Solved: IPv4 eBGP Peering with IPv6 AFI+SAFI on XR

tumarha · ‎01-05-2017

Dear All

I try to test to enable IPv6 route exchange with IPv4 Neighbor address by enable "address-family ipv6 unicast" under Neighbor IPv4. I am using XR 6.0.1. I found some problem that Next-Hop Address on eBGP route is incorret.

[IOS XE ] <-bgp> [XR]

######### Configuration on XE ###########

router bgp 1002
template peer-policy eBGP-Pol
send-community both
exit-peer-policy
!
template peer-policy eBGPv6-Pol
send-community both
exit-peer-policy
!
template peer-session eBGP
remote-as 2
exit-peer-session
!
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.69.9 inherit peer-session eBGP
!
address-family ipv4
network 2.2.0.6 mask 255.255.255.255
neighbor 2.2.69.9 activate
neighbor 2.2.69.9 inherit peer-policy eBGP-Pol
exit-address-family
!
address-family ipv6
network 2002:2:2::6/128
neighbor 2.2.69.9 activate
neighbor 2.2.69.9 inherit peer-policy eBGPv6-Pol
exit-address-family

######### Configuration on XR ###########

router bgp 2
bgp router-id 2.2.0.9
address-family ipv4 unicast
network 2.2.0.9/32
!
address-family ipv6 unicast
network 2002:2:2::9/128
!
af-group eBGP-Pol address-family ipv4 unicast
route-policy PASS in
route-policy PASS out
!
af-group eBGP-Polv6 address-family ipv6 unicast
route-policy PASS in
route-policy PASS out
!
session-group eBGP
remote-as 1002
!
address-family ipv6 unicast
use af-group iBGPv6-Pol
!
!
neighbor 2.2.69.6
use session-group eBGP
address-family ipv4 unicast
use af-group eBGP-Pol
!
address-family ipv6 unicast
use af-group eBGP-Polv6
!
!
!

On IOS XE, it look fine, BGP routes and Routing Table look ok

R6#show bgp ipv6 unicast
BGP table version is 53, local router ID is 2.2.0.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 2002:2:2::6/128 :: 0 32768 i
*> 2002:2:2::9/128 2002:2:2:69::9 0 0 2 i

R6#show ipv6 route bgp
IPv6 Routing Table - default - 8 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
NDr - Redirect, RL - RPL, O - OSPF Intra, OI - OSPF Inter
OE1 - OSPF ext 1, OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1
ON2 - OSPF NSSA ext 2, la - LISP alt, lr - LISP site-registrations
ld - LISP dyn-eid, a - Application

B 2002:2:2::9/128 [20/0]
via FE80::F816:3EFF:FE3F:1E5D, GigabitEthernet2

However on XR, BGP route is ok but when it install into routing table, next-hop address look strange,

RP/0/0/CPU0:R9#show bgp ipv6 unicast
Fri Jan 6 06:11:37.164 UTC
BGP router identifier 2.2.0.9, local AS number 2
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0800000 RD version: 41
BGP main routing table version 41
BGP NSR Initial initsync version 2 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 2002:2:2::6/128 2.2.69.6 0 0 1002 i
*> 2002:2:2::9/128 :: 0 32768 i

RP/0/0/CPU0:R9#show route ipv6 bgp
Fri Jan 6 06:12:17.721 UTC

B 2002:2:2::6/128
[20/0] via ::ffff:2.2.69.6 (nexthop in vrf default), 00:14:53 <=======

Next-hop address is wrong (::ffff:2.2.69.6) and it doesn't look like IPv6 format.

Anyone, can you have any advice, what do I do wrong or is it bug? Please help to kindly advice. Thanks.

Best regards

Tumarha

blau grana · ‎01-07-2017

Hi Tumarha,

Reason why you see "strange" next hop is different default behaviour of XR and XE OS.

When you advertise IPv6 prefix over IPv4 session on XR, XR is by default changing next-hop of advertised prefixes to IPv6 address of interface which is used to reach BGP peer. There is also prerequisite for BGP session to even come up:

you need to have IPv6 address configured on interface which is used to reach IPv4 peer otherwise XR is not able to perform default next-hop conversion and session will not come UP!

