IPv6

Introduction to IPv6
Addressing
© 2012 Juniper Networks, Inc. All rights reserved. | www.juniper.net

What Is IPv6?
§ Next generation protocol:

•Defined by the IETF
•Defined as RFC 2460
•Intended to replace IPv4
© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 2

IPv4 Versus IPv6
IPv4 IPv6
32-bit (4-byte) address supports 128-bit (16-byte) address supports 2128
4,294,967,296 addresses (about 3.4×1038) addresses
NAT can be used to extend address Does not support NAT by design
space limitations
Administrators must use the Hosts use stateless address
Dynamic Host Configuration Protocol autoconfiguration and DHCPv6 to
or static configuration to assign assign an IP address to themselves
IP addresses to hosts
IPsec support is optional IPsec support is necessary
Options are integrated into the base Improved support for options using
header extension headers and overall
simplification of the header format

IPv6 Structure
§ The IPv6 header has the following improvements:

•Fixed length of 40 bytes
•Simple, more efficient processing
•Extension headers handle additional options
•Several IPv4 fields have been removed:
• Header length, identification, flags, fragment offset, and header
checksum
Traffic
Version (4) Flow Label (20)
Class (8)
Payload Length (16) Next Header (8) Hop Limit (8) 40
bytes
Source Address (128)
Destination Address (128)

IPv4 Header Versus IPv6 Header
IPv4 Header IPv6 Header
Version IHL TOS Total Length Traffic
Version Flow Label
Fragment Class
Identification Flags
Offset Next
Payload Length Hop Limit
Time to Header
Protocol Header Checksum
Live Source Address (128)
Source Address (32) Destination Address (128)
Destination Address (32)
Options Padding
Key
Fields the same in IPv4 and IPv6
Fields removed in IPv6
Name and position changed in IPv6
New field in IPv6

IPv6 Extension Headers
§ Simple packet headers provide faster processing

•IPv6 deals with IP options using extension headers
§ IPv6 defines six extension headers:
•Hop-by-Hop Options
•Destination Options
•Routing
•Fragment
•Authentication
•Encapsulating Security Payload

Hop-by-Hop Options
§ Hop-by-Hop Options header:

•Indicated by a Next Header value of 0
•Must be examined by every device along the path
•Router Alert Option
• Used for RSVP and MLD
•Jumbogram Option
• Supports the transmission of packets between 65,536 and
4,294,967,295
Next Header Header Ext Option Type Option Data

(8) Length (8) (8) Length (8)
Options Data (Variable)

Destination Options
§ Destination Options header

•Carries options to be examined by the destination device
•Only extension header that can appear twice in an IPv6
packet
• Once before a routing header and once as the final extension
header
Next Header Header Ext Option Type Option Data

(8) Length (8) (8) Length (8)
Options Data (Variable)

Routing
§ Routing header
•Defines strict source routing and loose source routing for an
IPv6 packet
• With strict source routing, each intermediate destination device
must be a single hop away
• With loose source routing, intermediate destination devices can be
one or more hops away
Next Header Header Ext Routing Segments

(8) Length (8) Type (8) Left (8)
type-specific data (Variable)

Fragment (1 of 2)
§ Fragment header:
•Fragmentation is handled at the source device
• Devices along the path do not fragment
Next Header Reserved Fragment Offset RES M

(8) (8) (13) (2) (1)
Identification (32)

Fragment (2 of 2)
§ Fragmentation:
•Original packet is fragmented
• IPv6 header and hop-by-hop options are considered
unfragmentable
• Other extension headers, upper layer headers, and data can be
fragmented
Unfragmentable Fragment
First Fragment
Part Header
Second Fragment
Part Header
.
.
.
Last Fragment
Part Header
Authentication
§ Authentication header:
•Provides connectionless integrity and data origin
authentication for IP packets and protects against replays
Next Header Payload Reserved

(8) Length (8) (16)
Security Parameters Index (32)
Sequence Number (32)
Authentication Data (Variable)

Encapsulating Security Payload
§ Encapsulating Security Payload header:

Security Parameters Index (32)
Sequence Number (32)
Payload Data (Variable)
Padding (0–2040)
Pad Next Header

Length (8) (8)
Authentication Data (Variable)

IPv6 Addressing
§ Extending address space is a major reason for IPv6:

•IPv4 address exhaustion is predicted to occur in the near
future
•128-bit (16-byte) address supports 2128 (about 3.4×1038)
addresses
•295 addresses for each person on Earth
•252 addresses for each observable star in the known
universe

Address Notation
§ Each IPv6 address has 128 bits:
•Eight 16-bit hexadecimal blocks separated by colons
• Not case sensitive
•Use abbreviations to simplify the notation
•You can omit leading zeros
•Double colon can replace consecutive zeros, leading zeros,
or trailing zeros, but can not be used twice in an address
2bfc:0000:0000:0000:0217:cbff:fe8c:5c85
2bfc:0:0:0:217:cbff:fe8c:5c85 Leading zeros
omitted
2bfc::217:cbff:fe8c:5c85
Double colon

IPv6 Text Representation
§ With all the different methods to write an IPv6
address, having a standard method for displaying
these addresses becomes important
•The following key requirements are outlined in RFC 5952:
• Devices must accept all methods of entry
• Leading zeros must be suppressed by the device
• The use of the symbol “::” must be used to its maximum capability
• When an alternative choice exists in the placement of a “::”, the
longest run of consecutive 16-bit 0 fields must be shortened
• The characters “a”, “b”, “c”, “d”, “e”, and “f” in an IPv6 address
must be represented in lowercase
•The Junos OS follows these guidelines when displaying
outputs as a result of operational mode commands
Prefix Notation
§ Prefix identifies the subnet

