Wired Intelligent Edge

 View Only
last person joined: 2 days ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.

AOS-CX IPv6 - Global Unicast Addresses

This thread has been viewed 13 times
  • 1.  AOS-CX IPv6 - Global Unicast Addresses

    EMPLOYEE
    Posted Nov 03, 2022 01:56 PM
    The objective of this post is to help understand and discuss AOS-CX IPv6 - Global Unicast Addresses/GUA.

    We covered AOS-CX IPv6 - IPv6 address types, Link Local Addresses, solicited-node multicast addresses, duplicate address detection, ICMPv6 Neighbor Solicitation/NS, GUA for IBGP peering previously in
    https://community.arubanetworks.com/discussion/aos-cx-ipv6-link-local-addresses
    https://community.arubanetworks.com/discussion/aos-cx-ipv6-link-local-addresses-part-2
    Let's move onto GUA for network connectivity across different subnets.

    This topology will be used with an AOS-CX switch in the middle of 2 hosts.

    Switched Virtual Interface/SVI "int VLAN 19" has 2 GUAs, while "int VLAN 20" only has 1 GUA to demonstrate that an interface on an IPv6 host can support multiple GUAs but only 1 LLA.
    I have used another AOS-CX switch to simulate Host1 and while a Windows VM is used as Host2, both hosts are placed into different VLANs.

    Let's start with 1 GUA on "int VLAN 19", this would function as the default gateway out of the subnet when GUA is used on hosts.
    AOS-CX(config)# int vlan 19
    AOS-CX(config-if-vlan)# ipv6 address 2001:db8:a19::254/64
    Take note that subnets with IPv6 hosts are standardized to /64.

    If you have a need to summarize multiple /64 subnets on an upstream router, you should use an IPv6 calculator such as
    http://www.gestioip.net/cgi-bin/subnet_calculator.cgi


    Notice it has joined the ff02::1:ff00:254 "solicited-node multicast address" to listen in for any NS to GUA 2001:db8:a19::254.
    It has also joined the ff02::1:ffba:d800 "solicited-node multicast address" to listen in for any NS to LLA fe80::9020:c280:13ba:d800.
    AOS-CX(config-if-vlan)# do sh ipv6 int vlan 19
    Interface vlan19 is up
    Admin state is up
    IPv6 address:
    2001:db8:a19::254/64 [VALID]
    IPv6 link-local address: fe80::9020:c280:13ba:d800/64 [VALID]
    IPv6 virtual address configured: none
    IPv6 multicast routing: disable
    IPv6 Forwarding feature: enabled
    IPv6 multicast groups locally joined:
    ff02::1 ff02::1:ffba:d800 ff02::1:ff00:254 ff02::1:ff00:0
    ff02::2
    IPv6 multicast (S,G) entries joined: none
    IPv6 MTU 1500
    IPv6 unicast reverse path forwarding: none
    IPv6 load sharing: none
    active-gateway L3 source mac 90:20:c2:ba:d8:00


    If you try to add another SVI GUA IP on the same subnet, you will be prompted with this error.
    AOS-CX(config)# int vlan 19
    AOS-CX(config-if-vlan)# ipv6 address 2001:db8:a19::253/64
    An interface with the same IP address or subnet or an overlapping network 2001:db8:a19::253/64 already exists.

    If you plan to use VSX, AOS-CX will accept another GUA IP on the same subnet using active gateway
    AOS-CX(config-if-vlan)# active-gateway ipv6 2001:db8:a19::253

    Since this is a standalone switch, we will remove it
    AOS-CX(config-if-vlan)# no active-gateway ipv6 2001:db8:a19::253

    If we add another GUA on a different subnet, such as b19 as 3rd hextet (A hextet consists of 4 hexadecimal digits, e.g. 2001 or 0db8 or b19)
    We can see there are 2 valid IPv6 addresses now, but no additional multicast groups are joined as both GUAs map to the same ff02::1:ff00:254 "solicited-node multicast address"
    AOS-CX(config-if-vlan)# ipv6 address 2001:db8:b19::254/64
    AOS-CX(config-if-vlan)# do sh ipv6 int vlan 19
    Interface vlan19 is up
    Admin state is up
    IPv6 address:
    2001:db8:a19::254/64 [VALID]
    2001:db8:b19::254/64 [VALID]
    IPv6 link-local address: fe80::9020:c280:13ba:d800/64 [VALID]
    IPv6 virtual address configured: none
    IPv6 multicast routing: disable
    IPv6 Forwarding feature: enabled
    IPv6 multicast groups locally joined:
    ff02::1 ff02::1:ffba:d800 ff02::1:ff00:254 ff02::1:ff00:0
    ff02::2
    IPv6 multicast (S,G) entries joined: none
    IPv6 MTU 1500
    IPv6 unicast reverse path forwarding: none
    IPv6 load sharing: none
    active-gateway L3 source mac 90:20:c2:ba:d8:00


