The objective of this post is to help understand and discuss AOS-CX IPv6 - Global Unicast Addresses/GUA.
We covered AOS-CX IPv6 - IPv6 address types, Link Local Addresses, solicited-node multicast addresses, duplicate address detection, ICMPv6 Neighbor Solicitation/NS, GUA for IBGP peering previously in
https://community.arubanetworks.com/discussion/aos-cx-ipv6-link-local-addresseshttps://community.arubanetworks.com/discussion/aos-cx-ipv6-link-local-addresses-part-2Let's move onto GUA for network connectivity across different subnets.
This topology will be used with an AOS-CX switch in the middle of 2 hosts.
Switched Virtual Interface/SVI "int VLAN 19" has 2 GUAs, while "int VLAN 20" only has 1 GUA to demonstrate that an interface on an IPv6 host can support multiple GUAs but only 1 LLA.
I have used another AOS-CX switch to simulate Host1 and while a Windows VM is used as Host2, both hosts are placed into different VLANs.
Let's start with 1 GUA on "int VLAN 19", this would function as the default gateway out of the subnet when GUA is used on hosts.
AOS-CX(config)# int vlan 19
AOS-CX(config-if-vlan)# ipv6 address 2001:db8:a19::254/64
Take note that subnets with IPv6 hosts are standardized to /64.
If you have a need to summarize multiple /64 subnets on an upstream router, you should use an IPv6 calculator such as
http://www.gestioip.net/cgi-bin/subnet_calculator.cgiNotice it has joined the ff02::1:ff00:254 "solicited-node multicast address" to listen in for any NS to GUA 2001:db8:a19::254.
It has also joined the ff02::1:ffba:d800 "solicited-node multicast address" to listen in for any NS to LLA fe80::9020:c280:13ba:d800.
AOS-CX(config-if-vlan)# do sh ipv6 int vlan 19
Interface vlan19 is up
Admin state is up
IPv6 address:
2001:db8:a19::254/64 [VALID]
IPv6 link-local address:
fe80::9020:c280:13ba:d800/64 [VALID]
IPv6 virtual address configured: none
IPv6 multicast routing: disable
IPv6 Forwarding feature: enabled
IPv6 multicast groups locally joined:
ff02::1
ff02::1:ffba:d800 ff02::1:ff00:254 ff02::1:ff00:0
ff02::2
IPv6 multicast (S,G) entries joined: none
IPv6 MTU 1500
IPv6 unicast reverse path forwarding: none
IPv6 load sharing: none
active-gateway L3 source mac 90:20:c2:ba:d8:00
If you try to add another SVI GUA IP on the same subnet, you will be prompted with this error.
AOS-CX(config)# int vlan 19
AOS-CX(config-if-vlan)# ipv6 address 2001:db8:a19::253/64
An interface with the same IP address or subnet or an overlapping network 2001:db8:a19::253/64 already exists.
If you plan to use VSX, AOS-CX will accept another GUA IP on the same subnet using active gateway
AOS-CX(config-if-vlan)# active-gateway ipv6 2001:db8:a19::253
Since this is a standalone switch, we will remove it
AOS-CX(config-if-vlan)# no active-gateway ipv6 2001:db8:a19::253
If we add another GUA on a different subnet, such as b19 as 3rd hextet (A hextet consists of 4 hexadecimal digits, e.g. 2001 or 0db8 or b19)
We can see there are 2 valid IPv6 addresses now, but no additional multicast groups are joined as both GUAs map to the same ff02::1:ff00:254 "solicited-node multicast address"
AOS-CX(config-if-vlan)# ipv6 address 2001:db8:b19::254/64
AOS-CX(config-if-vlan)# do sh ipv6 int vlan 19
Interface vlan19 is up
Admin state is up
IPv6 address:
2001:db8:a19::254/64 [VALID]
2001:db8:b19::254/64 [VALID]
IPv6 link-local address: fe80::9020:c280:13ba:d800/64 [VALID]
IPv6 virtual address configured: none
IPv6 multicast routing: disable
IPv6 Forwarding feature: enabled
IPv6 multicast groups locally joined:
ff02::1 ff02::1:ffba:d800
ff02::1:ff00:254 ff02::1:ff00:0
ff02::2
IPv6 multicast (S,G) entries joined: none
IPv6 MTU 1500
IPv6 unicast reverse path forwarding: none
IPv6 load sharing: none
active-gateway L3 source mac 90:20:c2:ba:d8:00
As an example, if we add a GUA that doesn't map to an existing "solicited-node multicast address".