•Defined in RFC 4291
•Similar to IPv4 in text presentation:
• IPv6 address/prefix length
IPv6 Address
2bfc:0000:0000:0000:0217:cbff:fe8c:5c85/64
16 16 16 16
bits bits bits bits
64-bit prefix

Representing IPv6 Addresses Within URLs
§ In a URL, the address is enclosed in brackets:
•http://[2001:DB8:1003::f]:8080/index.html
• Cumbersome for users
•Mostly for diagnostic purposes
• Use fully qualified domain names
RFC 2732 - Format for Literal IPv6 Addresses in URLs

http://www.faqs.org/rfcs/rfc2732.html

Address Allocation
§ Organizations and end users get an address

allocation from their ISP
•The following recommendations and guidelines are defined
in RFC 6177
•Any subnet with a prefix length /64 or shorter will work from
a standards perspective
•A couple recommendations for assigning address space to
end users and sites
• The initial address assignment size should take into consideration
the likelihood that an end site will need multiple subnets in the
future
• The process should be easy for a user or end site to obtain
additional address space to create multiple or additional internal
subnets
IPv6 Address Types
§ Address types:
•Unicast: Unique address that identifies an IPv6 node
•Multicast: Group of IPv6 interfaces
•Anycast: Assigned to multiple interfaces on multiple nodes

Unicast Addresses
§ Unicast addresses are used in a one-to-one context

§ IPv6 unicast addresses:
•Global unicast addresses
•Unique local addresses
•Link-local addresses

Global Unicast Addresses
§ Global unicast addresses are globally unique and are

used to connect to and route through the Internet
•Similar to IPv4 public addresses
Public Topology Site Topology Interface Identifier
Global Routing Prefix SID Interface ID
(n bits) (m bits) (128 – n - m bits)

(typically 64 bits)
Internet
Company Company
ABC XYZ

Unique Local Unicast Addresses
§ Unique local unicast addresses:

•For local use and are not expected to be globally routable
•Are similar to IPv4 RFC 1918 private addresses
•Use a common prefix (FC00::/7)
•Can use http://www.sixxs.net/tools/grh/ula/ to generate
and register site local prefixes
FC00::/7 Global ID Subnet ID Interface ID
Prefix Global ID Subnet ID Interface Identifier

(8 bits) (40 bits) (16 bits) (64 bits)

Generating Unique Local Prefixes

Link-Local Unicast Addresses
§ Link-local unicast addresses:

•Use a common prefix on all subnets (FE80:0:0:0::/64)
•Are guaranteed to be unique only on a single link
•Are generated by the interface
1111111010 0000..0000 Interface ID
Prefix Zero Interface Identifier

(10 bits) (54 bits) (64 bits)
R1
fe80::226:88ff:fe02:7481 fe80::226:88ff:fe02:7482
ge-0/0/1.0 ge-0/0/2.0

Interface ID
§ Interface ID:
•Uniquely identifies a host on a subnet
•Is 64 bits long
•Is constructed in modified EUI-64 format
•Is a permutation of the interface MAC address (if available)
Interface Identifier
Global Routing Prefix SID Interface ID
(n bits) (m bits) (128 – n - m bits)

Private Interface ID
RFC 4941. Privacy Extensions for Stateless Address Autoconfiguration in IPv6
2001 0db8 0000 0000 a083 38d0 1129 d0c1
Randomly Created Interface

Identifier
§ Support for randomly generated interface identifier

IPv6 Multicast Address
§ Identifier for a set of interfaces that typically belongs
to different nodes
•All members of the multicast group process an incoming
multicast packet
•More efficient than broadcast
•Three types of multicast addresses:
• Solicited-node multicast addresses for Neighbor Solicitation
messages
• All-nodes multicast address for Router Advertisement messages
• All-routers multicast address for Router Solicitation messages
112 Bits
Group ID 1 = interface-local
2 = link-local
Flags = 4 Bits = “0”,”R”,”P”,”T” 3 = subnet-local
1111 1111 Scope = 4 = admin-local
0 = Reserved
R = Rendezvous 5 = site-local
F F Flags Scope
P = Prefix 8 = organization
8 Bits 8 Bits T = Transient E = global

Multicast Assigned Addresses
§ Multicast Assigned Addresses
•FF0X:: is reserved (X = 0..F).
•Inside this range, the following are assigned:
Meaning Scope
FF02::1 All nodes Link-local
FF02::2 All routers Link-local
FF02::9 All RIP routers Link-local
FF02::1:FFXX:XXXX Solicited-node Link-local
FF05::101 All NTP servers Site-local
FF05::1:3 All-DHCP servers Site-local

Anycast Addresses
n Bits 128 - n Bits
Prefix Interface ID
§ Identifier for a set of interfaces, typically

belonging to separate nodes
•Defined in RFC 2526
•Packet travels to just one of the interfaces identified
in the group
•Routing protocol typically determines the closest
interface

Anycast Addresses Example
Server 1
2001:100:100:100::1
R2
R3 Mirrored Server 1
BGP Announces 2001:100:100:100::1
2001:100:100:100::/64
BGP Announces
2001:100:100:100::/64
SA = 2001:200:200:200::1
DA = 2001:100:100:100::1
BGP Announces
2001:100:100:100::/64
R1 R4
Host 1 Mirrored Server 1
2001:100:100:100::1
2001:200:200:200::1

Required Host Addresses
§ An IPv6 host interface requires the following IPv6

addresses for proper operation:
•A link-local address
•Loopback address
•All-nodes multicast address
•Any additional unicast and anycast addresses (configured
automatically or manually)
•Solicited-node multicast address for each of its unicast and
anycast addresses
•Multicast addresses of all other groups to which the host
belongs

Special Addresses
§ The prefix 0000 0000 is reserved for special
addressing
•Unspecified address: Also called the all-zeros address
• 0:0:0:0:0:0:0:0, or :: (Do not confuse with a default route)
•Loopback address: Commonly used for testing the IP stack
on the localhost
• 0:0:0:0:0:0:0:1, or ::1

IPv4 Addresses Represented as IPv6
Addresses
§ Format:
•IPv4-compatible
• 0:0:0:0:0:0:192.0.2.100
• = ::192.0.2.100
• = ::C000:0264
•IPv4-mapped
• 0:0:0:0:0:FFFF:192.0.2.100
• = ::FFFF:C000:0264

Address Scope
§ IPv6 addresses have scope, which identifies the

application suitable for the address
•Unicast and multicast addresses support scoping
•Scope can be local or global
Internet
Addresses with local scope are used Addresses with global scope are
within the same routing domain. used between routing domains.
Company Company
ABC XYZ

Subnetting IPv6 Addresses
§ Similar to subnetting IPv4 addresses

•A few key points to remember:
• Each IPv6 segment represents 16 bits
• Each character in an IPv6 address represents 4 bits
• Once it is converted to binary, nothing changes
§ Identify the three main components of the address:
•Global routing prefix
•Subnet ID
•Interface ID (host address)

Subnetting Example 1
2001:0867:5309:9abc:def0:0020:1111:ff00/64
16 + 16 + 16 + 16
Prefix length identifies the number
of bits used for the network prefix
Global prefix + Subnet ID
2001:0867:5309:9abc:def0:0020:1111:ff00/64
Prefix Interface ID
(Network) (Host address)
2001:0867:5309:9abc:0000:0000:000:0001
2001:0867:5309:9abc:0000:0000:000:0002
2001:0867:5309:9abc:0000:0000:000:0003
.
Valid
. addresses
.
2001:0867:5309:9abc:ffff:ffff:ffff:ffff
Subnetting Example 2
2001:0867:5309:9abc:def0:0020:1111:ff00/122
1 1 1 1 : f f 0 0
0001 0001 0001 0001 1111 1111 0000 0000
bit
128 (1)
127 (2)
113
123 (32)
122 (64)
114
118
124 (16)
121 (128)
125 (8)
126 (4)
117
115
119
120
116
number
binary
value
…:1111:ff00 - Subnet-Router anycast address 64 host bits
…:1111:ff01 through 1111:ff0f = 15 hosts

63 total hosts
Enabling IPv6
§ Turning on IPv6
•IPv6 is already enabled on Juniper Networks routers, so no
global command is required
•Juniper Networks routers do not send Router
Advertisements by default
§ Interface configurations
•Enable family inet6 on the interface
• Automatically creates the link local address
•Assign an address to the interface
• Manually define the entire 128-bit IPv6 address
• Specify the 64-bit prefix and use EUI-64 to complete the host
address
Configuring Interfaces for IPv6
§ Interface configurations:
•Enable IPv6 on the interface
[edit interfaces ge-0/0/1 unit 0]
user@R1# set family inet6
•Manually configure a 128-bit IPv6 address

[edit interfaces ge-0/0/1 unit 0] 128-Bit Address
user@R1# set family inet6 address 2001:1111:2222:3333:4444:5555:6666:7777/64
•Use EUI-64 to automatically generate interface ID

[edit interfaces ge-0/0/1 unit 0] 64-Bit Prefix
user@R1# set family inet6 address 2001:1111:2222:3333::/64 eui-64

Automatic Link-Local Address
§ Verify link-local address
user@R1> show configuration interfaces ge-0/0/1
unit 0 {
family inet6;
}
user@R1> show interfaces ge-0/0/1 terse

Interface Admin Link Proto Local Remote
ge-0/0/1 up up
ge-0/0/1.0 up up inet6 fe80::b2c6:9aff:fe73:2781/64
user@R1> show interfaces ge-0/0/1 | match "hardware address"

Current address: b0:c6:9a:73:27:81, Hardware address: b0:c6:9a:73:27:81

IPv6 Addresses Using EUI-64
§ Verify interface address configuration using EUI-64
unit 0 {
family inet6 {
address 2001:1111:2222:3333::/64 {
eui-64;
}
}
}

ge-0/0/1 up up
ge-0/0/1.0 up up inet6 2001:1111:2222:3333:b2c6:9aff:fe73:2781/64
fe80::b2c6:9aff:fe73:2781/64
user@R1> show interfaces ge-0/0/1 | match "hardware address"

Current address: b0:c6:9a:73:27:81, Hardware address: b0:c6:9a:73:27:81

IPv6 Addresses Using Manual Method
§ Verify manual interface address configurations
unit 0 {
family inet6 {
address 2001:1111:2222:3333:4444:5555:6666:7777/64;
}
}

ge-0/0/1 up up
ge-0/0/1.0 up up inet6 2001:1111:2222:3333:4444:5555:6666:7777/64
fe80::b2c6:9aff:fe73:2781/64

Changing the Autoconfigured Link-Local
Address
§ Manually configure the link-local address

unit 0 {
family inet6 {
address 2001:1111:2222:3333:4444:5555:6666:7777/64;
address fe80::1/10;
}
}

ge-0/0/1 up up
ge-0/0/1.0 up up inet6 2001:1111:2222:3333:4444:5555:6666:7777/64
fe80::1/10

IPv6 Protocol and Services

ICMPv6
§ ICMPv6
•Not compatible with IPv4 ICMP
• Completely new protocol specification
•Incorporates the IPv4 IGMP functionality
•Identified by a new protocol code: next-header type
• IPv4 ICMP is protocol code 1
• IPv4 IGMP is protocol code 2
• IPv6 ICMP is next-header type 58
•RFC 2463—Replaced by RFC 4443

ICMPv6 Messages
§ ICMPv6 messages
•Type and code
• Identifies message type
•0–127 reserved for error messages
• 128–255 reserved for informational messages
•Checksum
• Checksum of ICMP message and fixed IPv6 header fields
•Parameter
• Type/code pair defines additional information
•Message body
• For error messages, portion of the original IPv6 packet
Type (8) Code (8) Checksum (16)
Parameter (Optional) (32)
Original IPv6 Packet (variable)
ICMPv6 Message: Example 1
§ “Destination unreachable” error message

•Type 1—destination unreachable
•Code 0—no route to destination
•Parameter—empty
•Message body—portion of the original IPv6 packet


ICMPv6 Message: Example 2
§ “Packet too big” error message

•Type 2—packet too big
•Code 0—unused
•Parameter—MTU
•Message Body—portion of the original IPv6 packet


Neighbor Discovery (1 of 2)
Router Discovery
Duplicate Address Detection
Neighbor Discovery Neighbor Unreachability Detection
Redirects
Address Resolution (~ARP)

Neighbor Discovery (2 of 2)
§ Discovering neighboring devices

•IPv4 uses ARP to resolve local addresses
• Relies on broadcasts
•IPv6 does not have the concept of broadcasts
• Still need a method to resolve local addresses
• Use solicited-node multicast instead
•IPv6 uses ICMPv6 for the following types of message:
• Router advertisement
• Router solicitation
• Neighbor solicitation
• Neighbor advertisement
• Redirect

Router Advertisement Overview
§ Router advertisement
•Can be used to discover link-local addresses of the
neighboring routers
•Can be used to automatically configure hosts
•Periodically sent to the all-nodes multicast group
•Also sent in response to a router solicitation message
•Options can contain:
• MTU
• On-link prefixes and lifetimes
• Layer 2 address of the advertising router
Type=134 Code Checksum
Hop Limit M O RSV Router lifetime
Reachable Time
Retransmit Timer
Options
32 bits
Router Advertisement—Prefix Option
§ Router advertisements can contain a list of prefixes
•Prefixes can be used in multiple fashions
• Used for address autoconfiguration
• Used to maintain a database of on-link prefixes
• Used for duplicate address detection
32 bits
Type Length Prefix Length L A Reserved
Valid Lifetime
Preferred Lifetime
Reserved
Prefix

Router Solicitation Overview
§ Router solicitation
•Sent by hosts to locate on-link routers
•Usually sent to the all-routers multicast group
•Source address can be unspecified or the local address
•Router solicitation message consists of five fields
Type=133 Code Checksum

Reserved
Options
32 bits

Neighbor Address Resolution
§ Neighbor solicitation and advertisements
•Equivalent function to IPv4 ARP
•Uses multicast instead of broadcast
•Check neighbor cache for address
• If no address, create an Incomplete entry for target address
• Send neighbor solicitation to solicited-node multicast address
• Target device sends neighbor advertisement with link-layer address
back to solicitor
•Soliciting device changes Incomplete entry to Reachable
Neighbor Solicitation Neighbor Advertisement
Type=135 Code Checksum Type=136 Code Checksum
Reserved R S 0 Reserved
Target Address Target Address
Options Options
32 bits 32 bits
Neighbor Solicitation
Solicited node
multicast address
allows the host to
reach all nodes with
matching last 24 bits
(derived from
I need to reach IPv6 address destination address)
2001::2003:210:A4FF:FEA6:69D0
I have that address!
Neighbor Solicitation (ICMP Type 135)
Host 1 to Solicited Node Multicast Address Host 2
Neighbor Advertisement (ICMP Type 136)

to Neighbor Solicitation Source Address

Solicited Node Multicast Address
§ Solicited node multicast address

•Layer 3 multicast group derived from the IPv6 address
•Minimizes the number of hosts that see the neighbor
solicitation
•Fixed prefix (FF02:0:0:0:0:1:FF00:0/104) + last 24 bits of
the host’s IPv6 address
Unicast Address 2001::2003:210:A4FF:FEA6:69D0
Solicited Multicast Address FF02:0:0:0:0:1:FFA6:69D0
•All nodes with the same final 24 bits of their IPv6 addresses
receive packets to this multicast address
Multicast to Ethernet
IPv6 Solicited Node Multicast Destination
FF02:0000:0000:0000:0000:0001:FFA6:69D0
Group ID (112 bits)
3333 + FFA6:69D0
Multicast Final 32 Bits
Prefix of the
Group ID
Ethernet Destination Address 3333:FFA6:69D0

Duplicate Address Detection
Neighbor Solicitation (ICMP Type 135) 2001::2003:210:A4FF:FEA6:69D0

to its Own Solicited Node Multicast Address
Host 1 Host 2
2001::2003:210:A4FF:FEA6:69D0 Neighbor Advertisement (ICMP Type 136)

to All Nodes Multicast Address
Host 1 must select new address or I have that address!

display an error and not participate
on the network (RFC2462)

