Wired Intelligent Edge

 View Only

AOS-CX IPv6 - Unique Local Addresses

This thread has been viewed 21 times
  • 1.  AOS-CX IPv6 - Unique Local Addresses

    Posted Dec 08, 2022 05:31 PM
    The objective of this post is to help understand and discuss AOS-CX IPv6 - Unique Local Addresses/ULA.

    We covered AOS-CX IPv6 - IPv6 address types, Link Local Addresses, solicited-node multicast addresses, duplicate address detection, ICMPv6 Neighbor Solicitation/NS, GUA for BGP peering, GUA for inter subnet connectivity previously in
    https://community.arubanetworks.com/discussion/aos-cx-ipv6-link-local-addresses
    https://community.arubanetworks.com/discussion/aos-cx-ipv6-link-local-addresses-part-2
    https://community.arubanetworks.com/discussion/aos-cx-ipv6-global-unicast-addresses

    Let's move onto ULA for network infrastructure usage.
    - It's possible to utilize the ULA fd00::/8 range from the larger fc00::/7 range for network infrastructure usage
    - In the event of network merges or GUA changes in future, using ULA for the network infrastructure portion can help minimize GUA renumbering since you only need to make changes to affected interfaces
    - GUA will still be used for subnets with IPv6 hosts
    - Since an interface can support multiple IPv6 addresses, GUA IPs can also be added to portions of the network infrastructure if desired
    - RFC 4193 states a pseudo-random algorithm to generate Global IDs should be used, we recommend an ULA generator (www.ip-six.de is an example)


    We will use the above topology and OSPFv3/IBGP in our example.
    OSPFv3 will be used to route ULAs for network infrastructure, while IBGP will be used to route GUAs for hosts.
    IBGP peering makes use of ULAs.
    BGP will help provide the ability for GUA route filtering when advertising routes to a different administrative domain.


    As OSPFv3/BGP requires an IPv4 router ID, each switch has Lo0 with a /32 IPv4 address assigned to it for this purpose.
    ULA /128 IPv6 addresses are added to the same loopbacks for IBGP peering between the switches.

    Here are switch configs.

    Switch1
    ==========
    interface 1/1/4
     no shutdown
     ipv6 address link-local
     ipv6 ospfv3 1 area 0.0.0.0
    !
    interface loopback 0
     ip address 192.168.1.1/32
     ipv6 address fd25:bccf:1ffa:100::1/128
     ipv6 ospfv3 1 area 0.0.0.0
     ! ULA in Lo0
     ! Let's assume GUA is also required on Switch1, as we are using lo0 as BGP peering source, we will need to add another loopback for the GUA
    !
    interface loopback 1
     ipv6 address 2001:db8:beef::1/128
     ! GUA in Lo1
    !
    router ospfv3 1
     router-id 192.168.1.1
     area 0.0.0.0
    !
    int vlan 19
     ipv6 address 2001:db8:beef:19::1/64
     ! Host facing SVIs should utilize GUA IP
    !
    router bgp 65001
     bgp router-id 192.168.1.1
     neighbor fd25:bccf:1ffa:100::2 remote-as 65001
     neighbor fd25:bccf:1ffa:100::2 update-source loopback 0
     neighbor fd25:bccf:1ffa:100::3 remote-as 65001
     neighbor fd25:bccf:1ffa:100::3 update-source loopback 0
     address-family ipv6 unicast
     neighbor fd25:bccf:1ffa:100::2 activate
     neighbor fd25:bccf:1ffa:100::3 activate
     network 2001:db8:beef:19::/64
     network 2001:db8:beef::1/128
     ! IPv6 host subnet and loopback1 GUA advertised into BGP


    Switch2
    ==========
    interface 1/1/49
     no shutdown
     ipv6 address link-local
     ipv6 ospfv3 1 area 0.0.0.0
    !
    interface 1/1/50
     no shutdown
     ipv6 address link-local
     ipv6 ospfv3 1 area 0.0.0.0
    !
    interface loopback 0
     ip address 192.168.1.2/32
     ipv6 address fd25:bccf:1ffa:100::2/128
     ipv6 ospfv3 1 area 0.0.0.0
    !
    router ospfv3 1
     router-id 192.168.1.2
     area 0.0.0.0
    !
    router bgp 65001
     bgp router-id 192.168.1.2
     neighbor fd25:bccf:1ffa:100::1 remote-as 65001
     neighbor fd25:bccf:1ffa:100::1 update-source loopback 0
     neighbor fd25:bccf:1ffa:100::3 remote-as 65001
     neighbor fd25:bccf:1ffa:100::3 update-source loopback 0
     address-family ipv6 unicast
      neighbor fd25:bccf:1ffa:100::1 activate
      neighbor fd25:bccf:1ffa:100::3 activate



