martes, 8 de abril de 2014

MPLS VPNv6/VPNv4 sobre red de transporte IPv4

Saludos estimados lectores,

Este dia les traigo a ustedes un ejercicio de mucho interés para los Service Providers, actualmente muchos SP cuentan con sus redes MPLS funcionando en la cual proveen servicios de VPNv4  sobre MPLS también llamadas MPLS VRF, en esta oportunidad les presentare el servicio de VPNv6 con el cual un SP puede proveer transporte de prefijos IPv6 a través de una red MPLS nativa de IPv4, esta tecnología es llamada 6VPE el cual es un mecanismo de despliegue de IPv6, ya que no es necesario modificar la red interna MPLS del SP, únicamente es necesario activar el address-family VPNv6 de MBGP, para hacer mas interesante el diseño de esta oportunidad implementaremos dos CPE los cuales serán los clientes de IPv6, sin embargo haremos que estos clientes funcionen dual stack es decir que puedan enviar tanto trafico en v4 como en v6, ademas implementaremos un Route Reflector en el Core MPLS, recordemos que Route Reflector es una solución que permite alta escalabilidad en cuanto al manejo de sesiones BGP  dentro de un Service Provider.


Definiendo algunas bases:

El protocolo de intercambio de loopbacks será OSPF
El Route Reflector será el equipo 10.0.0.5
Los PE serán 10.0.0.1 y 10.0.0.3
Los equipos P unicamente haran swap de labels MPLS por lo que no tendrán configuración de BGP.
Los CPE no correrán ningún protocolo de enrutamiento por lo que simplemente tendrán rutas por defecto apuntando hacia su interfaz principal.

Partiremos de la siguiente topología:



En dicha topologia ya contamos con un IGP y LDP corriendo en la red lo comprobamos en los equipos PE, los archivos de configuración para establecer esta conectividad se encuentran al final de este post:

PE1:
PE1#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
10.0.0.4          0   FULL/  -        00:00:39    10.210.0.6      FastEthernet0/1
10.0.0.2          0   FULL/  -        00:00:39    10.210.0.2      FastEthernet0/0

PE1#show mpls ldp neighbor 
    Peer LDP Ident: 10.0.0.4:0; Local LDP Ident 10.0.0.1:0
TCP connection: 10.0.0.4.18737 - 10.0.0.1.646
State: Oper; Msgs sent/rcvd: 32/32; Downstream
Up time: 00:16:17
LDP discovery sources:
 FastEthernet0/1, Src IP addr: 10.210.0.6
        Addresses bound to peer LDP Ident:
          10.210.0.14     10.0.0.4        10.210.0.6      10.210.197.6    
    Peer LDP Ident: 10.0.0.2:0; Local LDP Ident 10.0.0.1:0
TCP connection: 10.0.0.2.14045 - 10.0.0.1.646
State: Oper; Msgs sent/rcvd: 32/32; Downstream
Up time: 00:16:15
LDP discovery sources:
 FastEthernet0/0, Src IP addr: 10.210.0.2
        Addresses bound to peer LDP Ident:
          10.210.0.2      10.0.0.2        10.210.0.10     10.210.197.2    

PE2:
PE2#show ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
10.0.0.2          0   FULL/  -        00:00:32    10.210.0.10     FastEthernet0/1
10.0.0.4          0   FULL/  -        00:00:32    10.210.0.14     FastEthernet0/0

PE2#show mpls ldp neighbor 
    Peer LDP Ident: 10.0.0.2:0; Local LDP Ident 10.0.0.3:0
TCP connection: 10.0.0.2.646 - 10.0.0.3.27967
State: Oper; Msgs sent/rcvd: 35/35; Downstream
Up time: 00:18:36
LDP discovery sources:
 FastEthernet0/1, Src IP addr: 10.210.0.10
        Addresses bound to peer LDP Ident:
          10.210.0.2      10.0.0.2        10.210.0.10     10.210.197.2    
    Peer LDP Ident: 10.0.0.4:0; Local LDP Ident 10.0.0.3:0
TCP connection: 10.0.0.4.34200 - 10.0.0.3.646
State: Oper; Msgs sent/rcvd: 35/35; Downstream
Up time: 00:18:36
LDP discovery sources:
 FastEthernet0/0, Src IP addr: 10.210.0.14
        Addresses bound to peer LDP Ident:
          10.210.0.14     10.0.0.4        10.210.0.6      10.210.197.6    

A continuación mostramos la configuración en ambos CPE:

CPE1:

ipv6 unicast-routing
!
!
interface FastEthernet1/0
 ip address 192.168.1.2 255.255.255.252
 duplex auto
 speed auto
 ipv6 address 2001:192:168:1::2/64
 ipv6 address autoconfig default
!         

ip route 0.0.0.0 0.0.0.0 FastEthernet1/0
!

CPE2:


ipv6 unicast-routing
!
!
interface FastEthernet1/0
 ip address 192.168.2.2 255.255.255.0
 duplex auto
 speed auto
 ipv6 address 2001:192:168:2::2/64
 ipv6 address autoconfig default
!         
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet1/0
!
!

En los PE recibiremos estas conexiones directamente en una VRF que llamaremos 6VPE, para crear esta VRF lo haremos de forma diferente a una VRF VPNv4 convencional a continuación se presenta la configuración necesaria en PE1, la misma configuración de la VRF aplica para PE2

PE1:

vrf definition 6VPE
 rd 1:100
 !
 address-family ipv4
 route-target export 1:100
 route-target import 1:100
 exit-address-family
 !
 address-family ipv6
 route-target export 1:100
 route-target import 1:100
 exit-address-family
!  
interface FastEthernet1/0
 vrf forwarding 6VPE
 ip address 192.168.1.1 255.255.255.252
 duplex full
 ipv6 address 2001:192:168:1::1/64
 ipv6 address autoconfig
end
       

El valor de RD 1:100 lo elegimos de forma arbitraria, una red de SP utilizan RD definidos bajo reglas haciendo relación a números de sistemas autónomos y parámetros especiales de cada equipo.

Es importante notar que definimos dos Address-Family dentro de esta VRF, por lo que será una VRF dual stack en la cual tendremos dos tablas de enrutamiento una para v4 y otra para v6.

Configuramos PE1 y PE2 para hablar MPBGP con el Route Reflector en dos diferentes Address-Family VPNv4 y VPNv6

PE1:
router bgp 1
 bgp router-id 10.0.0.1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 10.0.0.5 remote-as 1
 neighbor 10.0.0.5 update-source Loopback0
 !
 address-family ipv4
  no synchronization
  no auto-summary
 exit-address-family
 !
 address-family vpnv4
  neighbor 10.0.0.5 activate
  neighbor 10.0.0.5 send-community both
 exit-address-family
 !
 address-family vpnv6
  neighbor 10.0.0.5 activate
  neighbor 10.0.0.5 send-community both
 exit-address-family
 !

Adicionalmente definimos dos address-family para la VRF 6VPE estos serán IPv4 e IPv6, con los siguientes comandos indicamos a BGP que deberá redistribuir las rutas conectadas en la VRF 6VPE tanto IPv4 como IPv6:

PE1:
router bgp 1
 address-family ipv4 vrf 6VPE
  no synchronization
  redistribute connected
 exit-address-family
 !
 address-family ipv6 vrf 6VPE
  redistribute connected
  no synchronization
 exit-address-family
!
!
Con respecto al Route Reflector es de importancia revisar la configuración de BGP en el cual podemos apreciar la instrucción donde  definimos que los equipos 10.0.0.1 y 10.0.0.3 son clientes de Route Reflector

RR:
router bgp 1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 10.0.0.1 remote-as 1
 neighbor 10.0.0.1 update-source Loopback0
 neighbor 10.0.0.3 remote-as 1
 neighbor 10.0.0.3 update-source Loopback0
 !
 address-family ipv4
  no synchronization
  no auto-summary
 exit-address-family
 !
 address-family vpnv4
  neighbor 10.0.0.1 activate
  neighbor 10.0.0.1 send-community both
  neighbor 10.0.0.1 route-reflector-client
  neighbor 10.0.0.3 activate
  neighbor 10.0.0.3 send-community both
  neighbor 10.0.0.3 route-reflector-client
 exit-address-family
 !
 address-family vpnv6
  neighbor 10.0.0.1 activate
  neighbor 10.0.0.1 send-community both
  neighbor 10.0.0.1 route-reflector-client
  neighbor 10.0.0.3 activate
  neighbor 10.0.0.3 send-community both
  neighbor 10.0.0.3 route-reflector-client
 exit-address-family
!         