Neighbor Unreachability Detection
§ Neighbor Unreachability Detection uses the neighbor

cache to detect reachability
•Neighbor cache stores information about neighbors:
• IP address
• Link-layer address
• Reachability state
•Neighbor reachability states:
• Incomplete
• Reachable
• Stale
• Delay
• Probe

Redirects
§ Redirect messages
•Inform a host of a better next-hop router to a particular
destination or an on-link neighbor
Original Traffic Flow 2

Redirect Message ICMP Redirect message is sent 1
Host 1 to Host 1 indicating that R4 is a Traffic from Host 1 is using
Redirected Traffic Flow
better gateway to Host 3 R1 as the gateway when
sending traffic to Host 3
R1 R2 R3
3 S1
Host 1 redirects traffic destined
to Host 3 through R4 Host 2 Host 3
R4 S2

Autoconfiguration
§ IPv6 autoconfiguration
•IPv6 hosts can configure their own addresses automatically
• Similar in function to IPv4 DHCP
•Two methods:
• Stateless Address Autoconfiguration (SLAAC)
• Stateful autoconfiguration (DHCPv6)
•Common ICMPv6 messages to both methods:
• Router advertisements
• Router solicitations

SLAAC Overview
§ SLAAC
•Basic host address configuration
•IPv6 Stateless Address Autoconfiguration
• Based on the standards outlined in RFC 4862
•Does not require a DHCPv6 server
•Can be used simultaneously with DHCPv6 service

SLAAC Operation—Scenario 1
1 ) Build link-local address 6) Send router solicitation
2 ) Join all-nodes multicast group 7) No response means no routers on the link
3 ) Join solicited node multicast group 8) Attempt DHCPv6
4 ) Send neighbor solicitation 9) No response means only the link-local

address can be used
5) No response means link-local is unique

Host 1 to its Own Solicited Node Multicast Address
Router Solicitation (ICMP Type 133)

to All-Routers Multicast Group Address
Attempt to Get Address Through DHCPv6

SLAAC Operation—Scenario 2
1) Build link-local address 6) Send router solicitation
2) Join all-nodes multicast group 7) Router advertisement is received from

R1 with a list of valid prefixes
3) Join solicited node multicast group
8) Create global address using valid prefix
4) Send neighbor solicitation

Host 1 to its Own Solicited Node Multicast Address R1

Router Advertisement (ICMP Type 134)

that Includes a List of Valid Prefixes

Secure Neighbor Discovery Messages
§ With Neighbor Discovery vulnerabilities exist between

communication
•Three main vulnerabilities of Neighbor Discovery:
• DoS attacks
• Address spoofing attacks
• Router spoofing attacks
•Secure Neighbor Discovery Protocol
• Devices ignore packets from off-link senders
• Provides protection for Neighbor Discovery messages
• The Junos OS implementation is secured using cryptographically
generated addresses
• Is not supported on statically configured addresses

Cryptographically Generated Addresses
§ CGAs
•Used to verify the identity of the sender of a neighbor
discovery message
•Each device generates a public-private key pair
• Stored in the /var/etc/rsa_key directory

Router Advertisement Options
protocols {
router-advertisement {
interface interface-name {
current-hop-limit number;
default-lifetime seconds;
(managed-configuration | no-managed-configuration);
max-advertisement-interval seconds;
min-advertisement-interval seconds;
(other-stateful-configuration | no-other-stateful-configuration);
reachable-time milliseconds;
retransmit-timer milliseconds;
prefix prefix {
(autonomous | no-autonomous);
(on-link | no-on-link);
preferred-lifetime seconds;
valid-lifetime seconds;
}
}
}
}
Router Advertisement: Example 1
R1 ge-0/0/1
::1
fdcd:10:0:20::/64
ge-0/0/6 ge-0/0/1
::1 ::2
fdcd:10:0:10::/64
R3
ge-0/0/6
::2
R2 Host 1 Host 2
Enable router advertisement on this network

Router Advertisement Sample (1 of 2)
§ Sample configuration
[edit protocols router-advertisement]
Though not displayed, the R2 router is also
user@R1# show
configured to provide router advertisements
interface ge-0/0/6.0 {
to hosts on this LAN segment
prefix fdcd:10:10:0::/64;
}
§ Monitoring and verification

user@R1> show ipv6 router-advertisement
Interface: ge-0/0/6.0
Advertisements sent: 4, last sent 00:02:28 ago
Solicits received: 1, last received 00:18:53 ago
Advertisements received: 4
Advertisement from fe80::b2c6:9aff:fe73:3986, heard 00:08:39 ago
Managed: 0
Other configuration: 0
Reachable time: 0 ms
Default lifetime: 1800 sec
Retransmit timer: 0 ms
Current hop limit: 64
Prefix: fdcd:10:10::/64
Valid lifetime: 2592000 sec
Preferred lifetime: 604800 sec
On link: 1
Autonomous: 1

Router Advertisement Sample (2 of 2)
§ Host 1 verification
[~]host1
root-> ip a s dev eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:56:00:00:01 brd ff:ff:ff:ff:ff:ff
inet 172.27.20.10/24 brd 172.27.20.255 scope global eth1
inet6 fdcd:10:10:0:250:56ff:fe00:1/64 scope global dynamic
valid_lft 2591822sec preferred_lft 604622sec
inet6 fe80::250:56ff:fe00:1/64 scope link
valid_lft forever preferred_lft forever
[~]host1
root-> ip -6 r s
fdcd:10:10::/64 dev eth1 proto kernel metric 256 expires 2146951sec mtu 1500 advmss 1440 hoplimit
4294967295
...
default via fe80::b2c6:9aff:fe73:2786 dev eth1 proto kernel metric 1024 expires 1519sec mtu 1500
advmss 1440 hoplimit 64
default via fe80::b2c6:9aff:fe73:3986 dev eth1 proto kernel metric 1024 expires 1594sec mtu 1500
advmss 1440 hoplimit 64

