The objective of this post is to help understand and discuss AOS-CX IPv6 - Unique Local Addresses/ULA.
We covered AOS-CX IPv6 - IPv6 address types, Link Local Addresses, solicited-node multicast addresses, duplicate address detection, ICMPv6 Neighbor Solicitation/NS, GUA for BGP peering, GUA for inter subnet connectivity previously in
https://community.arubanetworks.com/discussion/aos-cx-ipv6-link-local-addresseshttps://community.arubanetworks.com/discussion/aos-cx-ipv6-link-local-addresses-part-2https://community.arubanetworks.com/discussion/aos-cx-ipv6-global-unicast-addressesLet's move onto ULA for network infrastructure usage.
- It's possible to utilize the ULA fd00::/8 range from the larger fc00::/7 range for network infrastructure usage
- In the event of network merges or GUA changes in future, using ULA for the network infrastructure portion can help minimize GUA renumbering since you only need to make changes to affected interfaces
- GUA will still be used for subnets with IPv6 hosts
- Since an interface can support multiple IPv6 addresses, GUA IPs can also be added to portions of the network infrastructure if desired
- RFC 4193 states a pseudo-random algorithm to generate Global IDs should be used, we recommend an ULA generator (www.ip-six.de is an example)
We will use the above topology and OSPFv3/IBGP in our example.
OSPFv3 will be used to route ULAs for network infrastructure, while IBGP will be used to route GUAs for hosts.
IBGP peering makes use of ULAs.
BGP will help provide the ability for GUA route filtering when advertising routes to a different administrative domain.
As OSPFv3/BGP requires an IPv4 router ID, each switch has Lo0 with a /32 IPv4 address assigned to it for this purpose.
ULA /128 IPv6 addresses are added to the same loopbacks for IBGP peering between the switches.
Here are switch configs.
Switch1
==========
interface 1/1/4
no shutdown
ipv6 address link-local
ipv6 ospfv3 1 area 0.0.0.0
!
interface loopback 0
ip address 192.168.1.1/32
ipv6 address fd25:bccf:1ffa:100::1/128
ipv6 ospfv3 1 area 0.0.0.0
! ULA in Lo0
! Let's assume GUA is also required on Switch1, as we are using lo0 as BGP peering source, we will need to add another loopback for the GUA
!
interface loopback 1
ipv6 address 2001:db8:beef::1/128
! GUA in Lo1
!
router ospfv3 1
router-id 192.168.1.1
area 0.0.0.0
!
int vlan 19
ipv6 address 2001:db8:beef:19::1/64
! Host facing SVIs should utilize GUA IP
!
router bgp 65001
bgp router-id 192.168.1.1
neighbor fd25:bccf:1ffa:100::2 remote-as 65001
neighbor fd25:bccf:1ffa:100::2 update-source loopback 0
neighbor fd25:bccf:1ffa:100::3 remote-as 65001
neighbor fd25:bccf:1ffa:100::3 update-source loopback 0
address-family ipv6 unicast
neighbor fd25:bccf:1ffa:100::2 activate
neighbor fd25:bccf:1ffa:100::3 activate
network 2001:db8:beef:19::/64
network 2001:db8:beef::1/128
! IPv6 host subnet and loopback1 GUA advertised into BGP
Switch2
==========
interface 1/1/49
no shutdown
ipv6 address link-local
ipv6 ospfv3 1 area 0.0.0.0
!
interface 1/1/50
no shutdown
ipv6 address link-local
ipv6 ospfv3 1 area 0.0.0.0
!
interface loopback 0
ip address 192.168.1.2/32
ipv6 address fd25:bccf:1ffa:100::2/128
ipv6 ospfv3 1 area 0.0.0.0
!
router ospfv3 1
router-id 192.168.1.2
area 0.0.0.0
!
router bgp 65001
bgp router-id 192.168.1.2
neighbor fd25:bccf:1ffa:100::1 remote-as 65001
neighbor fd25:bccf:1ffa:100::1 update-source loopback 0
neighbor fd25:bccf:1ffa:100::3 remote-as 65001
neighbor fd25:bccf:1ffa:100::3 update-source loopback 0
address-family ipv6 unicast
neighbor fd25:bccf:1ffa:100::1 activate
neighbor fd25:bccf:1ffa:100::3 activate
Switch3
==========
interface 1/1/4
no shutdown
ipv6 address link-local
ipv6 ospfv3 1 area 0.0.0.0
!
interface loopback 0
ip address 192.168.1.3/32
ipv6 address fd25:bccf:1ffa:100::3/128
ipv6 ospfv3 1 area 0.0.0.0
!
router ospfv3 1
router-id 192.168.1.3
area 0.0.0.0
!
int vlan 20
ipv6 address 2001:db8:beef:20::1/64
! Host facing SVIs should utilize GUA IP.