Comprobamos las sesiones BGP VPNv4 en el Route Reflector

RR:
RR#show bgp vpnv4 unicast all summary 
BGP router identifier 10.0.0.5, local AS number 1
BGP table version is 5, main routing table version 5
2 network entries using 304 bytes of memory
2 path entries using 104 bytes of memory
1/1 BGP path/bestpath attribute entries using 132 bytes of memory
1 BGP extended community entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 564 total bytes of memory
BGP activity 4/0 prefixes, 11/7 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.0.0.1        4            1      40      44        5    0    0 00:29:59        1
10.0.0.3        4            1      40      41        5    0    0 00:29:52        1

Comprobamos las sessiones BGP VPNv6 en el Route Reflector

RR:
RR#show bgp vpnv6 unicast all summary 
BGP router identifier 10.0.0.5, local AS number 1
BGP table version is 15, main routing table version 15
2 network entries using 352 bytes of memory
2 path entries using 160 bytes of memory
1/1 BGP path/bestpath attribute entries using 132 bytes of memory
1 BGP extended community entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 668 total bytes of memory
BGP activity 4/0 prefixes, 11/7 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.0.0.1        4            1      40      45       15    0    0 00:30:40        1
10.0.0.3        4            1      41      41       15    0    0 00:30:33        1

Podemos ver que cada PE nos esta enviando 1 prefijo tanto para la VPNv4 como para la VPNv6, estos prefijos son las rutas directamente conectadas hacia los CPE.

En PE1 podremos ver en cada tabla de enrutamiento que tenemos aprendido por BGP el prefijo de PE2 y vice versa

A continuación se presentan las tablas de enrutamiento para PE1:

PE1:
PE1#show ip route vrf 6VPE

Routing Table: 6VPE
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/30 is directly connected, FastEthernet1/0
L        192.168.1.1/32 is directly connected, FastEthernet1/0
      192.168.2.0/30 is subnetted, 1 subnets
B        192.168.2.0 [200/0] via 10.0.0.3, 00:33:13

PE1#show ipv6 route vrf 6VPE
IPv6 Routing Table - 6VPE - 5 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, R - RIP, I1 - ISIS L1, I2 - ISIS L2
       IA - ISIS interarea, IS - ISIS summary, D - EIGRP, EX - EIGRP external
       ND - Neighbor Discovery
       O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C   2001:192:168:1::/64 [0/0]
     via FastEthernet1/0, directly connected
L   2001:192:168:1::1/128 [0/0]
     via FastEthernet1/0, receive
L   2001:192:168:1:C809:19FF:FED1:1C/128 [0/0]
     via FastEthernet1/0, receive
B   2001:192:168:2::/64 [200/0]
     via 10.0.0.3%default, indirectly connected
L   FF00::/8 [0/0]
     via Null0, receive

Finalmente probamos la colectividad IPv4 e IPv6 desde el CPE1 hasta el CPE2 atravesando la red MPLS nativa en IPv4

CPE1#ping 192.168.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/56/68 ms

CPE1#ping ipv6 2001:192:168:2::2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:192:168:2::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/41/48 ms
CPE1#

Configuraciones Completas:

CPE1:
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CPE1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
ipv6 unicast-routing
!
!
ip tcp synwait-time 5
!         
!
!
!
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 192.168.1.2 255.255.255.252
 duplex auto
 speed auto
 ipv6 address 2001:192:168:1::2/64
 ipv6 address autoconfig default
!         
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet1/0
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

CPE2:

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CPE2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
ipv6 unicast-routing
!
!
ip tcp synwait-time 5
!         
!
!
!
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 192.168.2.2 255.255.255.0
 duplex auto
 speed auto
 ipv6 address 2001:192:168:2::2/64
 ipv6 address autoconfig default
!         
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet1/0
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

PE1:

!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname PE1
!
boot-start-marker
boot-end-marker
!
vrf definition 6VPE
 rd 1:100
 !
 address-family ipv4
 route-target export 1:100
 route-target import 1:100
 exit-address-family
 !
 address-family ipv6
 route-target export 1:100
 route-target import 1:100
 exit-address-family
!
!
no aaa new-model
ip source-route
no ip icmp rate-limit unreachable
!
!
!
!
no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.0.0.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.210.0.1 255.255.255.252
 ip ospf network point-to-point
 speed auto
 duplex half
 mpls ip
!
interface FastEthernet0/1
 ip address 10.210.0.5 255.255.255.252
 ip ospf network point-to-point
 speed auto
 duplex half
 mpls ip
!         
interface FastEthernet1/0
 vrf forwarding 6VPE
 ip address 192.168.1.1 255.255.255.252
 duplex full
 ipv6 address 2001:192:168:1::1/64
 ipv6 address autoconfig
!
router ospf 1
 router-id 10.0.0.1
 log-adjacency-changes
 network 10.0.0.1 0.0.0.0 area 0
 network 10.210.0.1 0.0.0.0 area 0
 network 10.210.0.5 0.0.0.0 area 0
!
router bgp 1
 bgp router-id 10.0.0.1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 10.0.0.5 remote-as 1
 neighbor 10.0.0.5 update-source Loopback0
 !
 address-family ipv4
  no synchronization
  no auto-summary
 exit-address-family
 !
 address-family vpnv4
  neighbor 10.0.0.5 activate
  neighbor 10.0.0.5 send-community both
 exit-address-family
 !
 address-family vpnv6
  neighbor 10.0.0.5 activate
  neighbor 10.0.0.5 send-community both
 exit-address-family
 !
 address-family ipv4 vrf 6VPE
  no synchronization
  redistribute connected
 exit-address-family
 !
 address-family ipv6 vrf 6VPE
  redistribute connected
  no synchronization
 exit-address-family
!         
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login    
!
end

PE2:

!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname PE2
!
boot-start-marker
boot-end-marker
!
vrf definition 6VPE
 rd 1:100
 !
 address-family ipv4
 route-target export 1:100
 route-target import 1:100
 exit-address-family
 !
 address-family ipv6
 route-target export 1:100
 route-target import 1:100
 exit-address-family
!
!
no aaa new-model
ip source-route
no ip icmp rate-limit unreachable
!
!
!
!
no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Loopback0
 ip address 10.0.0.3 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.210.0.13 255.255.255.252
 ip ospf network point-to-point
 speed auto
 duplex auto
 mpls ip
!
interface FastEthernet0/1
 ip address 10.210.0.9 255.255.255.252
 ip ospf network point-to-point
 speed auto
 duplex auto
 mpls ip
!         
interface FastEthernet1/0
 vrf forwarding 6VPE
 ip address 192.168.2.1 255.255.255.252
 duplex full
 ipv6 address 2001:192:168:2::1/64
 ipv6 address autoconfig
!
router ospf 1
 router-id 10.0.0.3
 log-adjacency-changes
 network 10.0.0.3 0.0.0.0 area 0
 network 10.210.0.9 0.0.0.0 area 0
 network 10.210.0.13 0.0.0.0 area 0
!
router bgp 1
 bgp router-id 10.0.0.3
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 10.0.0.5 remote-as 1
 neighbor 10.0.0.5 update-source Loopback0
 !
 address-family ipv4
  no synchronization
  no auto-summary
 exit-address-family
 !
 address-family vpnv4
  neighbor 10.0.0.5 activate
  neighbor 10.0.0.5 send-community both
 exit-address-family
 !
 address-family vpnv6
  neighbor 10.0.0.5 activate
  neighbor 10.0.0.5 send-community both
 exit-address-family
 !
 address-family ipv4 vrf 6VPE
  no synchronization
  redistribute connected
 exit-address-family
 !
 address-family ipv6 vrf 6VPE
  redistribute connected
  no synchronization
 exit-address-family
!         
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login    
!
end

P1:

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname P1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!

!
ip tcp synwait-time 5
!         
!
!
!
interface Loopback0
 ip address 10.0.0.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.210.0.2 255.255.255.252
 ip ospf network point-to-point
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 ip address 10.210.0.10 255.255.255.252
 ip ospf network point-to-point
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet1/0
 ip address 10.210.197.2 255.255.255.252
 ip ospf network point-to-point
 duplex auto
 speed auto
 mpls ip
!
router ospf 1
 router-id 10.0.0.2
 log-adjacency-changes
 network 10.0.0.2 0.0.0.0 area 0
 network 10.210.0.2 0.0.0.0 area 0
 network 10.210.0.10 0.0.0.0 area 0
 network 10.210.197.2 0.0.0.0 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!         
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

P2:

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname P2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!

!
ip tcp synwait-time 5
!         
!
!
!
interface Loopback0
 ip address 10.0.0.4 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.210.0.14 255.255.255.252
 ip ospf network point-to-point
 speed auto
 full-duplex
 mpls ip
!
interface FastEthernet0/1
 ip address 10.210.0.6 255.255.255.252
 ip ospf network point-to-point
 speed auto
 full-duplex
 mpls ip
!
interface FastEthernet1/0
 ip address 10.210.197.6 255.255.255.252
 ip ospf network point-to-point
 duplex auto
 speed auto
 mpls ip
!
router ospf 1
 router-id 10.0.0.4
 log-adjacency-changes
 network 10.0.0.4 0.0.0.0 area 0
 network 10.210.0.6 0.0.0.0 area 0
 network 10.210.0.14 0.0.0.0 area 0
 network 10.210.197.6 0.0.0.0 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!         
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

RR:

!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname RR
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip source-route
no ip icmp rate-limit unreachable
!
!
!
!
no ip domain lookup
ip cef    
ipv6 unicast-routing
ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Loopback0
 ip address 10.0.0.5 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 shutdown
 speed auto
 duplex auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 speed auto
 duplex auto
!
interface FastEthernet1/0
 ip address 10.210.197.1 255.255.255.252
 ip ospf network point-to-point
 speed auto
 duplex auto
 mpls ip
!
interface FastEthernet1/1
 ip address 10.210.197.5 255.255.255.252
 ip ospf network point-to-point
 speed auto
 duplex auto
 mpls ip
!
router ospf 1
 router-id 10.0.0.5
 log-adjacency-changes
 network 10.0.0.5 0.0.0.0 area 0
 network 10.210.197.1 0.0.0.0 area 0
 network 10.210.197.5 0.0.0.0 area 0
!
router bgp 1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 10.0.0.1 remote-as 1
 neighbor 10.0.0.1 update-source Loopback0
 neighbor 10.0.0.3 remote-as 1
 neighbor 10.0.0.3 update-source Loopback0
 !
 address-family ipv4
  no synchronization
  no auto-summary
 exit-address-family
 !
 address-family vpnv4
  neighbor 10.0.0.1 activate
  neighbor 10.0.0.1 send-community both
  neighbor 10.0.0.1 route-reflector-client
  neighbor 10.0.0.3 activate
  neighbor 10.0.0.3 send-community both
  neighbor 10.0.0.3 route-reflector-client
 exit-address-family
 !
 address-family vpnv6
  neighbor 10.0.0.1 activate
  neighbor 10.0.0.1 send-community both
  neighbor 10.0.0.1 route-reflector-client
  neighbor 10.0.0.3 activate
  neighbor 10.0.0.3 send-community both
  neighbor 10.0.0.3 route-reflector-client
 exit-address-family
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login
!
end

Espero este post sea de utilidad asi que no olviden comentar cualquier pregunta, sugerencia o inquietud,  de esos feedback retomo para crear nuevas entradas, hasta la próxima.


viernes, 4 de abril de 2014

Tunnel IPv6/IP sobre red de transporte IPv4

Hola a todos después de algún tiempo de estar fuera del blog retomo con este post sobre Tunnel Ipv6 sobre red de transporte Ipv4,

Basicamente lo que haremos es construir una red de transporte Ipv4 a traves de OSPFv2 para intercambio de rutas y conformaremos un Tunnel Ipv6IP entre un router que sera nuestra isla de Ipv6 y el destino que será un router que cuenta con capacidades tanto para enrular trafico v4 como v6.

Adicionalmente correremos OSPFv3 en el tunnel para el intercambio de rutas IPv6.


A continuacion se presenta la red a implementar:



Utilizaremos las loopbacks 0 IPv4 10.0.0.X donde X es el numero de cada Router, estas loopbacks son importantes ya que desempeñan el rol de Router ID para OSPF tanto para v4 como para v6.

