Now its time to throw some IPv6 over the top of our network. So far our IPv4 topology has been OSPF on the left hand side, RIP in the middle and EIGRP on the right hand side, but let's make things more interesting and go in the opposite direction, and once we have our three separate IPv6 routing processes in place we will do a complete redistribution between the protocols and set up an IPv6 tunnel. In the end we should have full reachability from end to end.
Our IPv4 topology looks like this:
And our IPv6 topology will look like this:
Excuse the drawings, I am not an artist!
Basic IPv6 configuration
By default IPv6 is not enabled on Cisco routers, to enable it we need to run the commandR10(config)#ipv6 unicast-routingAnd then enable IPv6 on the interface:
R10(config)#int s1/0 R10(config-if)#ipv6 enable R10(config-if)#exit
To confirm that IPv6 is running on the interface we then use the command
R10#sh ipv6 interface serial 1/0 Serial1/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:A00 No Virtual link-local address(es): No global unicast address is configured
We can see that R10's s1/0 interface has the link-local IPv6 address FE80::A8BB:CCFF:FE00:A00.
Let's now enable IPv6 on R8, and see if we can ping across to R10
R8(config)#ipv6 unicast-routing R8(config)#int s0/2 R8(config-if)#ipv6 enable R8(config-if)#exit R8(config)#exit R8#sh ipv6 int serial 0/2 Serial0/2 is up, line protocol is up IPv6 is enabled, link-local address is FE80::FF:FE00:8 No Virtual link-local address(es): No global unicast address is configured Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:8 R8#ping ipv6 fe80::a8bb:ccff:fe00:a00 Output Interface: Serial0/2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to FE80::A8BB:CCFF:FE00:A00, timeout is 2 seconds: Packet sent with a source address of FE80::FF:FE00:8%Serial0/2 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/12 ms R8#
OK, so far so good, and after a few minutes I have added the same commands to R4, R5, and R9, as well as enabling the other interfaces on R8, now we can get on and start configuring OSPFv3.
IPv6 OSPFv3
R10#conf t Enter configuration commands, one per line. End with CNTL/Z. R10(config)#ipv6 router ospf 1 R10(config-rtr)#router-id 10.10.10.10 R10(config-rtr)#interface Serial1/0 R10(config-if)#ipv6 ospf 1 area 0 R10(config-if)#ipv6 router ospf 1 R10(config-rtr)# *Nov 26 10:14:35.227: %OSPFv3-5-ADJCHG: Process 1, Nbr 8.8.8.8 on Serial1/0 from LOADING to FULL, Loading Done R10(config-rtr)# R8#conf t Enter configuration commands, one per line. End with CNTL/Z. R8(config)#ipv6 router ospf 1 R8(config-rtr)#router-id 8.8.8.8 R8(config-rtr)#int serial 0/2 R8(config-if)#ipv6 ospf 1 area 0 R8(config-if)# *Nov 26 10:14:35.258: %OSPFv3-5-ADJCHG: Process 1, Nbr 10.10.10.10 on Serial0/2 from LOADING to FULL, Loading Done R8(config-if)#
With the other routers added in the same way we should be able to see something like:
R10#sh ipv6 ospf database
OSPFv3 Router with ID (10.10.10.10) (Process ID 1)
Router Link States (Area 0)
ADV Router Age Seq# Fragment ID Link count Bits
4.4.4.4 91 0x80000001 0 1 None
5.5.5.5 31 0x80000002 0 1 None
8.8.8.8 90 0x80000003 0 3 None
9.9.9.9 31 0x80000003 0 2 None
10.10.10.10 286 0x80000002 0 1 None
Link (Type-8) Link States (Area 0)
ADV Router Age Seq# Link ID Interface
8.8.8.8 287 0x80000001 5 Se1/0
10.10.10.10 334 0x80000001 7 Se1/0
This in itself is not enough to get our routers talking to each other properly, if we try to ping from R10 to R4 we see the following:
R10#ping ipv6 FE80::FF:FE00:4 Output Interface: Serial1/0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to FE80::FF:FE00:4, timeout is 2 seconds: Packet sent with a source address of FE80::A8BB:CCFF:FE00:A00%Serial1/0 HHHHH Success rate is 0 percent (0/5)
What we need to do is configure a site-local IPv6 address, and we can do that with the command:
R10(config)#ipv6 address R10(config)#int serial 1/0 R10(config-if)#ipv6 address FEc0::/64 eui-64
And we can do the same on the connecting interface on R8, but we cant use the same command on the interface on R8 that connects to R4, as we get an error about overlap. So instead we will use:
R8(config-if)#int serial 0/0 R8(config-if)#ipv6 address FEC0:0:0:100::1/128
And on R4 we will use
R4(config)#int s0/2 R4(config-if)#ipv6 address FEC0:0:0:100::2/128
Now can R10 ping R4?
