A small lab showing basic configuration of BGP between Cisco and HP (Comware v5). This is just something small we deploying recently, there is nothing grand here, only a minor configuration example to follow later when needed.
NOTE on HP Comware v5 vs newer Comware v7, I understand I am using older version of the operating system on HP devices, the point is that this article is using one of my real work projects where Comware v5 was used without possibility to upgrade. However ALL Ipv6 functions that we needed were provided already on this older Comware, and when I checked, Comware v7 variant of this LAB is only changing commands syntax (actually quite easy to convert from v5 to v7 only following the “?”), therefore this article will remain in Comware v5 and I believe many readers will take the principles and will have no problem to upgrade to Comware v7 on their own.
Lab Topology:
This is a simple topology that is trying to simulate a typical L3 Edge / Distribution / Access with several HP 5800 layer3 switches and Cisco 3750 is simulating a typical WAN provider with dual-homing access. Of course all with limits of my LAB equipment. The target is to have full routing between the IPv6 Loopback on HP L3 Access and two Loopbacks on Cisco side simulating WAN destinations.
LAB Topoplogy used to present IPv6 and BGP between HP Networking Comware v5 and Cisco IOS boxes
Part 1: Preparing cisco for IPv6
In my lab, I used my 3750 layer 3 switches. On these boxes, I had IPv6 support, but I needed to activate the IPv6 configurations via Switch Database Management (SDM) templates. This is something that controls resource allocation and by default doesn’t give any system resources to IPv6 functionality. To actually activate IPv6, you need to activate dual IPv4/IPv6 template and reload the switch. So we are going to do just that here:
3750# ip routing
3750# ip cef distributed
3750# show sdm prefer
The current template is "desktop default" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 6K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 8K
number of directly-connected IPv4 hosts: 6K
number of indirect IPv4 routes: 2K
number of IPv4 policy based routing aces: 0
number of IPv4/MAC qos aces: 0.75K
number of IPv4/MAC security aces: 1K
3750(config)#sdm prefer ?
access Access bias
default Default bias
dual-ipv4-and-ipv6 Support both IPv4 and IPv6
ipe IPe bias
routing Unicast bias
vlan VLAN bias
3750(config)#sdm prefer dual-ipv4-and-ipv6 ?
default Default bias
routing Unicast bias
vlan VLAN bias
3750(config)#sdm prefer dual-ipv4-and-ipv6 routing
Changes to the running SDM preferences have been stored, but cannot take effect
until the next reload.
Use 'show sdm prefer' to see what SDM preference is currently active.
3750(config)#do reloadand after reboot:
3750(config)#ipv6 unicast-routing 3750(config)#ipv6 cef
real config
T6_CiscoL3-2(config)#router bgp 64512 T6_CiscoL3-2(config-router)#bgp router-id 6.6.6.6 T6_CiscoL3-2(config-router)#no bgp default ipv4-unicast T6_CiscoL3-2(config-router)#neighbor 2a02:d200::0:1 remote-as 64512 T6_CiscoL3-2(config-router)#address-family ipv6 unicast T6_CiscoL3-2(config-router-af)#neighbor 2a02:d200::0:1 activate T6_CiscoL3-2(config-router-af)#network AAAA::2/128
after the same done on the oposite T5_CiscoL3-1, on T6 you can see the routes coming from the loopback:
T6_CiscoL3-2(config-router-af)#do sh ipv6 route
IPv6 Routing Table - Default - 5 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, D - EIGRP, EX - EIGRP external
ND - Neighbor Discovery
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C 2A02:D200::/126 [0/0]
via FastEthernet1/0/11, directly connected
L 2A02:D200::2/128 [0/0]
via FastEthernet1/0/11, receive
B AAAA::1/128 [200/0]
via 2A02:D200::1
LC AAAA::2/128 [0/0]
via Loopback0, receive
L FF00::/8 [0/0]
via Null0, receiveYou can also ping the BGP route for a test.
Step 2 – creating Cisco to HP BGP sessions
Cisco part T6 example:
T6_CiscoL3-1(config-router)#neighbor 2a02:d200::2:2 remote-as 65100 T6_CiscoL3-1(config-router)#address-family ipv6 T6_CiscoL3-1(config-router-af)#neighbor 2a02:d200::2:2 activate
H3C part TS4 example:
[TS4_HP5800]ipv6
[TS4_HP5800]ip vpn-instance IPv6DMZ
[TS4_HP5800-vpn-instance-IPv6DMZ]route-distinguisher 65100:65100
[TS4_HP5800-4]interface GigabitEthernet 1/0/22
[TS4_HP5800-GigabitEthernet1/0/22]ip binding vpn-instance IPv6DMZ
[TS4_HP5800-GigabitEthernet1/0/22]port link-mode route
[TS4_HP5800-GigabitEthernet1/0/22]ipv6 address 2a02:d200::2:2/126
[TS4_HP5800-GigabitEthernet1/0/22]ping ipv6 -vpn-instance IPv6DMZ 2a02:d200::2:1
PING 2a02:d200::1:1 : 56 data bytes, press CTRL_C to break
Reply from 2A02:D200::1:1
bytes=56 Sequence=1 hop limit=64 time = 40 ms
Reply from 2A02:D200::1:1
bytes=56 Sequence=2 hop limit=64 time = 6 ms
Reply from 2A02:D200::1:1
bytes=56 Sequence=3 hop limit=64 time = 43 ms
Reply from 2A02:D200::1:1
bytes=56 Sequence=4 hop limit=64 time = 23 ms
Reply from 2A02:D200::1:1
bytes=56 Sequence=5 hop limit=64 time = 10 ms
--- 2a02:d200::1:1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 6/24/43 ms
Now on H3C we need to initiate the BGP parts
[TS4_HP5800]bgp 65100
[TS4_HP5800-bgp]router-id 4.4.4.4
[TS4_HP5800-bgp]ipv6-family
[Ts1_5800-bgp-af-ipv6] undo synchronization
[Ts1_5800-bgp-af-ipv6] quit
[TS4_HP5800-bgp]ipv6-family vpn-instance IPv6DMZ
[TS4_HP5800-bgp-ipv6-IPv6DMZ]peer 2a02:d200::2:1 as-number 64512
%Apr 26 12:44:55:001 2000 TS4_HP5800 BGP/5/BGP_STATE_CHANGED:
2A02:D200::2:1 state is changed from OPENCONFIRM to ESTABLISHED.
[TS4_HP5800-bgp-ipv6-IPv6DMZ]display ipv6 routing-table vpn-instance IPv6DMZ
Routing Table : IPv6DMZ
Destinations : 6 Routes : 6
Destination: ::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 2A02:D200::2:0/126 Protocol : Direct
NextHop : 2A02:D200::2:2 Preference: 0
Interface : GE1/0/22 Cost : 0
Destination: 2A02:D200::2:2/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: AAAA::1/128 Protocol : BGP4+
NextHop : 2A02:D200::2:1 Preference: 255
Interface : GE1/0/22 Cost : 0
Destination: AAAA::2/128 Protocol : BGP4+
NextHop : 2A02:D200::2:1 Preference: 255
Interface : GE1/0/22 Cost : 0
Destination: FE80::/10 Protocol : Direct
NextHop : :: Preference: 0
Interface : NULL0 Cost : 0Ok, great, now we have a BGP peering between Cisco and H3C established, and the HP routers see the Cisco Loopback interfaces.
SKIP – more VLANs, more basic BGP sessions and we jump to TS1/TS2 and MSR VRRPv6 groups
Step 3 – Configuring VRRP for IPv6 on H3C
This is a small extra on enabling servers access to our topology with VRRP, which functions only a little bit different on IPv6 as it uses link-local addresses for negotiation and global unicast IPv6 addresses are negotiated on top of this negotiation.
First, lets just configure the basic IPv6 VRRP in global and have a look on the interface with which we are starting here.
