What an excellent explanation on how to read EIGRP info from a Cisco router!

show ip eigrp neighbors
show ip eigrp topology

Explained in detail and with wonderful clarity here:

https://networklessons.com/eigrp/eigrp-neighbor-and-topology-table-explained/

Advertisements

Two sites, one LAN

Scenario

This lab extends a LAN over VPN link to two different sites. These sites will be connected to the Internet and routed with BGP.

eBGP to “ISP router” and iBGP between the sites.

The two “sites” are my laptops and the hosts and routers running in these “sites” are Virtualbox guests. Router guests are Vyatta 6.5, servers guests Bodhi Linux.

All the routers have an IPv4 connection to “ISP-router” which is a Cisco.

IPv6 from r1a and r2b is tunneled over IPv4 link.
L2VPN between the sites is done over IPv4 link.

The end result should be that you can connect a host to either site, using the LAN prefix 2001:98:0013:004f::/64 and that host gets IPv6 Internet-connection. The connection should have automatic failover using the other link to the “ISP router”.

Network Diagram

two-sites-one-lan

I apologise for the crappy network diagram. I drew it as Google docs presentation and it felt a bit clumsy.

Set up the Lab

Install guests (the routers) on the two hosts.
Give routers IPv4 address.
Configure IPv4 routing so that guest routers can see each other, 0/0 points to the “ISP router”.
Try that all routers can ping each other with IPv4 addresses.

L2VPN

Create L2VPN between r3a and r4b, using the IPv4 network as transport.

generate openvpn key r3a-r4b

r3a
set interfaces bridge br2
set interfaces ethernet eth4 bridge‐group bridge br2
commit
set interfaces openvpn vtun2 mode site‐to‐site
set interfaces openvpn vtun2 remote‐host 10.1.4.2
set interfaces openvpn vtun2 shared‐secret‐key‐file /home/user/r3a-r4b
set interfaces openvpn vtun2 bridge‐group bridge br2
commit

r4b
set interfaces bridge br2
set interfaces ethernet eth5 bridge‐group bridge br2
commit
set interfaces openvpn vtun2 mode site‐to‐site
set interfaces openvpn vtun2 remote‐host 10.1.3.2
set interfaces openvpn vtun2 shared‐secret‐key‐file /home/user/r3a-r4b
set interfaces openvpn vtun2 bridge‐group bridge br2

commit

Give the lab-routers their IPv6 addresses

set interfaces ethernet eth4 ipv6 address eui64 2001:98:13:4f::/64
set interfaces ethernet eth4 ipv6 router-advert prefix 2001:98:13:4f::/64
set interfaces ethernet eth4 ipv6 router-advert other-config-flag true

IPv6 tunnels

If your virtualization software and network environment allows, you may skip this phase and give r1a and r2b their IPv6 link addresses directly. In my system I have VirtualBox and the link is over wifi. It will not allow me to directly use IPv6 in this interface.

That is why I use tunnels.

Create IPv6-over-IPv4 tunnels between

“ISP-router” – r1a
“ISP-router” – r2b

IPv6 addresses for the tunnels

“ISP-router” Cisco
2001:98:0013:004e::1/126
r1a
2001:98:0013:004e::2/126

“ISP-router” Cisco
2001:98:0013:004e::5/126
r2b
2001:98:0013:004e::6/126

Cisco config
interface Tunnel3
description IPv6 tunnel to r1a
no ip address
ipv6 address 2001:98:0013:004e::1/126
ipv6 enable
tunnel source 10.1.1.1
tunnel destination 10.1.1.2
tunnel mode ipv6ip

Vyatta config for r1a
edit interfaces tunnel tun3
set address 2001:98:0013:004e::2/126
set encapsulation sit
set local-ip 10.1.1.2
set remote-ip 10.1.1.1
set description "IPv6 tunnel to cisco"
exit
commit

Adjust accordingly for r2b.

Routing

Configure IPv6 eBGP from r1a and r2b to Internet-router.

r1a
set protocols bgp 65502 neighbor 2001:98:13:4e::1 address-family ipv6-unicast soft-reconfiguration inbound
set protocols bgp 65502 neighbor 2001:98:13:4e::1 remote-as 65501
set protocols bgp 65502 parameters router-id 10.1.1.2

cisco
router bgp 65501
no synchronization
bgp log-neighbor-changes
neighbor 2001:98:13:4E::2 remote-as 65502
no auto-summary
!
address-family ipv6
neighbor 2001:98:13:4E::2 activate
neighbor 2001:98:13:4E::2 next-hop-self
neighbor 2001:98:13:4E::2 soft-reconfiguration inbound
redistribute static
default-information originate
no synchronization
exit-address-family
!

