Home | About | Connecting

OCCAID T.Bone Initiative

<-
OCCAID > Lobby > IPv6 BGP Setup Tutorial

IPv6 BGP Setup Tutorial

Here, we will give a quick rundown of what one needs to type to get an IPv6 BGP session going. Note that most of these actually don't have much to do with IPv6 at all -- they are aimed at your general BGP, internetwork routing knowledge. So if you are struggling with BGP in regular IPv4, it is recommended that you do some study in general first before attempting it in IPv6. There are two types of IPv6 arrangements with OCCAID: native and tunnel. Tunnel is the most common as it costs nothing to the end user, but as far as configuration of BGP protocol goes, tunnel and native have no relevance in the scope of the routing protocol configuration.

In this tutorial, we will be covering Cisco, Zebra/Quagga, Juniper and TowardEX PacketOS router syntax. We will probably add more vendors as needed -- let us know at db-admin [at] cnacs.occaid.org if you want other vendor support.

top

Step 1. Gather needed information.

Interface address and site prefix

We need to know the address of the interface that you use to connect to OCCAID. This interface is NOT your LAN interface, and should not be. This interface should be the uplink interface, whether it is native ethernet or tunnel, that is used to interface with an OCCAID POP router. Furthermore, if this is a tunnel, please do not try to configure BGP session over the IPv4 end point addresses. If you do, you will need to go back to IP Tunneling 101 by doing some google searches and reading the needed manuals.

On the OCCAID network, we allocate tunnels and native hand off addresses by using /64 subnets. The ::1 at the end is always the OCCAID router that you connect to, and ::2 at the end is always your router of the demarc. So for example, if the subnet is 3ffe:401d:1f00:baa::/64, then 3ffe:401d:1f00:baa::2 is the address you should have configured on your router, and 3ffe:401d:1f00:baa::1 is what would be configured at the OCCAID end.

Also, the /48 that you receive from us, or the /32 or other variable sizes you receive from the RIR (i.e. ARIN) is called a site prefix (technically, it's called TLA or NLA, depending on what type of prefix, but for this tutorial, we will just call it site prefix.) For this example, we will assume 3ffe:401d:3133::/48 is your site prefix.

Peering/neighbor addresses

Since BGP is a TCP-based protocol, we must specify the peer's IP address for BGP to establish the adjacency. We are going to continue using our /64 example above. So in our case, since 3ffe:401d:1f00:baa::2 is your router, the remote neighbor address, or the peering address for you will be 3ffe:401d:1f00:baa::1 (OCCAID router).

AS Number

Your router needs to speak BGP using the Autonomous System number (ASN) assigned to your organization. If you have your own AS number assigned by your acting RIR (e.g. ARIN, RIPE-NCC, LACNIC, APNIC, etc), you can use that to speak BGP with us. Otherwise, you should email occaid at cnacs.occaid.org and request a private AS number. For the purpose of this tutorial, we will assume that your AS number is AS64512 as an example. Do NOT blindly use this AS number just because it is shown as example! Please read.

top

Step 2. Turn up the session

Cisco, Zebra, Quagga Configuration

Define IPv6 neighbor relationship in the BGP configuration area

The no neighbor xx:xx:xx:xx::xx activate under router bgp 64512 section indicates that we are not running IPv4 peering over this peer. You should always do this unless you have a special configuration otherwise.

 

!
router bgp 64512
 neighbor 3ffe:401d:1f00:baa::1 remote-as 30071
 neighbor 3ffe:401d:1f00:baa::1 description Ethernet to OCCAID Boston
 no neighbor 3ffe:401d:1f00:baa::1 activate
!

Enable IPv6 Unicast MBGP

Now define the IPv6 peering neighbor relationship under the address-family ipv6 context. Then, advertise your site prefix by using the network command.

address-family ipv6
 network 3ffe:401d:3133::/48
 neighbor 3ffe:401d:1f00:baa::1 activate
 neighbor 3ffe:401d:1f00:baa::1 prefix-list To-Occaid out

Setup Blackhole Route

BGP by default should not advertise a network if there is no route for it in the existing routing table (although this is not the case with Quagga and Zebra, but it is in Cisco and other vendors). So as a best current practice, we will route the prefix to a blackhole interface. Note that we are only routing the assigned boundary (called "aggregate") of your prefix, which is /48. Any routes that are more specific, such as /64's within your network will not be blackholed as long as respective routes are properly showing up in your routing table.

ipv6 route 3ffe:401d:3133::/48 Null0

Juniper Configuration

Define IPv6 neighbor relationship in the BGP configuration area

Easiest way to do this is to setup a new group under protocols bgp context.

[edit protocols bgp]

group OCCAIDv6 {
  type external;
  export To-Occaid;
  family inet6 {
     any;
  }
  peer-as 30071;
  neighbor 3ffe:401d:1f00:baa::1 {
    description "Ethernet to OCCAID IPv6";
  }
}

Setup Blackhole Route

BGP by default should not advertise a network if there is no route for it in the existing routing table (although this is not the case with Quagga and Zebra, but it is in Cisco and other vendors). So as a best current practice, we will route the prefix to a blackhole interface. Note that we are only routing the assigned boundary (called "aggregate") of your prefix, which is /48. Any routes that are more specific, such as /64's within your network will not be blackholed as long as respective routes are properly showing up in your routing table. You can do this under routing-options context. Also note that by defining the route here, BGP will automatically advertise it to the configured peers.

rib inet6.0 {
 static {
   rib-group IF6-RG6;
   route 3ffe:401d:3133::0/48 discard install readvertise;
 }

PacketOS Configuration

Define neighbor and advertise network

PacketOS syntax is similar to Juniper, because of derivation from XORP Define IPv6 neighbor relationship in the BGP configuration area, and advertise your NLA site prefix. Easiest way to do this is to setup a new group under protocols bgp context.