AOS-CX(config-if-vlan)# ipv6 address 2001:db8:b190::b254/64
It will join the ff02::1:ff00:b254 "solicited-node multicast address" to listen in for any NS to GUA 2001:db8:b190::b254.
AOS-CX(config-if-vlan)# do sh ipv6 int vlan 19
Interface vlan19 is up
Admin state is up
IPv6 address:
2001:db8:a19::254/64 [VALID]
2001:db8:b190::b254/64 [VALID]
2001:db8:b19::254/64 [VALID]
IPv6 link-local address: fe80::9020:c280:13ba:d800/64 [VALID]
IPv6 virtual address configured: none
IPv6 multicast routing: disable
IPv6 Forwarding feature: enabled
IPv6 multicast groups locally joined:
ff02::1 ff02::1:ffba:d800
ff02::1:ff00:b254 ff02::1:ff00:254
ff02::1:ff00:0 ff02::2
IPv6 multicast (S,G) entries joined: none
IPv6 MTU 1500
IPv6 unicast reverse path forwarding: none
IPv6 load sharing: none
active-gateway L3 source mac 90:20:c2:ba:d8:00
From Host1 perspective, we configure these
2 GUAs on 1/1/4 and a default route towards the AOS-CX switch in the middle
Host1# sh run
! snip
interface 1/1/4
no shutdown
ipv6 address 2001:db8:a19::1/64
ipv6 address 2001:db8:b19::1/64
!
ipv6 route ::/0 2001:db8:a19::254
From Host2 perspective, we configure these
1 GUA and 1 default gateway towards AOS-CX switch "int VLAN 20"
Inter subnet network connectivity works as expected from Host2 to Host1
From the AOS-CX switch perspective, it has IPv6 neighbor entries for both GUAs on Host1 in vlan 19 and the GUA + LLA from Host2 in vlan 20
AOS-CX# sh ipv6 nei
IPv6 Address MAC Port Physical Port State
--------------------------------------------------------------------------------------------------------------------
2001:db8:a19::1 54:80:28:fe:f9:00 vlan19 1/1/49 reachable
2001:db8:20::2 00:50:56:8e:71:db vlan20 1/1/10 reachable
2001:db8:b19::1 54:80:28:fe:f9:00 vlan19 1/1/49 reachable
fe80::49e9:6a71:5e4:ce31 00:50:56:8e:71:db vlan20 1/1/10 reachable
Total Number Of IPv6 Neighbors Entries Listed: 4.
--------------------------------------------------------------------------------------------------------------------
And the IPv6 routing table we expect.
AOS-CX# sh ipv6 route
Displaying ipv6 routes selected for forwarding
Origin Codes: C - connected, S - static, L - local
R - RIP, B - BGP, O - OSPF
Type Codes: E - External BGP, I - Internal BGP, V - VPN, EV - EVPN
IA - OSPF internal area, E1 - OSPF external type 1
E2 - OSPF external type 2
VRF: default
Prefix Nexthop Interface VRF(egress) Origin/ Distance/ Age
Type Metric
---------------------------------------------------------------------------------------------------------------------------------------------------------
2001:db8:20::/64 - vlan20 - C [0/0] -
2001:db8:20::254/128 - vlan20 - L [0/0] -
2001:db8:a19::/64 - vlan19 - C [0/0] -
2001:db8:a19::254/128 - vlan19 - L [0/0] -
2001:db8:b19::/64 - vlan19 - C [0/0] -
2001:db8:b19::254/128 - vlan19 - L [0/0] -
2001:db8:b190::/64 - vlan19 - C [0/0] -
2001:db8:b190::b254/128 - vlan19 - L [0/0] -
Total Route Count : 8
As covered in the previous LLA post, if you are able to utilize OSPFv3 between routers, make full use of LLA to minimize subnet planning for inter router links.
If you need to use IPv6 IBGP, establish peering using GUA on loopbacks between IBGP peers.
For IPv6 EBGP, you can establish peering using GUA between directly connected peers or multi-hop EBGP between EBGP peers.
If you have questions, let's discuss!
------------------------------
DWan
------------------------------