Tracing Router Advertisements
protocols {
router-advertisement {
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <detail> <disable>;
}
}
}
}

Router Advertisements: Example 2
[edit]
user@R1# show interfaces ge-0/0/1
unit 0 {
family inet6 {
address fdcd:10:0:24::1/64;
IPv6 Internet ...

user@R1# show
R1 interface ge-0/0/1.0 {
prefix fdcd:10:0:24::/64 {
valid-lifetime 2000;
preferred-lifetime 1800;
Router ge-0/0/1
Advertisement [edit]
user@R2# show interfaces
ge-0/0/1 {
fdcd:10:0:24::/64 unit 0 {
family inet6 {
...
ge-0/0/2 {
Router unit 0 {
Advertisement ge-0/0/1 family inet6 {
...
R2
user@R2# show
Router ge-0/0/2 interface ge-0/0/1.0 {
Advertisement prefix fdcd:10:0:24::/64 {
fdcd:10:0:16::/64 interface ge-0/0/2.0 {

prefix fdcd:10:0:16::/64 {

Router Advertisement Interval
IPv6 Internet
R1
Router ge-0/0/1
Advertisement
fdcd:10:0:24::/64 user@R2# show
prefix fdcd:10:0:24::/64 {
Router valid-lifetime 2000;
Advertisement ge-0/0/1 preferred-lifetime 1800;
}
R2 }
max-advertisement-interval 600;
Router ge-0/0/2
min-advertisement-interval 200;
Advertisement
prefix fdcd:10:0:16::/64 {
fdcd:10:0:16::/64 preferred-lifetime 1800;
}
}

Routing Advertisement Flags
[edit protocols router-advertisement interface ge-0/0/1.0]
IPv6 Internet user@R1# set prefix fdcd:10:0:24::/64 option
Stateless Autoconfiguration options:

R1 autonomous = “you can autoconfigure yourself on this prefix”
non-autonomous = “do no autoconfigure yourself on this
prefix”
Router On-link Determination options:
ge-0/0/1 on-link = “prefix is local to the link”
Advertisement
off-link = “prefix is not local to the link”
fdcd:10:0:24::/64

Router user@R1# set interface ge-0/0/1 option
Advertisement ge-0/0/1
Stateful Autoconfiguration options:
R2 managed-configuration = “go to DHCP server for
everything”
no-managed-configuration = “do not go to DHCP”
Router ge-0/0/2 other-stateful-configuration = “go to DHCP for non-
Advertisement address info.”
no-other-stateful-configuration = “do not go to
DHCP”
fdcd:10:0:16::/64

Router Advertisement Lifetime
IPv6 Internet
[edit protocols router-advertisement interface ge-0/0/1.0]
user@R1# set default-lifetime seconds
R1
0 = this router is not a default router.
Range = max. advertisement interval - 9000 seconds
Router ge-0/0/1 Default = 3 x max. advertisement interval value
Advertisement
fdcd:10:0:24::/64
Router
Advertisement ge-0/0/1
R2
Router ge-0/0/2
Advertisement
fdcd:10:0:16::/64

Prefix Renumbering Scenario
Router Advertisement with

Prefix = fdcd:10:0:24::/64
Valid Lifetime =2000
Preferred Lifetime = 1800
Autoconfigured Linux IPv6 Host:

Current prefix: fdcd:10:0:24:1::/64 è new prefix: fdcd:10:0:36::/64

(to be replaced)
Renumbering Process
§ Router configuration for renumbering

user@R1# show
prefix fdcd:10:0:24::/64 {
}
R1
prefix fdcd:10:0:36::/64 {
}
} ge-0/0/1
Router Advertisement:
fdcd:10:0:24::/64 Preferred = 0; Valid=2000
fdcd:10:0:36::/64 Preferred = 1800; Valid=2000
Autoconfigured IPv6 Host:

[~]host1
inet6 fdcd:10:0:24:250:56ff:fe00:1/64 scope global deprecated dynamic

Verification: Show IPv6 Neighbors Example
user@R1> show ipv6 neighbors
IPv6 Address Linklayer Address State Exp Rtr Secure Interface
fe80::250:56ff:fe00:1 00:50:56:00:00:01 stale 1181 no no ge-0/0/1.0
user@R1> ping fe80::250:56ff:fe00:1 count 2

PING6(56=40+8+8 bytes) fe80::b2c6:9aff:fe73:2786 --> fe80::250:56ff:fe00:1
16 bytes from fe80::250:56ff:fe00:1, icmp_seq=0 hlim=64 time=1.758 ms
16 bytes from fe80::250:56ff:fe00:1, icmp_seq=1 hlim=64 time=1.194 ms
--- fe80::250:56ff:fe00:1 ping6 statistics ---

2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/std-dev = 1.194/1.476/1.758/0.282 ms
Host1
user@R1> show ipv6 neighbors
R1
IPv6 Address Linklayer Address State Exp Rtr Secure Interface
fe80::250:56ff:fe00:1 00:50:56:00:00:01 reachable 25 no no ge-0/0/1.0
root-> ip a s eth1

IPv6 Path MTU Discovery Overview
§ Path MTU discovery

•Routers along an IPv6 path do not fragment packets
•Path MTU is used to discover the smallest link MTU allowed
through the network to the destination device
• Any device with a smaller link MTU will discard the packet and send
an ICMPv6 Packet Too Big message back to sender
•Allows the sending device to determine and send the largest
packets possible
•Sender will not fragment smaller than the IPv6 minimum
link MTU of 1280 bytes
•Enabled by default in the Junos OS
• The IPv6 minimum link MTU will be used if path MTU discovery is
turned off
Path MTU Discovery: Operation
§ How does path MTU discovery work?