Adjust accordingly for r2b

Configure IPv6 iBGP r1a – r2b

r2b
set protocols bgp 65502 neighbor 2001:98:13:4f:a00:27ff:fef7:eb81 address-family ipv6-unicast soft-reconfiguration inbound
set protocols bgp 65502 neighbor 2001:98:13:4f:a00:27ff:fef7:eb81 remote-as 65502
set protocols bgp 65502 neighbor 2001:98:13:4f:a00:27ff:fef7:eb81 address-family ipv6-unicast nexthop-self
set protocols bgp 65502 neighbor 2001:98:13:4f:a00:27ff:fef7:eb81 update-source 2001:98:13:4f:a00:27ff:fe97:1e3c

Adjust accordingly for r1a.
Inject the LAN prefix into BGP

r1a & r2b
set protocols bgp 65502 address-family ipv6-unicast network 2001:98:0013:004f::/64

Testing

Set up a host on both “sites”
Bring down routers, links, or the connection between sites. What happens?

My observations:

1. When I turn off routers, the routing changes to the other link immediately.

2. When I put down the main WAN link, it takes time to reroute. About a minute or two.

3. From my two “servers” the other one changes the first-hop immediately and automatically. The other one does not. Don’t know why. Both hosts are with automatic configs.

BGP AS-path prepending

BGP has its ways to choose a link to use. Which route did your routers choose to be the active one? Now we want to tell it that we would prefer to pass traffic via r1a. So put this configuration in r2b to make its path appear longer.

r2b
set policy route-map prepend-secondary rule 10 action permit
set policy route-map prepend-secondary rule 10 set as-path-prepend "65502 65502"
set protocols bgp 65502 neighbor 2001:98:13:4E::5 address-family ipv6-unicast route-map export prepend-secondary

Network tools

[Originally posted Apr 15, 2012 2:22 AM by Antti Uitto   [ updated Apr 24, 2012 12:56 PM]]

In this post I do my best to list the most useful network-related applications and commands, with heavy emphasis on Linux and IPv6. Commands often work for IPv4 with tiny and hopefully obvious modification.

The list will change and expand as I find out more.

Linux

Routing table

netstat -6rn
Displays routing table

ip -6 route show
Displays routing table

ip -6 route show root 2001:1517:1517:fe00::/56
2001:1517:1517:fe00::/64 dev eth0  proto kernel  metric 256
Displays routing table entries that have a longer mask than given in the command.

ip -6 ro sh match 2001:1517:1517:fe00:ba8d:12ff:fe03:474c
2001:1517:1517:fe00::/64 dev eth0  proto kernel  metric 256
default dev tun  metric 1
Displays routes that apply for given address.

ip -6 rule show
Displays routing rules.

ip -6 ro show table <table_name>
Displays entries in a specific routing table.

Interface configuration and status

ifconfig
Displays interface information; interface name, IPv4 and IPv6 addresses, hardware address, MTU.

ip -6 add
Displays IP addresses configured on the system.

ip -6 link
Displays links on your system. MTU and MAC address.

ip -6 tunnel show
Displays tunnels.

ethtool eth0
Displays basic information about ethernet nic.

netstat -i
Displays interface counters and errors.

Traffic monitoring & analysis

ping6 ipv6.google.com
ping6 2a00:1450:4016:800::1010
Ping hosts with hostname or global address.

mtr http://www.yahoo.com
Probes routers on the route path, shows packet loss and latency.

traceroute6 ipv6.google.com
Traces ipv6 routes.

traceroute6 ipv6.google.com -s 2001:998:13:42:223:14ff:fecf:4f9c
Traces ipv6 route using specific source address.

netstat
Print  network connections, routing tables, interface statistics, masquerade connections, and multicast memberships

sudo netstat -apn | more
Print network connections together with programs that initiate them.

sudo netstat -lp | more
Print listening ports on your system.

sudo netstat-nat
Displays current translations.

ntop
Displays network statistics in a web interface.

nmap -6 2001:997:5:5223:14ff:fecf:409c
Scans IPv6 host and displays it’s open services.

nmap -6 -p1-10000 -n 2001:997:5:5223:14ff:fecf:409c
Scans IPv6 host in defined port range, without discovering hostnames.