R1:
interface Loopback 0
ip add 10.0.0.1 255.255.255.255

Configuraremos las loopbacks 100 Ipv6 en los routers R1, R3 y R4, el no configurarla en R2 es intencional ya que R2 solamente funcionara como transporte IPv4 en el cual encapsularemos transporte IPv6, para esto utilizaremos la red 2001:ABCD::X/128 donde X es el numero de router

R1:
interface Loopback 100
ipv6 address 2001:ABCD::1/128

Configuraremos un tunnel entre R1 y R3 por lo cual nos valdremos del proceso de OSPF en IPv4 para intercambiar las loopbacks 10.0.0.X las cuales utilizaremos como source y destination para establecer el tunnel.


R1:
interface Tunnel0
tunnel source Loopback0
tunnel destination 10.0.0.3
tunnel mode ipv6ip

El tunnel necesita subnet Ipv6 para funcionar correctamente esta al igual que todas las direcciones punto a punto de tipo locales las configuraremos a traves del feature autoconfig el cual utiliza la mac address para generar una dirección Ipv6 única en un enlace local.

R1:
interface Tunnel 0
ipv6 address autoconfig

A continuacion se presentan las configuraciones aplicadas en cada equipo



R1:

ipv6 unicast-routing << Activamos el enrutamiento del protocolo IPv6
!
!
interface Loopback0
 ip address 10.0.0.1 255.255.255.255
!
interface Loopback100
 no ip address
 ipv6 address 2001:ABCD::1/128
 ipv6 ospf network point-to-point
 ipv6 ospf 1 area 0
!
interface Tunnel0
 no ip address
 ipv6 address autoconfig << Usamos el feature autoconfig para configurar las IP de dinamicas
 ipv6 ospf 1 area 0  << A traves de este comando iniciamos  OSPFv3 en el tunnel
 tunnel source Loopback0
 tunnel destination 10.0.0.3
 tunnel mode ipv6ip
!
interface FastEthernet0/0
 ip address 10.210.12.1 255.255.255.252
 ip ospf network point-to-point
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router ospf 1
 router-id 10.0.0.1
 log-adjacency-changes
 network 10.0.0.1 0.0.0.0 area 0
 network 10.210.12.1 0.0.0.0 area 0
 network 192.168.1.0 0.0.0.255 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!      
ipv6 router ospf 1
 router-id 10.0.0.1 << Definimos un router ID consistente para el OSPFv3
 log-adjacency-changes
!


R2: << R2 No tiene nada de Ipv6 configurado

!
interface Loopback0
 ip address 10.0.0.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.210.12.2 255.255.255.252
 ip ospf network point-to-point
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.210.23.1 255.255.255.252
 ip ospf network point-to-point
 duplex auto
 speed auto
 mpls ip
!
router ospf 1
 router-id 10.0.0.2
 log-adjacency-changes
 network 10.0.0.2 0.0.0.0 area 0
 network 10.210.12.2 0.0.0.0 area 0
 network 10.210.23.1 0.0.0.0 area 0

R3:

ipv6 unicast-routing
!

interface Loopback0
 ip address 10.0.0.3 255.255.255.255
!
interface Loopback100
 no ip address
 ipv6 address 2001:ABCD::3/128
 ipv6 ospf network point-to-point
 ipv6 ospf 1 area 0
!
interface Tunnel0
 no ip address
 ipv6 address autoconfig
 ipv6 ospf 1 area 0
 tunnel source Loopback0
 tunnel destination 10.0.0.1 << Destinos y Origen del tunnel son Ipv4
 tunnel mode ipv6ip
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
 ipv6 address autoconfig
 ipv6 ospf network point-to-point
 ipv6 ospf 1 area 0
!
interface FastEthernet0/1
 ip address 10.210.23.2 255.255.255.252
 ip ospf network point-to-point
 duplex auto
 speed auto
!
router ospf 1
 router-id 10.0.0.3
 log-adjacency-changes
 network 10.0.0.3 0.0.0.0 area 0
 network 10.210.23.2 0.0.0.0 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
ipv6 router ospf 1
 router-id 10.0.0.3
 log-adjacency-changes
!


R4:

ipv6 unicast-routing
!

interface Loopback0
 ip address 10.0.0.4 255.255.255.255
!
interface Loopback100
 no ip address
 ip ospf 1 area 0
 ipv6 address 2001:ABCD::4/128
 ipv6 ospf network point-to-point
 ipv6 ospf 1 area 0
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
 ipv6 address autoconfig
 ipv6 ospf network point-to-point
 ipv6 ospf 1 area 0
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
ipv6 router ospf 1
 router-id 10.0.0.4
 log-adjacency-changes
!