[Ts1_5800]vrrp ipv6 method virtual-mac [Ts1_5800]vrrp ipv6 ping-enable [Ts1_5800-GigabitEthernet1/0/22]display this # interface GigabitEthernet1/0/22 port link-mode route ip binding vpn-instance IPv6DMZ ipv6 address 2A02:D200::5:A/124 #
Next, what we need to realize is that in the broadcast domain where we want VRRP to function, we need to enable link-local IPv6 addresses first (these are the FE80::/10). We do this by simply enabling the auto configuration and then checking the interface. In the picture below we autoconfigured the FE80::BAAF:67FF:FE22:C47E as our link-local IP :
[Ts1_5800-GigabitEthernet1/0/22] ipv6 address auto
[Ts1_5800-GigabitEthernet1/0/22] quit
[Ts1_5800]display ipv6 interface g1/0/22
GigabitEthernet1/0/22 current state :UP
Line protocol current state :UP
IPv6 is enabled, link-local address is FE80::BAAF:67FF:FE22:C47E
Global unicast address(es):
2A02:D200::5:A, subnet is 2A02:D200::5:0/112
Joined group address(es):
FF02::12
FF02::1:FF05:0
FF02::1:FF05:A
FF02::1:FF22:C47E
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
IPv6 Packet statistics:
InReceives: 1595
InTooShorts: 0
InTruncatedPkts: 0
InHopLimitExceeds: 0
InBadHeaders: 0You can see that we now have a link-local IP of FE80::BAAF:67FF:FE22:C47E, we can move to VRRP configuration itself. First, we need to create a link-local VRRP IP with the typical virtual router ID (1-255). So lets choose vrid of 5 and the link-local address lets choose for simplicity “FE80::1”.
[Ts1_5800-GigabitEthernet1/0/22] vrrp ipv6 vrid 5 virtual-ip FE80::100 link-local
Only after this, we can create the globally unique VRRP IP with a second command:
[Ts1_5800-GigabitEthernet1/0/22] vrrp ipv6 vrid 5 virtual-ip 2A02:D200::5:100
In summary, this is the interface configuration on the interface.
[Ts1_5800-GigabitEthernet1/0/22]display this # interface GigabitEthernet1/0/22 port link-mode route ip binding vpn-instance IPv6DMZ ipv6 address 2A02:D200::5:A/112 ipv6 address auto vrrp ipv6 vrid 5 virtual-ip FE80::100 link-local vrrp ipv6 vrid 5 virtual-ip 2A02:D200::5:100 #
Verification is with the typical “display vrrp” commands, but with IPv6 extension, please note that in the quick view with “display vrrp ipv6” you only see the link-local IPv6, the global unicast one is hidden under the verbose version of this command.
[Ts1_5800]display vrrp ipv6
IPv6 Standby Information:
Run Mode : Standard
Run Method : Virtual MAC
Total number of virtual routers : 1
Interface VRID State Run Adver Auth Virtual
Pri Timer Type IP
---------------------------------------------------------------------
GE1/0/22 5 Backup 100 100 None FE80::100
[Ts1_5800]display vrrp ipv6 verbose
IPv6 Standby Information:
Run Mode : Standard
Run Method : Virtual MAC
Total number of virtual routers : 1
Interface GigabitEthernet1/0/22
VRID : 5 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Become Master : 2800ms left
Auth Type : None
Virtual IP : FE80::100
2A02:D200::5:100
Master IP : FE80::BAAF:67FF:FE3D:7FC2By default, we would now go to the router on the very left side of the LAB, give it a IPv6 IP on the Eth0/0 interface, configure default route towards the VRRP IP manually and that is the end like this:
[TS7_MSR1]ipv6 route-static 0::0 0 2a02:d200::5:100 [TS7_MSR1-Ethernet0/0]disp this # interface Ethernet0/0 port link-mode route ipv6 address 2A02:D200::5:C/112 #
Step 4 – Redistributing static to BGP
On the TS1 and TS2 routers, we are going to create a static route towards the loopback on the TS7 router.