nmap -6A 2001:997:5:5223:14ff:fecf:409c
Scans IPv6 hosts and detects it’s Operating System.
Nmap has limited features with IPv6 and you can scan only one host at the time.

nmap 192.168.0.0/24
Displays which hosts are up and what services they have available.

nmap -sP 192.168.1.*
Pings hosts and shows the ones that are up.

ip6tables -nv -L
Traffic accounting with ip6tables. See how much traffic host 2001:5:5:5:5:5:fed6:32d2 sends or receives.
First put this into your routers firewall rules:
-A FORWARD -s 2001:5:5:5:5:5:fed6:32d2
-A FORWARD -d 2001:5:5:5:5:5:fed6:32d2

tcpdump -vvv -i eth0
Display packets going in and out from interface eth0 and be very verbose.

tcpdump host 2a00:1450:4010:c00::69 -i eth0
Display packets going to or coming from host 2a00:1450:4010:c00::69  in interface eth0

tcpflow

ngrep -l -q -d eth0 “User-Agent: ” tcp and port 80
Capture network traffic incoming to eth0 interface and show the HTTP User-Agent string

ngrep -d eth0 -x sex
Listens to interface eth0 and displays packets that have the word “sex” in them.

iptraf   (IPv4 only!)
Shows information about active connections.

iftop (IPv4 only!)
Shows information about active connections visually.

arping -I eth0 -c 2 -D 192.168.1.1
Check if you have a duplicate address. (IPv4 only!)

fping6 2:2:2::1 3:3:3::1 4:4:4::1
Ping multiple IPv6 hosts.

fping -ag 192.168.0.0/24
Ping multiple IPv4 hosts.

iperf
Test bandwidth between two hosts. Usage:
Server
iperf -V -s -B 2001:998:13:49::1
Client
iperf -V -c 2001:998:13:49::1

lsof -i6
List open files. The i is for IP sockets, 6 for IP version 6.

Other

host ipv6.google.com
Resolve the IP address of a host.

httping -GSb www.google.com
Tests latency of a web server using GET (gets the whole page), splitting the result in time to connect and time to exchange a request with the HTTP server. Shows the speed of the transfer.

Vyatta

 

Cisco

show ipv6 route
Displays the IPv6 routing table.

show ipv6 interfaces brief
Displays a brief list of IPv6 interfaces.

show ipv6 neighbors
Displays your IPv6 neighbors and their current states.

show ipv6 neighbors statistics
IPv6 ND statistics.

show bgp ipv6 unicast summary
Summary of IPv6 BGP neighbors, AS’s  and prefixes.

 
ping ipv6 ff02::1

Find your IPv6 neighbors. IOS will ask you to specify output interface.

debug ipv6 icmp
terminal monitor
Enables IPv6 ICMP debugging and shows results on terminal.

debug ipv6 packet detail
terminal monitor
Enables IPv6 packet debugging and shows results on terminal.

terminal no monitor
no debug ipv6 packet detail
Stops the flood of information on your terminal and then disables the IPv6 packet debugging.

Alcatel

Juniper

Windows

Mac OSX

Try out the commands listed under Linux.

netstat -rn
Displays the routing table (IPv4 and IPv6)

Sources
http://linux-ip.net/html/tools-ip-route.html
Carla Scroder: Linux Networking Cookbook
http://linux-hacks.blogspot.com/2008/02/howto-ipv6-ipv6-tunnel-and-ip4-ipv6.html
http://www.g-loaded.eu/2006/11/06/netcat-a-couple-of-useful-examples/
http://en.wikipedia.org/wiki/MTR_%28software%29
http://www.ntop.org/
http://www.enterprisenetworkingplanet.com/netos/article.php/3650131/Tips-and-Tricks-for–Linux-Admins-Discover-Map-and-Store.htm
http://nmap.org/book/man-misc-options.html
http://zeldor.biz/2010/07/nmap-ipv6-addresses/
http://wiki.openvz.org/Traffic_accounting_with_iptables
http://en.wikipedia.org/wiki/Ngrep
http://linux.die.net/man/1/httping
http://en.wikipedia.org/wiki/Lsof
http://www.cisco.com/en/US/docs/ios/ipv6/command/reference/ipv6_15.html

IPv6 basic settings; addressing a host and static routing

[Originally posted Mar 20, 2012 12:01 PM by Antti Uitto   [ updated May 8, 2012 3:15 AM ]]

Once you have acquired yourself an globally valid IPv6 prefix, you may need to configure addresses on your hosts. By default computers will attempt to find themselves an IPv6 address automatically by using the processes of NDP or DHCPv6.