    As an example, if we add a GUA that doesn't map to an existing "solicited-node multicast address".
    AOS-CX(config-if-vlan)# ipv6 address 2001:db8:b190::b254/64

    It will join the ff02::1:ff00:b254 "solicited-node multicast address" to listen in for any NS to GUA 2001:db8:b190::b254.
    AOS-CX(config-if-vlan)# do sh ipv6 int vlan 19
    Interface vlan19 is up
    Admin state is up
    IPv6 address:
    2001:db8:a19::254/64 [VALID]
    2001:db8:b190::b254/64 [VALID]
    2001:db8:b19::254/64 [VALID]
    IPv6 link-local address: fe80::9020:c280:13ba:d800/64 [VALID]
    IPv6 virtual address configured: none
    IPv6 multicast routing: disable
    IPv6 Forwarding feature: enabled
    IPv6 multicast groups locally joined:
    ff02::1 ff02::1:ffba:d800 ff02::1:ff00:b254 ff02::1:ff00:254
    ff02::1:ff00:0 ff02::2
    IPv6 multicast (S,G) entries joined: none
    IPv6 MTU 1500
    IPv6 unicast reverse path forwarding: none
    IPv6 load sharing: none
    active-gateway L3 source mac 90:20:c2:ba:d8:00


    From Host1 perspective, we configure these
    2 GUAs on 1/1/4 and a default route towards the AOS-CX switch in the middle
    Host1# sh run
    ! snip
    interface 1/1/4
    no shutdown
    ipv6 address 2001:db8:a19::1/64
    ipv6 address 2001:db8:b19::1/64
    !
    ipv6 route ::/0 2001:db8:a19::254


    From Host2 perspective, we configure these
    1 GUA and 1 default gateway towards AOS-CX switch "int VLAN 20"


    Inter subnet network connectivity works as expected from Host2 to Host1

    From the AOS-CX switch perspective, it has IPv6 neighbor entries for both GUAs on Host1 in vlan 19 and the GUA + LLA from Host2 in vlan 20
    AOS-CX# sh ipv6 nei

    IPv6 Address MAC Port Physical Port State
    --------------------------------------------------------------------------------------------------------------------
    2001:db8:a19::1 54:80:28:fe:f9:00 vlan19 1/1/49 reachable
    2001:db8:20::2 00:50:56:8e:71:db vlan20 1/1/10 reachable
    2001:db8:b19::1 54:80:28:fe:f9:00 vlan19 1/1/49 reachable
    fe80::49e9:6a71:5e4:ce31 00:50:56:8e:71:db vlan20 1/1/10 reachable

    Total Number Of IPv6 Neighbors Entries Listed: 4.
    --------------------------------------------------------------------------------------------------------------------


    And the IPv6 routing table we expect.
    AOS-CX# sh ipv6 route

    Displaying ipv6 routes selected for forwarding

    Origin Codes: C - connected, S - static, L - local
    R - RIP, B - BGP, O - OSPF
    Type Codes: E - External BGP, I - Internal BGP, V - VPN, EV - EVPN
    IA - OSPF internal area, E1 - OSPF external type 1
    E2 - OSPF external type 2

    VRF: default

    Prefix Nexthop Interface VRF(egress) Origin/ Distance/ Age
    Type Metric
    ---------------------------------------------------------------------------------------------------------------------------------------------------------
    2001:db8:20::/64 - vlan20 - C [0/0] -
    2001:db8:20::254/128 - vlan20 - L [0/0] -
    2001:db8:a19::/64 - vlan19 - C [0/0] -
    2001:db8:a19::254/128 - vlan19 - L [0/0] -
    2001:db8:b19::/64 - vlan19 - C [0/0] -
    2001:db8:b19::254/128 - vlan19 - L [0/0] -
    2001:db8:b190::/64 - vlan19 - C [0/0] -
    2001:db8:b190::b254/128 - vlan19 - L [0/0] -

    Total Route Count : 8



    As covered in the previous LLA post, if you are able to utilize OSPFv3 between routers, make full use of LLA to minimize subnet planning for inter router links.
    If you need to use IPv6 IBGP, establish peering using GUA on loopbacks between IBGP peers.
    For IPv6 EBGP, you can establish peering using GUA between directly connected peers or multi-hop EBGP between EBGP peers.

    If you have questions, let's discuss!


    ------------------------------
    DWan
    ------------------------------