1 ) Host 1 sends 1500-byte packets
2) R2 discards packet and sends an ICMPv6 Packet Too Big

message back to Host 1 with the next-hop MTU of 1400
3) Host 1 sends 1400-byte packets

Host 1
MTU 1500 MTU 1400 MTU 1500
R1 R2 R3 R4
Host 2
1500-Byte Packet
ICMPv6 Packet Too Big
1400-Byte Packet

Path MTU Discovery: Maintenance
§ A path’s MTU can periodically change between a

source and destination
•A smaller MTU is identified through an ICMPv6 Packet Too
Big message
•An IPv6 sender will periodically attempt to use a larger size
to verify that the MTU is still restricted
• The frequency is determined by the configured path MTU timeout
value

Path MTU Configuration Options
§ Configuration
•Disable IPv6 path MTU discovery
[edit system internet-options]
user@R1# show
no-ipv6-path-mtu-discovery;
•Enable IPv6 path MTU discovery

[edit system internet-options]
user@R1# show
ipv6-path-mtu-discovery;
•Alter the default IPv6 path MTU discovery timeout

[edit system internet-options] Default timeout value is 10 minutes
user@R1# show
ipv6-path-mtu-discovery;
ipv6-path-mtu-discovery-timeout 10;

VRRP Overview
§ VRRP is an election protocol that designates one of

multiple routers as the master router for a given LAN
•A means of incorporating redundancy and increasing
network availability
•IPv6 functionality is basically the same as with IPv4
R1
VRRP
User A Routers Internet
Switch
R2
User B
Note: VRRP routers communicate through a common switch

to determine the master VRRP router and to detect failures.

Terms and Concepts
Term Description
VRRP Router Any router participating in VRRP, including the master and all backup routers
Master Router VRRP router performing packet forwarding
Backup Routers VRRP router available to assume the role of the master router upon failure
Virtual Router Virtual entity that functions as default router on LAN; consists of virtual
router ID and IP address used as gateway address known as VIP address
End-user traffic is forwarded
Master Router by the master VRRP router
fdcd:10:0:1::/64 R1
::2
Virtual Router
User A (.100) Internet
::1
Switch
::3
R2
User B (.101) Backup Router From end-user’s perspective, a
single gateway device exists

VRRP Router Advertisements
§ IPv6 VRRP router advertisements:
•Must configure IPv6 router advertisements for the interface
on which VRRP is configured
• When an interface receives an IPv6 Router Solicitation message,
the router sends an IPv6 Router Advertisement to all VRRP groups
configured on the interface
•Master VRRP router must respond to a Router Solicitation
message with the virtual IP address
• Use virtual-router-only option to ensure the backup router does not
respond to Router Solicitations R1
VRRP
Routers
Switch
R2
VRRP Communication Details
§ VRRP communications:
•Use multicast address FF02:0:0:0:0:0:0:12
• link-local scope multicast address
•Are confined to local network (TTL = 255)
•Use a set interval (every second by default)
•Require that speakers be configured with common settings
(for example, VRID)
•Use a virtual router MAC address for LAN communications
R1
VRRP
Routers
Switch
R2
Determining the Master Router
§ Master VRRP router is determined by the following:
•Priority value (higher is preferred)
• Default value is 100
•Router that owns virtual router’s IPv6 address is always
master
• Priority must be set to 255
•Preemption behavior is optional unless VIP address is owned
R1 Master Router
Higher Priority = More Preferred
Priority = 200
VRRP
Routers
Switch
Priority = 100
R2 Backup Router Lower Priority = Less Preferred

VRRP States
VRRP State Description
Router negotiates VRRP roles through startup events; no
Initialize
forwarding can be performed while in this state
Master Router assumes traffic forwarding responsibilities for the LAN
Router monitors master VRRP router and is ready to assume
Backup
forwarding responsibilities if failure occurs
Router switches between master and backup states; no
Transition
forwarding can be performed while in this state
R1
VRRP Details Compared
R1 = Master
VRRP R1’s Priority = 200

Routers R2’s Priority = 100
Switch
R2 = Backup
R2

Sample IPv6 VRRP Configurations
[edit]
The link-local address must be
unit 0 { manually defined for the interface
family inet6 { and the virtual interface
address fe80:10:0:1::2/64;
address fdcd:10:0:1::2/64 {
vrrp-inet6-group 1 {
virtual-inet6-address fdcd:10:0:1::1;
virtual-link-local-address fe80:10:0:1::1;
priority 200;
}
}
} VRRP group number, VIP address and VIP
} link-local address must match on all
[edit] routers in same redundant group
unit 0 { Based on the configurations shown,
family inet6 {
which router will assume the role of the
address fe80:10:0:1::3/64;
address fdcd:10:0:1::3/64 { master VRRP router? Why?
vrrp-inet6-group 1 {
virtual-inet6-address fdcd:10:0:1::1;
virtual-link-local-address fe80:10:0:1::1;
priority 100;
}
}
}
}

