11-30-2021 08:27 AM - edited 11-30-2021 08:28 AM
In the ENARSI Official Cert Guide, about IPv6 over IPv4 BGP Session and route map that changes the next hop to a valid IPv6 address, it is written "Now, be very careful with this. It has to be done on the router advertising the route, not on the router receiving the route." with emphasis (page 585).
I understand exactly the need for this route map, but I do not understand why it would only work on the router advertising the route and not on the router receiving the route. Is it supposed to be a recommendation for a best practice ? Or are there technical reasons for this emphasis ?
With some thoughts, you may not want other organizations to have to handle this next-hop manipulation in case of eBGP, though it can be discussed between network admins. In case of iBGP, it seems to be easier to write a re-usable route-map on the router advertising the route to multiple iBGP peers. So it sounds like a best practice in both cases.
I tried a small lab with these configs, it seems to be working as expected (R1 and R2 directly connected on both G0/0).
R1 config hostname R1 ipv6 unicast-routing interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface GigabitEthernet0/0 ip address 10.0.12.1 255.255.255.252 duplex auto speed auto media-type rj45 ipv6 address 2001:CAFE:12::1/64 ! router bgp 65501 bgp log-neighbor-changes neighbor 2.2.2.2 remote-as 65502 neighbor 2.2.2.2 ebgp-multihop 2 neighbor 2.2.2.2 password CISCO neighbor 2.2.2.2 update-source Loopback0 ! address-family ipv4 no neighbor 2.2.2.2 activate exit-address-family ! address-family ipv6 network 2001:DB8:1::/64 neighbor 2.2.2.2 activate neighbor 2.2.2.2 soft-reconfiguration inbound neighbor 2.2.2.2 route-map CHANGE_NH in exit-address-family ! ip route 2.2.2.2 255.255.255.255 GigabitEthernet0/0 10.0.12.2 route-map CHANGE_NH permit 10 set ipv6 next-hop 2001:CAFE:12::2 !
R2 config hostname R2 ipv6 unicast-routing interface Loopback0 ip address 2.2.2.2 255.255.255.255 ! interface Loopback1 no ip address ipv6 address 2001:DB8:2::1/64 ! interface GigabitEthernet0/0 ip address 10.0.12.2 255.255.255.252 duplex auto speed auto media-type rj45 ipv6 address 2001:CAFE:12::2/64 ! router bgp 65502 bgp log-neighbor-changes neighbor 1.1.1.1 remote-as 65501 neighbor 1.1.1.1 ebgp-multihop 2 neighbor 1.1.1.1 password CISCO neighbor 1.1.1.1 update-source Loopback0 ! address-family ipv4 no neighbor 1.1.1.1 activate exit-address-family ! address-family ipv6 network 2001:DB8:2::/64 neighbor 1.1.1.1 activate exit-address-family ! ip route 1.1.1.1 255.255.255.255 GigabitEthernet0/0 10.0.12.1
R2#sh bgp ipv6 unicast neighbors 1.1.1.1 advertised-routes BGP table version is 2, local router ID is 2.2.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 2001:DB8:2::/64 :: 0 32768 i Total number of prefixes 1 R2# R1#sh ipv6 route IPv6 Routing Table - default - 4 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1 OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid lA - LISP away, a - Application B 2001:DB8:2::/64 [20/0] via 2001:CAFE:12::2 C 2001:CAFE:12::/64 [0/0] via GigabitEthernet0/0, directly connected L 2001:CAFE:12::1/128 [0/0] via GigabitEthernet0/0, receive L FF00::/8 [0/0] via Null0, receive R1#sh bgp ipv6 unicast BGP table version is 2, local router ID is 1.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 2001:DB8:2::/64 2001:CAFE:12::2 0 0 65502 i R1# R1#ping 2001:db8:2::1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:2::1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms R1# (On R2, multiple syslogs with debug ipv6 icmp : *Nov 27 21:09:22.593: ICMPv6: Received echo request, src=2001:CAFE:12::1, Dst=2001:DB8:2::1 *Nov 27 21:09:22.593: ICMPv6: Sent echo reply, src=2001:DB8:2::1, Dst=2001:CAFE:12::1 )
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: