Route map to change next hop (IPv6 over IPv4 BGP Session)

Étienne · ‎11-30-2021

In the ENARSI Official Cert Guide, about IPv6 over IPv4 BGP Session and route map that changes the next hop to a valid IPv6 address, it is written "Now, be very careful with this. It has to be done on the router advertising the route, not on the router receiving the route." with emphasis (page 585).

I understand exactly the need for this route map, but I do not understand why it would only work on the router advertising the route and not on the router receiving the route. Is it supposed to be a recommendation for a best practice ? Or are there technical reasons for this emphasis ?

With some thoughts, you may not want other organizations to have to handle this next-hop manipulation in case of eBGP, though it can be discussed between network admins. In case of iBGP, it seems to be easier to write a re-usable route-map on the router advertising the route to multiple iBGP peers. So it sounds like a best practice in both cases.

I tried a small lab with these configs, it seems to be working as expected (R1 and R2 directly connected on both G0/0).

    R1 config
    	hostname R1
    	ipv6 unicast-routing
    	interface Loopback0
    	 ip address 1.1.1.1 255.255.255.255
    	!
    	interface GigabitEthernet0/0
    	 ip address 10.0.12.1 255.255.255.252
    	 duplex auto
    	 speed auto
    	 media-type rj45
    	 ipv6 address 2001:CAFE:12::1/64
    	!
    	router bgp 65501
    	 bgp log-neighbor-changes
    	 neighbor 2.2.2.2 remote-as 65502
    	 neighbor 2.2.2.2 ebgp-multihop 2
    	 neighbor 2.2.2.2 password CISCO
    	 neighbor 2.2.2.2 update-source Loopback0
    	 !
    	 address-family ipv4
    	  no neighbor 2.2.2.2 activate
    	 exit-address-family
    	 !
    	 address-family ipv6
    	  network 2001:DB8:1::/64
    	  neighbor 2.2.2.2 activate
    	  neighbor 2.2.2.2 soft-reconfiguration inbound
    	  neighbor 2.2.2.2 route-map CHANGE_NH in
    	 exit-address-family
    	!
    	ip route 2.2.2.2 255.255.255.255 GigabitEthernet0/0 10.0.12.2
    	route-map CHANGE_NH permit 10
    	 set ipv6 next-hop 2001:CAFE:12::2
    	!

    R2 config
    	hostname R2
    	ipv6 unicast-routing
    	interface Loopback0
    	 ip address 2.2.2.2 255.255.255.255
    	!
    	interface Loopback1
    	 no ip address
    	 ipv6 address 2001:DB8:2::1/64
    	!
    	interface GigabitEthernet0/0
    	 ip address 10.0.12.2 255.255.255.252
    	 duplex auto
    	 speed auto
    	 media-type rj45
    	 ipv6 address 2001:CAFE:12::2/64
    	!
    	router bgp 65502
    	 bgp log-neighbor-changes
    	 neighbor 1.1.1.1 remote-as 65501
    	 neighbor 1.1.1.1 ebgp-multihop 2
    	 neighbor 1.1.1.1 password CISCO
    	 neighbor 1.1.1.1 update-source Loopback0
    	 !
    	 address-family ipv4
    	  no neighbor 1.1.1.1 activate
    	 exit-address-family
    	 !
    	 address-family ipv6
    	  network 2001:DB8:2::/64
    	  neighbor 1.1.1.1 activate
    	 exit-address-family
    	!
    	ip route 1.1.1.1 255.255.255.255 GigabitEthernet0/0 10.0.12.1

    R2#sh bgp ipv6 unicast neighbors 1.1.1.1 advertised-routes 
    BGP table version is 2, local router ID is 2.2.2.2
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
                  r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
                  x best-external, a additional-path, c RIB-compressed, 
    Origin codes: i - IGP, e - EGP, ? - incomplete
    RPKI validation codes: V valid, I invalid, N Not found
     
         Network          Next Hop            Metric LocPrf Weight Path
     *>  2001:DB8:2::/64  ::                       0         32768 i
     
    Total number of prefixes 1 
    R2#
     
    R1#sh ipv6 route
    IPv6 Routing Table - default - 4 entries
    Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
           B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
           H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
           IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
           ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
           RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
           OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
           la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
           lA - LISP away, a - Application
    B   2001:DB8:2::/64 [20/0]
         via 2001:CAFE:12::2
    C   2001:CAFE:12::/64 [0/0]
         via GigabitEthernet0/0, directly connected
    L   2001:CAFE:12::1/128 [0/0]
         via GigabitEthernet0/0, receive
    L   FF00::/8 [0/0]
         via Null0, receive
     
    R1#sh bgp ipv6 unicast 
    BGP table version is 2, local router ID is 1.1.1.1
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
                  r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
                  x best-external, a additional-path, c RIB-compressed, 
    Origin codes: i - IGP, e - EGP, ? - incomplete
    RPKI validation codes: V valid, I invalid, N Not found
     
         Network          Next Hop            Metric LocPrf Weight Path
     *>  2001:DB8:2::/64  2001:CAFE:12::2          0             0 65502 i
    R1#
     
     
    R1#ping 2001:db8:2::1                                  
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 2001:DB8:2::1, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
    R1#
    (On R2, multiple syslogs with debug ipv6 icmp :
    *Nov 27 21:09:22.593: ICMPv6: Received echo request, src=2001:CAFE:12::1, Dst=2001:DB8:2::1
    *Nov 27 21:09:22.593: ICMPv6: Sent echo reply, src=2001:DB8:2::1, Dst=2001:CAFE:12::1
    )