R10#sh ipv6 route
IPv6 Routing Table - default - 5 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - Neighbor Discovery
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C FEC0::/64 [0/0]
via Serial1/0, directly connected
L FEC0::A8BB:CCFF:FE00:A00/128 [0/0]
via Serial1/0, receive
O FEC0:0:0:100::1/128 [110/64]
via FE80::FF:FE00:8, Serial1/0
O FEC0:0:0:100::2/128 [110/128]
via FE80::FF:FE00:8, Serial1/0
L FF00::/8 [0/0]
via Null0, receive
R10#ping ipv6 FEC0:0:0:100::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FEC0:0:0:100::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/18/20 ms
R10#
It sure can and we know that it has learnt the address through OSPFv3. Once we add site-local addresses to the other connections using increments in the address (FEC0:0:0:200::2/128, FEC0:0:0:300::2/128 etc) we now have a full topology within our IPv6 OSPFv3 network:
R10#sh ipv6 route
IPv6 Routing Table - default - 9 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - Neighbor Discovery
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C FEC0::/64 [0/0]
via Serial1/0, directly connected
L FEC0::A8BB:CCFF:FE00:A00/128 [0/0]
via Serial1/0, receive
O FEC0:0:0:100::1/128 [110/64]
via FE80::FF:FE00:8, Serial1/0
O FEC0:0:0:100::2/128 [110/128]
via FE80::FF:FE00:8, Serial1/0
O FEC0:0:0:200::1/128 [110/64]
via FE80::FF:FE00:8, Serial1/0
O FEC0:0:0:200::2/128 [110/128]
via FE80::FF:FE00:8, Serial1/0
O FEC0:0:0:300::1/128 [110/128]
via FE80::FF:FE00:8, Serial1/0
O FEC0:0:0:300::2/128 [110/1690]
via FE80::FF:FE00:8, Serial1/0
L FF00::/8 [0/0]
via Null0, receive
And one last ping to confirm reachability:
R10#ping ipv6 FEC0:0:0:300::2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to FEC0:0:0:300::2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/49/52 ms R10#
IPv6 RIPng
Let's create our IPv6 RIPng process, this time around we will add our site-local addresses first:
The commands are similar to how we set up OSPFv3:
R7#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R7(config)#ipv6 router rip v6RIP
R7(config-rtr)#int s0/1
R7(config-if)#ipv6 rip v6RIP enable
R7(config-if)#
R7#
*Nov 26 11:29:56.565: %SYS-5-CONFIG_I: Configured from console by console
R7#
R7#sh ipv6 route
IPv6 Routing Table - default - 3 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - Neighbor Discovery
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
R FEC0:0:0:600::1/128 [120/2]
via FE80::FF:FE00:6, Serial0/1
LC FEC0:0:0:600::2/128 [0/0]
via Serial0/1, receive
L FF00::/8 [0/0]
via Null0, receive
R7#
R6#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R6(config)#ipv6 router rip v6RIP
R6(config-rtr)#int s0/1
R6(config-if)#ipv6 rip v6RIP enable
R6(config-if)#exit
R6(config)#exit
R6#sh ipv6 route
IPv6 Routing Table - default - 4 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - Neighbor Discovery
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
LC FEC0:0:0:500::2/128 [0/0]
via Serial0/0, receive
LC FEC0:0:0:600::1/128 [0/0]
via Serial0/1, receive
R FEC0:0:0:600::2/128 [120/2]
via FE80::FF:FE00:7, Serial0/1
L FF00::/8 [0/0]
via Null0, receive
R6#ping ipv6 FEC0:0:0:600::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FEC0:0:0:600::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms
R6#
What is interesting is that before we add in the RIPng process even though we have the correct addresses used we didn't have any visibility:
R7#ping FEC0:0:0:600::1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to FEC0:0:0:600::1, timeout is 2 seconds: % No valid source address for destination Success rate is 0 percent (0/1)