!
router bgp 65001
bgp router-id 192.168.1.3
neighbor fd25:bccf:1ffa:100::1 remote-as 65001
neighbor fd25:bccf:1ffa:100::1 update-source loopback 0
neighbor fd25:bccf:1ffa:100::2 remote-as 65001
neighbor fd25:bccf:1ffa:100::2 update-source loopback 0
address-family ipv6 unicast
neighbor fd25:bccf:1ffa:100::1 activate
neighbor fd25:bccf:1ffa:100::2 activate
network 2001:db8:beef:20::/64
! IPv6 host subnet advertised into BGP
As seen below, the routing table looks correct, remote GUAs are learnt via BGP and ULAs are learnt via OSPFv3.
Switch3# sh ipv6 rou
Displaying ipv6 routes selected for forwarding
Origin Codes: C - connected, S - static, L - local
R - RIP, B - BGP, O - OSPF
Type Codes: E - External BGP, I - Internal BGP, V - VPN, EV - EVPN
IA - OSPF internal area, E1 - OSPF external type 1
E2 - OSPF external type 2
VRF: default
Prefix Nexthop Interface VRF(egress) Origin/ Distance/ Age
Type Metric
---------------------------------------------------------------------------------------------------------------------------------------------------------
2001:db8:beef::1/128 fe80::9020:c201:c8ba:d800 1/1/4 - B/I [200/0] 22h:25m:27s
2001:db8:beef:19::/64 fe80::9020:c201:c8ba:d800 1/1/4 - B/I [200/0] 22h:25m:27s
2001:db8:beef:20::/64 - vlan20 - C [0/0] -
2001:db8:beef:20::1/128 - vlan20 - L [0/0] -
fd25:bccf:1ffa:100::1/128 fe80::9020:c201:c8ba:d800 1/1/4 - O [110/2] 22h:49m:49s
fd25:bccf:1ffa:100::2/128 fe80::9020:c201:c8ba:d800 1/1/4 - O [110/1] 22h:49m:49s
fd25:bccf:1ffa:100::3/128 - loopback0 - L [0/0] -
Total Route Count : 7
Network connectivity between ULA IPs on loopbacks work as expected.
Switch3# ping6 fd25:bccf:1ffa:100::1 source fd25:bccf:1ffa:100::3
PING fd25:bccf:1ffa:100::1(fd25:bccf:1ffa:100::1) from fd25:bccf:1ffa:100::3 : 100 data bytes
108 bytes from fd25:bccf:1ffa:100::1: icmp_seq=1 ttl=63 time=0.179 ms
108 bytes from fd25:bccf:1ffa:100::1: icmp_seq=2 ttl=63 time=0.180 ms
Network connectivity between GUA subnets work as expected even though the network infrastructure between switches is ULA!
Switch3# ping6 2001:db8:beef::1 source 2001:db8:beef:20::1
PING 2001:db8:beef::1(2001:db8:beef::1) from 2001:db8:beef:20::1 : 100 data bytes
108 bytes from 2001:db8:beef::1: icmp_seq=1 ttl=63 time=0.178 ms
108 bytes from 2001:db8:beef::1: icmp_seq=2 ttl=63 time=0.211 ms
Switch3# ping6 2001:db8:beef:19::1 source 2001:db8:beef:20::1
PING 2001:db8:beef:19::1(2001:db8:beef:19::1) from 2001:db8:beef:20::1 : 100 data bytes
108 bytes from 2001:db8:beef:19::1: icmp_seq=1 ttl=63 time=0.187 ms
108 bytes from 2001:db8:beef:19::1: icmp_seq=2 ttl=63 time=0.182 ms
If you have questions, let's discuss!
------------------------------
DWan
------------------------------