[Ts1_5800]ipv6 route-static vpn-instance IPv6DMZ 2a02:d200::10:0 112 2a02:d200::5:C
Now static routes are not moved to BGP tables by default and we need to use a redistribution for this, which is not hard. In fact in our very simple scenario this is just these commands to achieve:
[TS2_5800]bgp 65101 [TS2_5800-bgp]ipv6-family vpn-instance IPv6DMZ [TS2_5800-bgp-ipv6-IPv6DMZ]import-route static
Verification is via the display bgp vpnv6 commands like this
[TS2_5800]display bgp vpnv6 vpn-instance IPv6DMZ routing-table
BGP Local router ID is 2.2.2.2
Status codes: * - valid, ^ - VPN best, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total routes of vpn-instance IPv6DMZ: 6
*^> Network : 2A02:D200::10:0 PrefixLen : 112
NextHop : :: LocPrf :
PrefVal : 0 Label : NULL
MED : 0
Path/Ogn: ?
* i Network : 2A02:D200::10:0 PrefixLen : 112
NextHop : 2A02:D200::5:A LocPrf : 100
PrefVal : 0 Label : NULL
MED : 0
Path/Ogn: ?
*^> Network : AAAA::1 PrefixLen : 128
NextHop : 2A02:D200::4:1 LocPrf :
PrefVal : 0 Label : NULL
MED :
Path/Ogn: 65100 64512 i
i Network : AAAA::1 PrefixLen : 128
NextHop : 2A02:D200::3:1 LocPrf : 100
PrefVal : 0 Label : NULL
MED :
Path/Ogn: 65100 64512 i
*^> Network : AAAA::2 PrefixLen : 128
NextHop : 2A02:D200::4:1 LocPrf :
PrefVal : 0 Label : NULL
MED :
Path/Ogn: 65100 64512 i
i Network : AAAA::2 PrefixLen : 128
NextHop : 2A02:D200::3:1 LocPrf : 100
PrefVal : 0 Label : NULL
MED :
Path/Ogn: 65100 64512 iBut more importantly, lets check this on the far end cisco box that this static route has arrived to it.
T5_CiscoL3-1#show ipv6 route
IPv6 Routing Table - Default - 8 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, D - EIGRP, EX - EIGRP external
ND - Neighbor Discovery
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C 2A02:D200::/126 [0/0]
via FastEthernet1/0/11, directly connected
L 2A02:D200::1/128 [0/0]
via FastEthernet1/0/11, receive
C 2A02:D200::1:0/126 [0/0]
via FastEthernet1/0/22, directly connected
L 2A02:D200::1:1/128 [0/0]
via FastEthernet1/0/22, receive
B 2A02:D200::10:0/112 [20/0]
via FE80::BAAF:67FF:FE3D:9F66, FastEthernet1/0/22
LC AAAA::1/128 [0/0]
via Loopback0, receive
B AAAA::2/128 [200/0]
via 2A02:D200::2
L FF00::/8 [0/0]
via Null0, receiveAnd the very FINAL TEST, pinging the two loopbacks from the oposite sides of this lab.
- Cisco to H3C ping
T5_CiscoL3-1#ping ipv6 2A02:D200::10:1 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2A02:D200::10:1, timeout is 2 seconds: Packet sent with a source address of AAAA::1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/3/9 ms
- H3C to Cisco ping
<TS7_MSR1>ping ipv6 -a 2A02:D200::10:1 AAAA::1 PING AAAA::1 : 56 data bytes, press CTRL_C to break Reply from AAAA::1 bytes=56 Sequence=1 hop limit=62 time = 4 ms Reply from AAAA::1 bytes=56 Sequence=2 hop limit=62 time = 2 ms Reply from AAAA::1 bytes=56 Sequence=3 hop limit=62 time = 2 ms Reply from AAAA::1 bytes=56 Sequence=4 hop limit=62 time = 3 ms Reply from AAAA::1 bytes=56 Sequence=5 hop limit=62 time = 4 ms --- AAAA::1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/3/4 ms
References:
OPTIONAL : IPv6 ND RA
<span lang="EN-US"># Specify the advertised address prefix as 2001::/64, its valid lifetime as 86400 seconds, and its preferred lifetime as 3600 seconds.</span> [DeviceA-Ethernet1/1] ipv6 nd ra prefix 2001::/64 86400 3600