Comprobamos el funcionamiento de nuestra solución, las tablas de enrolamiento son independientes para ambos protocolos, como podrán observar en R2 no existe ningún prefijo IPv6


Tablas de Enrutamiento IPv4 e IPv6


R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
O       10.0.0.2/32 [110/11] via 10.210.12.2, 00:23:33, FastEthernet0/0
O       10.0.0.3/32 [110/21] via 10.210.12.2, 00:23:33, FastEthernet0/0
C       10.0.0.1/32 is directly connected, Loopback0
O       10.210.23.0/30 [110/20] via 10.210.12.2, 00:23:33, FastEthernet0/0
C       10.210.12.0/30 is directly connected, FastEthernet0/0


R1#sho ipv6 route
IPv6 Routing Table - 5 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
       U - Per-user Static route
       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
       O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
LC  2001:ABCD::1/128 [0/0]
     via ::, Loopback100
O   2001:ABCD::3/128 [110/11111] << Prefijos aprendidos por OSPFv3
     via FE80::A00:3, Tunnel0
O   2001:ABCD::4/128 [110/11121]
     via FE80::A00:3, Tunnel0
L   FE80::/10 [0/0]
     via ::, Null0
L   FF00::/8 [0/0]
     via ::, Null0



R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C       10.0.0.2/32 is directly connected, Loopback0
O       10.0.0.3/32 [110/11] via 10.210.23.2, 00:23:34, FastEthernet0/1
O       10.0.0.1/32 [110/11] via 10.210.12.1, 00:23:34, FastEthernet0/0
C       10.210.23.0/30 is directly connected, FastEthernet0/1
C       10.210.12.0/30 is directly connected, FastEthernet0/0

R2#show ipv6 route
IPv6 Routing Table - 0 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
       U - Per-user Static route
       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
       O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2

<< No hay prefijos en la tabla de Ipv6



R3#show ip route 
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
O       10.0.0.2/32 [110/11] via 10.210.23.1, 00:24:47, FastEthernet0/1
C       10.0.0.3/32 is directly connected, Loopback0
O       10.0.0.1/32 [110/21] via 10.210.23.1, 00:24:47, FastEthernet0/1
C       10.210.23.0/30 is directly connected, FastEthernet0/1
O       10.210.12.0/30 [110/20] via 10.210.23.1, 00:24:47, FastEthernet0/1

<< La tabla de Ipv4 solamente la estamos utilizando para intercambiar las rutas del origen y destino del tunnel bien podriamos utilizar rutas estaticas, BGP o cualquier otro protocolo dinámico para esta labor.
          

R3#show ipv6 route
IPv6 Routing Table - 5 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
       U - Per-user Static route
       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
       O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
O   2001:ABCD::1/128 [110/11111]
     via FE80::A00:1, Tunnel0
LC  2001:ABCD::3/128 [0/0]
     via ::, Loopback100
O   2001:ABCD::4/128 [110/10]
     via FE80::C203:13FF:FE0A:0, FastEthernet0/0
L   FE80::/10 [0/0]
     via ::, Null0
L   FF00::/8 [0/0]
     via ::, Null0

<< OSPFv3 es la version de OSPF para IPv6 existen también versiones de RIP, EIGRP y BGP para IPv6




R4#show ipv6 route
IPv6 Routing Table - 5 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
       U - Per-user Static route
       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
       O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
O   2001:ABCD::1/128 [110/11121]
     via FE80::C202:13FF:FE0A:0, FastEthernet0/0
O   2001:ABCD::3/128 [110/10]
     via FE80::C202:13FF:FE0A:0, FastEthernet0/0
LC  2001:ABCD::4/128 [0/0]
     via ::, Loopback100
L   FE80::/10 [0/0]
     via ::, Null0
L   FF00::/8 [0/0]
     via ::, Null0

<< En R4 no tenemos tabla de IPv4 ya que únicamente esta hablando IPv6



Prueba de Conectividad de Ipv6 desde R1 hasta R4


R1#ping ipv6 2001:ABCD::4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:ABCD::4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/58/64 ms

Espero les haya gustado y sea de utilidad este post el cual me inspire en una pregunta de Antonio Perez para desarrollarlo, no duden en preguntar y se agradecen correcciones de antemano.