This is the reason why everything seems OK on XE side because of XR default operation of changing next-hop.

On other hand XE default behaviour is different. XE needs to assign IPv6 next hop to prefixes advertised to peer but only IPv4 address is specified. So IPv4 address 2.2.69.6 is converted to IPv4-mapped IPv6 address, which is ::ffff:2.2.69.6. Then all prefixes advertised from XE are advertised with this "special next-hop".

That's why XR is seeing this address as next hop for prefixes received from XE.

You can change this behaviour with route-map:

ipv6 prefix-list LOCAL-PREFIX seq 5 permit 2002:2:2::6/128
route-map NEXT-HOP permit 10
 match ipv6 address prefix-list LOCAL-PREFIX
 set ipv6 next-hop 2000:2:2:69::6
!
router bgp 1002
 address-family ipv6
  neighbor 2.2.69.9 route-map NEXT-HOP out

then XR side should see:

RP/0/0/CPU0:ios#sh bgp ipv6 unicast | b Network
   Network            Next Hop            Metric LocPrf Weight Path
*> 2002:2:2::6/128    2000:2:2:69::6           0             0 1002 i
*> 2002:2:2::9/128    ::                       0         32768 i

RP/0/0/CPU0:ios#sh route ipv6 bgp              
B    2002:2:2::6/128 
      [20/0] via fe80::2b5:2ff:fe30:1700, 00:15:32, GigabitEthernet0/0/0/1

I hope this will help :)

Best Regards Please rate all helpful posts and close solved questions

View solution in original post

blau grana · ‎01-07-2017

Hi Tumarha,

Reason why you see "strange" next hop is different default behaviour of XR and XE OS.

When you advertise IPv6 prefix over IPv4 session on XR, XR is by default changing next-hop of advertised prefixes to IPv6 address of interface which is used to reach BGP peer. There is also prerequisite for BGP session to even come up:

you need to have IPv6 address configured on interface which is used to reach IPv4 peer otherwise XR is not able to perform default next-hop conversion and session will not come UP!

This is the reason why everything seems OK on XE side because of XR default operation of changing next-hop.

On other hand XE default behaviour is different. XE needs to assign IPv6 next hop to prefixes advertised to peer but only IPv4 address is specified. So IPv4 address 2.2.69.6 is converted to IPv4-mapped IPv6 address, which is ::ffff:2.2.69.6. Then all prefixes advertised from XE are advertised with this "special next-hop".

That's why XR is seeing this address as next hop for prefixes received from XE.

You can change this behaviour with route-map:

ipv6 prefix-list LOCAL-PREFIX seq 5 permit 2002:2:2::6/128
route-map NEXT-HOP permit 10
 match ipv6 address prefix-list LOCAL-PREFIX
 set ipv6 next-hop 2000:2:2:69::6
!
router bgp 1002
 address-family ipv6
  neighbor 2.2.69.9 route-map NEXT-HOP out

then XR side should see:

RP/0/0/CPU0:ios#sh bgp ipv6 unicast | b Network
   Network            Next Hop            Metric LocPrf Weight Path
*> 2002:2:2::6/128    2000:2:2:69::6           0             0 1002 i
*> 2002:2:2::9/128    ::                       0         32768 i

RP/0/0/CPU0:ios#sh route ipv6 bgp              
B    2002:2:2::6/128 
      [20/0] via fe80::2b5:2ff:fe30:1700, 00:15:32, GigabitEthernet0/0/0/1

I hope this will help :)

Best Regards Please rate all helpful posts and close solved questions

tumarha · ‎01-08-2017

Dear blau grana

Thank you very much for very good advice and explanation. It is really help me :)

Best regards

Wisit

blau grana · ‎01-07-2017

One more thing, there is even more interesting behaviour when IPv4 prefixes are advertised via IPv6 session.

Here is setup for IOS platform:

two routers directly connected with one IPv4 and one IPv6 BGP session
IPv4 session is used to advertised IPv6 prefixes
IPv6 session is used to advertise IPv4 prefixes

IOU1#sh run | s router bgp
router bgp 100
 neighbor 2001:DB8:192:168::2 remote-as 200
 neighbor 192.168.0.2 remote-as 200
 !
 address-family ipv4
  network 10.10.0.0 mask 255.255.255.0
  neighbor 2001:DB8:192:168::2 activate
  no neighbor 192.168.0.2 activate
 exit-address-family
 !
 address-family ipv6
  network 2001:DB8:10:10::/64
  neighbor 192.168.0.2 activate
 exit-address-family
-----
IOU2#sh run | s router bgp
router bgp 200
 neighbor 2001:DB8:192:168::1 remote-as 100
 neighbor 192.168.0.1 remote-as 100
 !
 address-family ipv4
  network 20.20.0.0 mask 255.255.255.0
  neighbor 2001:DB8:192:168::1 activate
  no neighbor 192.168.0.1 activate
 exit-address-family
 !
 address-family ipv6
  network 2001:DB8:20:20::/64
  neighbor 192.168.0.1 activate
 exit-address-family

Result:

IOU1#sh bgp ipv4 unicast | b Network
     Network          Next Hop            Metric LocPrf Weight Path
 *>  10.10.0.0/24     0.0.0.0                  0         32768 i
 *   20.20.0.0/24     32.1.13.184              0             0 200 i

IOU1#sh bgp ipv6 unicast | b Network
     Network          Next Hop            Metric LocPrf Weight Path
 *>  2001:DB8:10:10::/64
                       ::                       0         32768 i
 *   2001:DB8:20:20::/64
                       ::FFFF:192.168.0.2
                                                0             0 200 i

IOU2#sh bgp ipv4 unicast | b Network
     Network          Next Hop            Metric LocPrf Weight Path
 *   10.10.0.0/24     32.1.13.184              0             0 100 i
 *>  20.20.0.0/24     0.0.0.0                  0         32768 i

IOU2#sh bgp ipv6 unicast | b Network
     Network          Next Hop            Metric LocPrf Weight Path
 *   2001:DB8:10:10::/64
                       ::FFFF:192.168.0.1
                                                0             0 100 i
 *>  2001:DB8:20:20::/64
                       ::                       0         32768 i

Nothing new with IPv6 prefixes advertised via IPv4 session, IPv4-mapped IPv6 address is used as next-hop.

But look at strange next hop for IPv4 prefixes advertised via IPv6 session! Both routers are using 32.1.13.184 as next-hop.

IOS needs to assign IPv4 nex-hop for IPv4 prefix but only IPv6 peer address is specified so IOS will convert IPv6 to IPv4 address :) First 32 bits of IPv6 address used as source address to establish BGP session are converted to 32 bit IPv4 address.

IOU1 is using: 2001:DB8:192:168::1

IOU2 is using: 2001:DB8:192:168::1

First 32bits are for both routers same: 2001:DB8 and after conversion from HEX to DECIMAL->

HEX   DEC
20 ->  32
01 ->   1
0D ->  13
B8 -> 184

So the result of conversion is 32.1.13.184 which is exactly nex-hop which both routers are using.

This behaviour can also be modified with route-map, so don't forget to do it whenever you are advertising IPv4 prefixes over IPv6 session.

I assume that XE behaviour will be same but I was not able to test this behaviour with XR. Seems like XR is not supporting IPv4 unicast AF under IPv6 neighbour, maybe with newer version of XR this will be possible.

RP/0/0/CPU0:ios#sh ver
Cisco IOS XR Software, Version 5.3.0[Default]

RP/0/0/CPU0:ios(config)#router bgp 100
RP/0/0/CPU0:ios(config-bgp)# neighbor 2001:db8:192:168::2
RP/0/0/CPU0:ios(config-bgp-nbr)#address-family ?
  ipv6        IPv6 Address Family
  link-state  Link-state Address Family
RP/0/0/CPU0:ios(config-bgp-nbr)#address-family

P.S. I can't come up with sane motivation for Cisco guys to came up with idea of converting IPv6 address to IPv4 so if anyone have any clue please share your ideas with us.

Best Regards Please rate all helpful posts and close solved questions