Once RIPng is working, all is fine:
R7#ping ipv6 FEC0:0:0:600::1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to FEC0:0:0:600::1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms R7#
After we have added the same configurations to R5 and R4, we can see that R4 has full visibility down to R7:
R4#sh ipv6 route
IPv6 Routing Table - default - 14 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - Neighbor Discovery
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
O FEC0::/64 [110/128]
via FE80::FF:FE00:8, Serial0/2
O FEC0:0:0:100::1/128 [110/64]
via FE80::FF:FE00:8, Serial0/2
LC FEC0:0:0:100::2/128 [0/0]
via Serial0/2, receive
O FEC0:0:0:200::1/128 [110/64]
via FE80::FF:FE00:8, Serial0/2
O FEC0:0:0:200::2/128 [110/128]
via FE80::FF:FE00:8, Serial0/2
O FEC0:0:0:300::1/128 [110/128]
via FE80::FF:FE00:8, Serial0/2
O FEC0:0:0:300::2/128 [110/1690]
via FE80::FF:FE00:8, Serial0/2
LC FEC0:0:0:400::1/128 [0/0]
via Serial0/1, receive
R FEC0:0:0:400::2/128 [120/2]
via FE80::FF:FE00:5, Serial0/1
R FEC0:0:0:500::1/128 [120/2]
via FE80::FF:FE00:5, Serial0/1
R FEC0:0:0:500::2/128 [120/3]
via FE80::FF:FE00:5, Serial0/1
R FEC0:0:0:600::1/128 [120/3]
via FE80::FF:FE00:5, Serial0/1
R FEC0:0:0:600::2/128 [120/4]
via FE80::FF:FE00:5, Serial0/1
L FF00::/8 [0/0]
via Null0, receive
R4#
R4#ping FEC0:0:0:600::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FEC0:0:0:600::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/26/28 ms
R4#
IPv6 EIGRP
EIGRP is much the same as the other two we have done. We will again start with enabling ipv6 unicast routing and adding the IP addresses:
Then we can create our routing process and add our interfaces int it.
R2(config-if)#ipv6 router eigrp 100 R2(config-rtr)#int multilink 1 R2(config-if)#ipv6 eigrp 100 R2(config-if)# *Nov 26 12:28:34.719: %DUAL-5-NBRCHANGE: EIGRP-IPv6 100: Neighbor FE80::FF:FE00:1 (Multilink1) is up: new adjacency R2(config-if)#
The same commands are set on the other routers, and shortly we see that R1 has a decent looking routing table:
R1#sh ipv6 eigrp topology
EIGRP-IPv6 Topology Table for AS(100)/ID(1.2.3.4)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P FEC0:0:0:900::2/128, 1 successors, FD is 3193856
via FE80::FF:FE00:2 (3193856/2681856), Multilink1
P FEC0:0:0:800::2/128, 1 successors, FD is 2681856
via FE80::FF:FE00:2 (2681856/2169856), Multilink1
P FEC0:0:0:140::1/128, 1 successors, FD is 3705856
via FE80::FF:FE00:2 (3705856/3193856), Multilink1
P FEC0:0:0:130::2/128, 1 successors, FD is 4217856
via FE80::FF:FE00:2 (4217856/3705856), Multilink1
P FEC0:0:0:110::1/128, 1 successors, FD is 1340928
via Connected, Multilink1
P FEC0:0:0:110::2/128, 1 successors, FD is 1852928
via FE80::FF:FE00:2 (1852928/1340928), Multilink1
P FEC0:0:0:120::1/128, 1 successors, FD is 3705856
via FE80::FF:FE00:2 (3705856/3193856), Multilink1
P FEC0:0:0:140::2/128, 1 successors, FD is 4217856
via FE80::FF:FE00:2 (4217856/3705856), Multilink1
P FEC0:0:0:700::2/128, 1 successors, FD is 2681856
via FE80::FF:FE00:2 (2681856/2169856), Multilink1
P FEC0:0:0:700::1/128, 1 successors, FD is 3193856
via FE80::FF:FE00:2 (3193856/2681856), Multilink1
P FEC0:0:0:800::1/128, 1 successors, FD is 3193856
via FE80::FF:FE00:2 (3193856/2681856), Multilink1
P FEC0:0:0:120::2/128, 1 successors, FD is 4217856
via FE80::FF:FE00:2 (4217856/3705856), Multilink1
P FEC0:0:0:900::1/128, 1 successors, FD is 3705856
via FE80::FF:FE00:2 (3705856/3193856), Multilink1
P FEC0:0:0:130::1/128, 1 successors, FD is 3705856