[edit protocols bgp]

family inet6 {
  network 3ffe:401d:3133::/48;
}

group OCCAIDv6 {
  type external;
  export [ To-Occaid ];
  family inet6;
  peer-as 30071;
  send-community both;
  neighbor 3ffe:401d:1f00:baa::1 {
    description "Ethernet to OCCAID IPv6";
  }
}

Setup Blackhole Route

BGP by default should not advertise a network if there is no route for it in the existing routing table (although this is not the case with Quagga and Zebra, but it is in Cisco and other vendors). So as a best current practice, we will route the prefix to a blackhole interface. Note that we are only routing the assigned boundary (called "aggregate") of your prefix, which is /48. Any routes that are more specific, such as /64's within your network will not be blackholed as long as respective routes are properly showing up in your routing table. You can do this under protocols static context. 

[edit protocols static]

family inet6 {
  route 3ffe:401d:3133::/48 discard;
}

top

Step 3. Secure your BGP session

Cisco, Zebra, Quagga Configuration

Setup Prefix-list

You should always filter the routes that you advertise to your upstream(s), whether it be us or anybody else. Typos can always happen, and don't expect your remote peer to always filter -- they can make mistakes too.

ipv6 prefix-list To-Occaid permit 3ffe:401d:3133::/48

Juniper Configuration

Setup Policy-statement

You should always filter the routes that you advertise to your upstream(s), whether it be us or anybody else. Typos can always happen, and don't expect your remote peer to always filter -- they can make mistakes too. You can do this under the policy-options context.

[edit policy-options]

policy-statement To-Occaid {
  term 1 {
    from route-filter 3ffe:401d:3133::0/48 exact;
    then next-hop self accept;
  } term 2 {
    then reject;
  }
}

PacketOS Configuration

Setup Policy-statement

Again, similar to Juniper configuration, but you will need to do this under edit policies context.

[edit policies]

statement To-Occaid {
  step 1 {
    if prefix-list {
      family inet6 {
        3ffe:401d:3133::/48;
      }
    }
    then {
      next-hop self;
      accept;
    }
  }
  step 2 {
    then reject;
  }
}

top

Verifying and Final Configuration

Verifying..

So this is it, you are all set. To verify the status of your BGP configuration, issue show bgp ipv6 sum if using Cisco and the-like. If using Juniper, issue show bgp summary. You should see a number between 400 to 600 under State/PfxRcd (Under Juniper, that is under State|#Active/Received/Damped...), which means number of routes received from the particular peer. If it is stuck sitting at Active, Connect, or Idle, give it a minute or two. If it is still stuck in such states, that means either configuration is broken somewhere, could be your end or OCCAID end, or there is a connectivity problem. First, make sure you can ping6 the OCCAID router. You should do as much troubleshooting as you can first, before emailing the occaid mailing list for assistance. If everything is still not looking good and you are not sure why after doing all the troubleshooting you can, email occaid at cnacs.occaid.org.

Cisco, Zebra, Quagga Final Configuration

!
router bgp 64512
 neighbor 3ffe:401d:1f00:baa::1 remote-as 30071
 neighbor 3ffe:401d:1f00:baa::1 description Ethernet to OCCAID IPv6
 no neighbor 3ffe:401d:1f00:baa::1 activate
!
 address-family ipv6
  network 3ffe:401d:3133::/48
  neighbor 3ffe:401d:1f00:baa::1 activate
  neighbor 3ffe:401d:1f00:baa::1 prefix-list To-Occaid out
  exit-address-family
!
ipv6 route 3ffe:401d:3133::/48 Null0
!
ipv6 prefix-list To-Occaid permit 3ffe:401d:3133::/48
!

Juniper Final Configuration

[edit]

policy-options {
 policy-statement To-Occaid {
   term 1 {
     from route-filter 3ffe:401d:3133::0/48 exact;
     then next-hop self accept;
   } term 2 {
     then reject;
   }
 }
}

routing-options {
 autonomous-system 64512;
 rib inet6.0 {
   static {
     rib-group IF6-RG6;
     route 3ffe:401d:3133::0/48 discard install readvertise;
   }
 }
}

protocols {
 bgp {
  group OCCAIDv6 {
    type external;
    export To-Occaid;
    family inet6 {
       any;
    }
    peer-as 30071;
    neighbor 3ffe:401d:1f00:baa::1 {
      description "Ethernet to OCCAID IPv6";
    }
  }
 }
}

PacketOS Final Configuration

[edit]

policies {
 statement To-Occaid {
   step 1 {
     if prefix-list {
       family inet6 {
         3ffe:401d:3133::/48;
       }
     }
     then {
       next-hop self;
       accept;
     }
   }
   step 2 {
     then reject;
   }
 }
}

routing-options {
 autonomous-system 64512;
}

protocols {
  static {
    family inet6 {
      route 3ffe:401d:3133::/48 discard;
    }
  }

  bgp {
    family inet6 {
      network 3ffe:401d:3133::/48;
    }

    group OCCAIDv6 {
      type external;
      export [ To-Occaid ];
      family inet6;
      peer-as 30071;
      send-community both;
      neighbor 3ffe:401d:1f00:baa::1 {
        description "Ethernet to OCCAID IPv6";
      }
    }
  }
}

top

More Information

OCCAID: Registering objects in the routing registry
Cisco: IPv6 Technical Support
Juniper: IPv6 Technical Support
RFC1771: A Border Gateway Protocol 4 (BGP-4)
RFC2283: Multiprotocol Extensions for BGP-4
RFC2545: Use of BGP-4 Multiprotocol Extension for IPv6 Inter-Domain Routing
RFC2460: Internet Protocol, Version 6 (IPv6) Specification