NDP (Neighbor Discovery Protocol)
http://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol

DHCPv6 ( Dynamic Host Configuration Protocol version 6)
http://en.wikipedia.org/wiki/DHCPv6

Manual configuration is needed for example if your host acts as an IPv6 router. In that case the host does not try to autoconfigure itself.

Here are the very basics you will need to get IPv6 going. Dynamic routing, access control etc are not covered here.

Ubuntu / Debian Linux

Give IPv6 address for an interface

sudo nano /etc/network/interfaces

example snippet for interface eth0

auto eth0
 iface eth0 inet6 static
 address 2001:05c0:1400:000a:0000:0000:0000:0055
 netmask 64
 gateway 2001:05c0:1400:000a:0000:0000:0000:0001

Save and exit editor, then restart network.

/etc/init.d/networking restart

Static routes

ip -6 route add 2000::/3 via 2001:0db8:0:f101::1

Write routes also to /etc/rc.local to make them persist over reboots.

Check

ip -6 add
ip -6 route
ip -6 neigh
ping6 ipv6.google.com

Turn on IPv6 forwarding (routing) if needed.

sudo nano /etc/sysctl.conf

Uncomment
net.ipv6.conf.all.forwarding=1

Install and set up radvd

If you want this host to advertise itself as a router to your LAN, install and set up radvd

sudo apt-get install radvd

sudo nano /etc/radvd.conf

interface eth0
 {
 AdvSendAdvert on;
 prefix 2001:db8::/64
 {
 };
 };

Cisco router

conf t
 ipv6 unicast-routing
 ipv6 cef
interface Gi0/1
 ipv6 enable
 ipv6 address 2001:05c0:1400:000a:0000:0000:0000:0002/64
 or
 ipv6 address 2001:05c0:1400:000a::/64 eui-64
 (ipv6 nd suppress-ra [*] )
(ipv6 nd other-config-flag [**] )
exit
ipv6 route ::/0 2001:05c0:1400:000a:0000:0000:0000:0001
ipv6 route 2001:998::/32 2001:05c0:1400:000a:0000:0000:0000:0007[*]

[*] If the router interface in question is not facing your LAN (where the client computers are), you may want to put ipv6 nd suppress-ra  under the interface configuration.  This will disable router advertisements on that interface.

[**] Use this if you want the router to provide other IPv6 configurations to your computers, for example IPv6 DNS addresses. If you do this, you must also set up a service such as ipv6 dhcp pool that will give out these settings.

Vyatta router

By default Vyatta has IPv6 forwarding on so you can just address your interfaces and write your routes.

Give IPv6 address to an interface

set interfaces ethernet eth0 address 2001:db8:2::1/64
( set interfaces ethernet eth0 ipv6 router-advert prefix 2001:099:0013:004b::/64 [*] )
( set interfaces ethernet eth0 ipv6 router-advert other-config-flag true [**] )
commit
save

[*] Turn router-advert on if this interface is serving as IPv6 gateway to computers in your LAN. If this interface is facing only another router(s) you might want to leave it out.

[**] Use this if you want the router to provide other IPv6 configurations to your computers, for example IPv6 DNS addresses. If you do this, you must also set up a service such as DHCPv6 that will give out these settings.

 

Static route

set protocols static route6 ::/0 next-hop 2001:db8:2::1
commit
save

Check

show interfaces
show ipv6 route
show ipv6 neighbors
ping6 2001:db8:2::2
traceroute6 2a00:1450:4016:800::1010

Windows 7

To configure IPv6 for static addressing

  1. Click Use the following IPv6 address, and then do one of the following:
    • For a local area connection, in IPv6 address, Subnet prefix length, and Default gateway, type the IP address, subnet prefix length, and default gateway address.
    • For all other connections, in IPv6 address, type the IP address.
  2. Click Use the following DNS server addresses.
  3. In Preferred DNS server and Alternate DNS server, type the primary and secondary DNS server addresses.

Check

Open command line  Start - Run - cmd
  ipconfig

Sources

http://technet.microsoft.com/en-us/library/cc732106.aspx
http://www.cyberciti.biz/faq/ubuntu-ipv6-networking-configuration/
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-addrg_bsc_con.html
Carla Schroder: Linux Networking Cookbook
Vyatta documentation www.vyatta.org