IPv6 Vyatta Lab – Part V; New site via eBGP

[Originally posted Jun 3, 2012 4:31 AM by Antti Uitto   [ updated Jun 3, 2012 10:05 AM ]]

In this part we are going to connect a new “customer” to our network. Previous episode featured a user connected directly to one of the core routers.  This time there will be CE-routers. There will be two of them, attached to two different core nodes and configured with sufficient services to handle failover in case the main connection breaks down.

vyatta-lab-with-loopacks3

IPv6 address allocation

Allocate a new prefix 2001:99:13:4c::/64, route it from the Internet router to FW and from FW to the first LAB router. This will be the IPv6 prefix used in the customer’s LAN.

Then allocate two more nets to be used as link addresses between our core routers and CE-routers:  2001:99:13:4d::/64 and 2001:99:13:4e::/64. Route them as well.

Connections and topology

Connect the new customer routers to your network. I connect these two via R6 and R8.
Configure the interfaces and define IPv6 BGP neighbors.
Our core network has ASN 65501 and this new site is going to be in ASN 65502.

cust2-gw1 (connected to R6)
set interfaces ethernet eth4 address 2001:99:0013:004d::2/64
set protocols bgp 65502 neighbor 2001:99:0013:004d::1 address-family ipv6-unicast soft-reconfiguration inbound
set protocols bgp 65502 neighbor 2001:99:0013:004d::1 remote-as 65501
set protocols bgp 65502 parameters router-id 172.2.2.1

Just make something up for router-id.

R6 (connected to cust2-gw1)
set interfaces ethernet eth5 address 2001:99:0013:004d::1/64
set protocols bgp 65501 neighbor 2001:99:0013:004d::2 address-family ipv6-unicast soft-reconfiguration inbound
set protocols bgp 65501 neighbor 2001:99:0013:004d::2 remote-as 65502

Create the links and bgp relationships between cust2-gw2 and R8 in similar way, using link network 2001:99:13:4e::/64.

Make sure you add these new link interfaces to your IGP (OSPF) in the core network so that your next-hop addresses will be available.

Create the LAN interface and turn on router advert

cust2-gw1
set interfaces ethernet eth5 ipv6 address eui64 2001:99:13:4c::/64
set interfaces ethernet eth5 ipv6 router-advert send-advert true
set interfaces ethernet eth5 ipv6 router-advert prefix 2001:99:13:4c::/64

Advertise the customer prefix into BGP.

cust2-gw1 & gw2
set protocols bgp 65502 address-family ipv6-unicast network 2001:99:13:4c::/64

Manipulate your routing

In my network gw1 was chosen as the primary route to the new customer site. This may be just fine but for the fun of doing so, I wanted to change this.

This configuration will be inserted into cust2-gw1 and it will prepend the AS PATH announced by this router. This will cause cust2-gw2 to become better than gw1.

set policy route-map as-prepend rule 1 set as-path-prepend “65502 65502”
set policy route-map as-prepend rule 1 action permit
set policy route-map as-prepend rule 1 match ipv6 address prefix-list as-prepend
set policy prefix-list6 as-prepend rule 1 action permit
set policy prefix-list6 as-prepend rule 1 prefix 2001:99:13:4c::/64
set protocols bgp 65502 neighbor 2001:99:13:4d::1 address-family ipv6-unicast route-map export as-prepend

The routing turned  to gw2 but still my computer in the cust2 LAN wanted to use gw1 as it’s primary gateway to the world.  In Cisco you can manipulate this by setting the gw2 router priority to “high”.

I don’t know how to do that in Vyatta at the moment. There is so much to learn.

Add a computer to the LAN

Now it is time to add a “customer’s” computer into this LAN and see if we reach our core network router’s loopbacks and perhaps even the Internet from it.

Check  ip -6 route  on the computer (if Linux). Which gateway it wants to talk to first?

Test your redundancy. Verify which route your computer uses to reach the Internet and then turn off that gw. Put it back on and turn off the other one. What happens? Do you lose many pings?

Check out this Packetlife article for more information on IPv6 ND providing first-hop redundancy.
http://packetlife.net/blog/2011/apr/18/ipv6-neighbor-discovery-high-availability/

More to do

It might be wise to make a prefix-list in the core routers R6 and R8 to prevent other networks than 2001:99:13:4c::/64 being advertised to our network.

I could easily add one here but I will not since there has to be stuff left for future articles!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s