via FE80::FF:FE00:2 (3705856/3193856), Multilink1
And we have reachability
R1#ping FEC0:0:0:140::2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to FEC0:0:0:140::2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/36/40 ms R1#
IPv6 Redistribution
Redistribution under IPv6 is no different to that of IPv4 (which we covered in part 4), so using R4 which is our main bridge we can set it up as follows:
ipv6 router eigrp 100 redistribute ospf 1 metric 10000 100 255 1 1500 redistribute rip v6RIP metric 10000 100 255 1 1500 ! ipv6 router ospf 1 router-id 4.4.4.4 log-adjacency-changes redistribute rip v6RIP metric 100 redistribute eigrp 100 metric 100 ! ipv6 router rip v6RIP redistribute ospf 1 metric 5 redistribute eigrp 100 metric 5
And we can have a look at a couple of our outer-lying routers to check that they are seeing what we would expect:
R1 can see R8 as an external EIGRP route:
R1#sh ipv6 route FEC0:0:0:200::1 Routing entry for FEC0:0:0:200::1/128 Known via "eigrp 100", distance 170, metric 2707456, type external Route count is 1/1, share count 0 Routing paths: FE80::FF:FE00:2, Multilink1 Last updated 00:08:59 ago
And R10 can see R14
R10#sh ipv6 route FEC0:0:0:130::2 Routing entry for FEC0:0:0:130::2/128 Known via "ospf 1", distance 110, metric 100, type extern 2 Route count is 1/1, share count 0 Routing paths: FE80::FF:FE00:8, Serial1/0 Last updated 00:09:23 ago
And just to confirm we have reachability:
R10#ping FEC0:0:0:130::2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to FEC0:0:0:130::2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 52/55/60 ms R10# R1#ping FEC0:0:0:200::1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to FEC0:0:0:200::1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/26/28 ms R1#
On R5 the configuration is pretty much the same
ipv6 router ospf 1 router-id 5.5.5.5 log-adjacency-changes redistribute rip v6RIP metric 100 ! ipv6 router rip v6RIP redistribute ospf 1 metric 5
Now at this point my 14 routers are starting to slow down, R4 is getting hit quite badly and is reporting %SYS-2-MALLOCFAIL errors, so its probably time to start wrapping this up, but not before we throw in an IPv6 tunnel between R6 and R10.
IPv6 Tunnels
An IPv6 tunnel is not much different to how we set up our tunnel in part 7:
R10#sh run int tunnel 1 Building configuration... Current configuration : 153 bytes ! interface Tunnel1 no ip address ipv6 address FEC0:0:0:150::2/128 tunnel source Serial1/0 tunnel mode ipv6 tunnel destination FEC0:0:0:500::2 end R6#sh run int tunnel 1 Building configuration... Current configuration : 162 bytes ! interface Tunnel1 no ip address ipv6 address FEC0:0:0:150::1/128 tunnel source Serial0/0 tunnel mode ipv6 tunnel destination FEC0::A8BB:CCFF:FE00:A00 end R10#sh ipv6 route FEC0:0:0:150::2 Routing entry for FEC0:0:0:150::2/128 Known via "connected", distance 0, metric 0, type receive, connected Route count is 1/1, share count 0 Routing paths: receive via Tunnel1 Last updated 00:00:59 ago R10#ping FEC0:0:0:150::2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to FEC0:0:0:150::2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/7/16 ms R10# R6#ping FEC0:0:0:150::1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to FEC0:0:0:150::1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
Thankfully we havn't had any recursive routing issues, but if we had then we could have used a distribute list like we did in part 8.
And that wraps up this part of the series. In part 10 we will cover some IPv6 filtering.