    Switch3
    ==========
    interface 1/1/4
     no shutdown
     ipv6 address link-local
     ipv6 ospfv3 1 area 0.0.0.0
    !
    interface loopback 0
     ip address 192.168.1.3/32
     ipv6 address fd25:bccf:1ffa:100::3/128
     ipv6 ospfv3 1 area 0.0.0.0
    !
    router ospfv3 1
     router-id 192.168.1.3
     area 0.0.0.0
    !
    int vlan 20
     ipv6 address 2001:db8:beef:20::1/64
     ! Host facing SVIs should utilize GUA IP.
    !
    router bgp 65001
     bgp router-id 192.168.1.3
     neighbor fd25:bccf:1ffa:100::1 remote-as 65001
     neighbor fd25:bccf:1ffa:100::1 update-source loopback 0
     neighbor fd25:bccf:1ffa:100::2 remote-as 65001
     neighbor fd25:bccf:1ffa:100::2 update-source loopback 0
     address-family ipv6 unicast
      neighbor fd25:bccf:1ffa:100::1 activate
      neighbor fd25:bccf:1ffa:100::2 activate
      network 2001:db8:beef:20::/64
      ! IPv6 host subnet advertised into BGP


    As seen below, the routing table looks correct, remote GUAs are learnt via BGP and ULAs are learnt via OSPFv3.
    Switch3# sh ipv6 rou

    Displaying ipv6 routes selected for forwarding

    Origin Codes: C - connected, S - static, L - local
    R - RIP, B - BGP, O - OSPF
    Type Codes: E - External BGP, I - Internal BGP, V - VPN, EV - EVPN
    IA - OSPF internal area, E1 - OSPF external type 1
    E2 - OSPF external type 2

    VRF: default

    Prefix                                      Nexthop                                           Interface        VRF(egress)           Origin/           Distance/        Age
                                                                                                                                                                    Type Metric
    ---------------------------------------------------------------------------------------------------------------------------------------------------------
    2001:db8:beef::1/128          fe80::9020:c201:c8ba:d800           1/1/4               -                              B/I                 [200/0]            22h:25m:27s
    2001:db8:beef:19::/64         fe80::9020:c201:c8ba:d800           1/1/4               -                              B/I                 [200/0]            22h:25m:27s
    2001:db8:beef:20::/64         -                                                         vlan20             -                             C                    [0/0]                 -
    2001:db8:beef:20::1/128     -                                                        vlan20              -                             L                    [0/0]                 -
    fd25:bccf:1ffa:100::1/128    fe80::9020:c201:c8ba:d800           1/1/4                -                             O                   [110/2]            22h:49m:49s
    fd25:bccf:1ffa:100::2/128    fe80::9020:c201:c8ba:d800           1/1/4                -                             O                   [110/1]            22h:49m:49s
    fd25:bccf:1ffa:100::3/128    -                                                        loopback0        -                             L                    [0/0]                -

    Total Route Count : 7



    Network connectivity between ULA IPs on loopbacks work as expected.
    Switch3# ping6 fd25:bccf:1ffa:100::1 source fd25:bccf:1ffa:100::3
    PING fd25:bccf:1ffa:100::1(fd25:bccf:1ffa:100::1) from fd25:bccf:1ffa:100::3 : 100 data bytes
    108 bytes from fd25:bccf:1ffa:100::1: icmp_seq=1 ttl=63 time=0.179 ms
    108 bytes from fd25:bccf:1ffa:100::1: icmp_seq=2 ttl=63 time=0.180 ms



    Network connectivity between GUA subnets work as expected even though the network infrastructure between switches is ULA!
    Switch3# ping6 2001:db8:beef::1 source 2001:db8:beef:20::1
    PING 2001:db8:beef::1(2001:db8:beef::1) from 2001:db8:beef:20::1 : 100 data bytes
    108 bytes from 2001:db8:beef::1: icmp_seq=1 ttl=63 time=0.178 ms
    108 bytes from 2001:db8:beef::1: icmp_seq=2 ttl=63 time=0.211 ms


    Switch3# ping6 2001:db8:beef:19::1 source 2001:db8:beef:20::1
    PING 2001:db8:beef:19::1(2001:db8:beef:19::1) from 2001:db8:beef:20::1 : 100 data bytes
    108 bytes from 2001:db8:beef:19::1: icmp_seq=1 ttl=63 time=0.187 ms
    108 bytes from 2001:db8:beef:19::1: icmp_seq=2 ttl=63 time=0.182 ms



    If you have questions, let's discuss!

    ------------------------------
    DWan
    ------------------------------