv6 over wlan interface, I have made a tunnel from the firewall to my real world router. There is also a tunnel between R1 and FW just because it is fun to make tunnels.
The prefix for my lab routers is 2001:099:0013:004a::/64. Each router will get a globally valid loopback address from this area.
I will use also other prefixes when it is time to add “customer” sites to the mix.
The Firewall is an ubuntu server, all other routers and switches are Vyatta 6.3.
There will be also ip6tables rules on the Firewall. I might write some more on firewalling later but you can find an example of a very basic firewall setup from my previous posting about IPv6 for residential user with tunnel service.
Here are the configurations for the tunnels used to connect the Real World to the Firewall and the Firewall to R1.
Feel free to skip them if you are not intending to use tunnels. The main beef in this lab will be the dynamic routing between routers from R1 to R8.
Tunnel from FW to r1
sudo ip tu ad sit203 mode sit local 184.108.40.206 remote 220.127.116.11 ttl 64
sudo ip ad ad dev sit203 2001:099:0013:004a:ffff:ffff:ffff:fffd/126
sudo ip li se dev sit203 up
sudo ip -6 ro ad 2001:099:0013:004a::/64 via 2001:099:0013:004a:ffff:ffff:ffff:fffe
set interfaces tunnel tun203 encapsulation sit
set interfaces tunnel tun203 local-ip 18.104.22.168
set interfaces tunnel tun203 remote-ip 22.214.171.124
set interfaces tunnel tun203 address 2001:099:0013:004a:ffff:ffff:ffff:fffe/126
set protocols static route6 ::/0 next-hop 2001:099:0013:004a:ffff:ffff:ffff:fffd
Tunnel from FW to REAL WORLD (Cisco)
ip tu ad sit200 mode sit local 194.x.x.5 remote 194.x.x.1 ttl 64
ip ad ad dev sit200 2001:099:0013:0049:ffff:ffff:ffff:fffe/126
ip li se dev sit200 up
ip -6 ro ad ::/0 via 2001:099:0013:0049:ffff:ffff:ffff:fffd
no ip address
ipv6 address 2001:99:13:49:FFFF:FFFF:FFFF:FFFD/126
tunnel source 194.x.x.1
tunnel destination 194.x.x.5
tunnel mode ipv6ip
ipv6 route 2001:99:13:4A::/64 2001:99:13:49:FFFF:FFFF:FFFF:FFFE
This is what we are going to be doing:
- Check IPv6 forwarding
- Verify IPv6 connectivity between the lab routers
- Route the lab prefix from the Internet router to LAB FW
- Route the lab prefix from LAB FW to R1
- Set IPv6 loopback addresses with mask /128 to each router
- Set up OSPFv3 and verify connectivity between routers
- Set up BGP
- Redistribute default route to BGP
- Set up a client interface with router advertisement and advertise with BGP
- Set up a client computer and test connectivity
Vyatta 6.3 has IPv6 forwarding on by default. You can verify it with
show ipv6 forwarding
Firewall (Ubuntu server)
sudo nano /etc/sysctl.conf
Go to one of them, check which interfaces are connected to other routers and give it a try:
sudo ping6 -I eth0.12 ff02::1
If and when you get replies, you can try to connect to one of those neighbors directly:
I have routed the LAB prefix from the Real World (Cisco router) to my virtual lab. The routing goes in two different tunnels. You can see the commands used in static routing (Cisco, Ubuntu, Vyatta) in the tunnel examples above.
The last job in this episode is to assign each Vyatta router an address from our LAB Prefix.Let’s put the to the loopback interface.
Do this by commanding
user@r1 set interfaces loopback lo address 2001:99:13:4a::1/128
user@r2 set interfaces loopback lo address 2001:99:13:4a::2/128
user@r3 set interfaces loopback lo address 2001:99:13:4a::3/128
…. etc ….
In the next episode we will set up OSPF as an IGP for the lab network.