6VPE - IPv6 VPN over MPLS
From IPFlow Netflow Collector
6VPE Example
This is a simple example of 6VPE configuration on Cisco routers (using Dynamips and GNS3).
Author: Christophe Fillot - 22-Nov-2007
| Table of contents |
[edit]
Topology
[edit]
IOS configurations
P routers, IPv6-unaware:
PE routers, running 6VPE:
- PE1 (http://www.ipflow.utc.fr/configs/6VPE/PE1.cfg)
- PE2 (http://www.ipflow.utc.fr/configs/6VPE/PE2.cfg)
- PE3 (http://www.ipflow.utc.fr/configs/6VPE/PE3.cfg)
- PE4 (http://www.ipflow.utc.fr/configs/6VPE/PE4.cfg)
CE routers, running traditionnal IPv6:
- CE1 (http://www.ipflow.utc.fr/configs/6VPE/CE1.cfg)
- CE2 (http://www.ipflow.utc.fr/configs/6VPE/CE2.cfg)
- CE3 (http://www.ipflow.utc.fr/configs/6VPE/CE3.cfg)
- CE4 (http://www.ipflow.utc.fr/configs/6VPE/CE4.cfg)
[edit]
Configuration
[edit]
VRF
vrf definition VPN1 rd 100:1 route-target export 100:1 route-target import 100:1 ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family !
[edit]
PE-CE interfaces
interface FastEthernet1/0 description To CE1 vrf forwarding VPN2 no ip address duplex half ipv6 address 2007:200:1000::1/64 end
[edit]
MP-BGP
router bgp 65000 [...] address-family vpnv6 neighbor PE send-community extended neighbor 10.20.0.2 activate neighbor 10.20.0.3 activate neighbor 10.20.0.4 activate exit-address-family ! [...] address-family ipv6 vrf VPN1 redistribute connected redistribute static no synchronization exit-address-family [...] !
[edit]
Output of some commands and Wireshark/Ethereal capture
We run a ping from CE1 to CE4 Loopback (2007:200:4000:FFFF::1). These routers are in VPN2.
IPv6 routing table for VPN2 on PE1:
PE1#sh ipv6 route vrf VPN2
IPv6 Routing Table - VPN2 - 10 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
LC 2007:200::1/128 [0/0]
via Loopback200, receive
B 2007:200::2/128 [200/0]
via 10.20.0.2%Default-IP-Routing-Table, indirectly connected
B 2007:200::3/128 [200/0]
via 10.20.0.3%Default-IP-Routing-Table, indirectly connected
B 2007:200::4/128 [200/0]
via 10.20.0.4%Default-IP-Routing-Table, indirectly connected
S 2007:200:1000::/48 [1/0]
via 2007:200:1000::2
C 2007:200:1000::/64 [0/0]
via FastEthernet1/0, directly connected
L 2007:200:1000::1/128 [0/0]
via FastEthernet1/0, receive
B 2007:200:4000::/48 [200/0]
via 10.20.0.4%Default-IP-Routing-Table, indirectly connected
B 2007:200:4000::/64 [200/0]
via 10.20.0.4%Default-IP-Routing-Table, indirectly connected
L FF00::/8 [0/0]
via Null0, receive
We can display the MPLS labels bound to a given prefix (in this case, CE4 loopback):
PE1#sh ipv6 cef vrf VPN2 2007:200:4000:FFFF::1 2007:200:4000::/48 nexthop 10.0.1.1 FastEthernet0/0 label 22 31
The first label (22) corresponds to the PE4 loopback address (10.20.0.4) learnt through LDP. The second label (31) corresponds to the IPv6 VPN prefix learnt through MP-BGP:
PE4#sh mpls for
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id Switched interface
16 21 10.20.0.3/32 0 Fa0/0 10.0.4.1
17 20 10.20.0.2/32 0 Fa0/0 10.0.4.1
18 19 10.20.0.1/32 0 Fa0/0 10.0.4.1
19 Pop Label 10.10.0.2/32 0 Fa0/0 10.0.4.1
20 16 10.10.0.1/32 0 Fa0/0 10.0.4.1
21 Pop Label 10.0.3.0/30 0 Fa0/0 10.0.4.1
22 Pop Label 10.0.0.0/30 0 Fa0/0 10.0.4.1
23 18 10.0.2.0/30 0 Fa0/0 10.0.4.1
24 17 10.0.1.0/30 0 Fa0/0 10.0.4.1
25 Pop Label 100.0.0.4/32[V] 0 aggregate/VPN1
26 Pop Label 200.0.0.4/32[V] 0 aggregate/VPN2
27 Pop Label 2007:200::4/128[V] \
5375 aggregate/VPN2
28 Pop Label 2007:100::4/128[V] \
500 aggregate/VPN1
30 No Label 2007:200:4000::/64[V] \
4800 aggregate/VPN2
31 No Label 2007:200:4000::/48[V] \
0 Fa1/0 2007:200:4000::2
We can get more details on the IPv6 VPN label:
PE4#sh mpls for labels 31 detail
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id Switched interface
31 No Label 2007:200:4000::/48[V] \
0 Fa1/0 2007:200:4000::2
MAC/Encaps=14/14, MRU=1504, Label Stack{}
CA090C080000CA050C06001C86DD
VPN route: VPN2
No output feature configured
Here is a screenshot of Wireshark with a capture on interface FastEthernet0/0 of PE1 (facing the MPLS core):
On CE1, we did:
CE1#ping 2007:200:4000:FFFF::1 repeat 10 Type escape sequence to abort. Sending 10, 100-byte ICMP Echos to 2007:200:4000:FFFF::1, timeout is 2 seconds: !!!!!!!!!! Success rate is 100 percent (10/10), round-trip min/avg/max = 8/31/48 ms
Traceroute output:
CE1#trace 2007:200:4000:FFFF::1 Type escape sequence to abort. Tracing the route to 2007:200:4000:FFFF::1 1 2007:200:1000::1 8 msec 8 msec 36 msec 2 ::FFFF:10.0.1.1 [MPLS: Labels 22/31 Exp 0] 44 msec 20 msec 28 msec 3 ::FFFF:10.0.0.2 [MPLS: Labels 22/31 Exp 0] 60 msec 56 msec 56 msec 4 2007:200::4 [MPLS: Label 31 Exp 0] 24 msec 40 msec 32 msec 5 2007:200:4000::2 36 msec 48 msec 36 msec