Some Additional Configuration Options
Configuration Option Description
track Monitors state of specified interface (typically a WAN interface)
or route and reduces designated priority value for VRRP group if
tracked interface or route is no longer available
accept-data Allows master router to respond to ICMP requests sent to VIP
address—by default, master router does not respond
no-preempt Disables preemption to avoid unwanted mastership changes;
Note: Preemption is enabled by default, which means the router
with the highest priority always assumes the master role.
Master Router
fdcd:10:0:1::/64 R1
::2
Virtual Router
User A (.100) Internet
::1
Switch
::3
R2
User B (.101) Backup Router
Monitoring VRRP Operations
§ Use the show vrrp commands to monitor VRRP
user@R1> show vrrp ? Include options to view additional
Possible completions: details or filter generated output
<[Enter]> Execute this command
brief Display brief output (default)
detail Display detailed output
extensive Display extensive output
interface Show VRRP interface
summary Display summary output
track Show VRRP track interfaces
| Pipe through a command
user@R1> show vrrp summary

Interface State Group VR state VR Mode Type Address
ge-0/0/1.0 up 1 master Active lcl fdcd:10:0:1::2
vip fe80:10:0:1::1
vip fdcd:10:0:1::1
user@R2> show vrrp summary
Interface State Group VR state VR Mode Type Address
ge-0/0/1.0 up 1 backup Active lcl fdcd:10:0:1::3
vip fe80:10:0:1::1
vip fdcd:10:0:1::1

Stateful Autoconfiguration Overview
§ DHCP
•IPv4 DHCP does more than manage addressing
•Provides optional services:
• DNS
• WINS server
• Boot server
• NETBIOS node type
• Many others…
•Stateful autoconfiguration and DHCPv6 meet the demand

Stateful IPv6 Autoconfiguration
§ Allows DHCP to configure address assignment

•Also known as stateful DHCPv6 in RFC 3315
•Possible reasons for DHCPv6:
• You require a specific IPv6 addressing scheme
• You require dynamic assignment of DNS servers
• You require dynamic updates to DNS servers
• You do not want to have the MAC address as part of the IPv6
address
•DHCPv6 and DHCPv4 are independent and require separate
configurations

DHCPv6—Scenario 1
1) Build link-local address 7) Router advertisement is received from
R1 with valid prefixes and the M and O
2) Join all-nodes multicast group bits set as 0 and 1 respectively
3) Join solicited node multicast group 8) Create global address using valid prefix
4) Send neighbor solicitation 9) The host sends a DHCPv6 request

(UDP port 547) to FF05::1:3
10) DHCP server responds with a direct
unicast reply (UDP port 546)
6) Host 1 Send router solicitation


Router Advertisement (ICMP Type 134) DHCPv6

(M bit = 0, O bit = 1)
Send DHCP Request to FF05::1:3 Server
(All DHCP Servers)
Send DHCP Reply (Unicast)
DHCPv6—Scenario 2
1) Build link-local address 7) Router advertisement is received from
R1 with valid prefixes and the M bit set to 1
2) Join all-nodes multicast group
8) The host sends a DHCPv6 request
(UDP port 547) to FF05::1:3
3) Join solicited node multicast group
9) DHCP server responds with a direct
4) Send neighbor solicitation unicast reply (UDP port 546)
5) No response means link-local is unique 10) Create global address using valid prefix
6) Host 1 Send router solicitation


Router Advertisement (ICMP Type 134) DHCPv6

(M bit = 1)
Send DHCP Request to FF05::1:3 Server
(All DHCP Servers)
Send DHCP Reply (Unicast)
Router Advertisement DHCPv6 Diagram
R1 ge-0/0/1
::1
fdcd:10:0:20::/64
ge-0/0/6 ge-0/0/1
::1 ::2
fdcd:10:0:24::/64
R3
ge-0/0/6
::2
R2 Host 1 DHCP
Server
Enable router advertisement on this network.

Allow R1 to assign the address, but other
parameters must come from the DHCP server.

Router Advertisement DHCPv6 Sample
§ Sample configuration
user@R1# show Though not displayed, the R2 router is also
interface ge-0/0/6.0 { configured to provide identical router
other-stateful-configuration; advertisements to hosts on this LAN segment.
prefix fdcd:10:0:24::/64;
}
§ Monitoring and verification
user@R1> show ipv6 router-advertisement
Interface: ge-0/0/6.0
Advertisements sent: 4, last sent 00:00:11 ago
Solicits received: 0
Advertisements received: 1
Advertisement from fe80::b2c6:9aff:fe73:3986, heard 00:00:08 ago
Managed: 0
Other configuration: 1
Reachable time: 0 ms
Default lifetime: 1800 sec
Retransmit timer: 0 ms
Current hop limit: 64
Prefix: fdcd:10:0:24::/64
Valid lifetime: 2592000 sec
Preferred lifetime: 604800 sec
On link: 1
Autonomous: 1

DNS Extensions for IPv6
§ DNS has been extended to support IPv6

•RFC 3363—Representing Internet Protocol version 6 (IPv6)
Addresses in the Domain Name System (DNS)
•RFC 3596—DNS Extensions to Support IP version 6
§ Extensions include the following:
•New record types for IPv6 addresses have been proposed
(A6 and AAAA)
•New domain for reverse name resolution (IPv6.ARPA)
•Hierarchical method to support easy network renumbering

DNS Example (IPv4-Only)
DNS Request (h.root-servers.net) (QTYPE= A)
IPv4 A Response (128.63.2.53)

IPv4 Host DNS
Server
H.ROOT-SERVERS.NET. 210892 IN A 128.63.2.53
Sample DNS Response

DNS Example (IPv6-Only)
DNS Request (h.root-servers.net) (QTYPE=AAAA)
IPv6 AAAA Response (2001:500:1::803f:235 )

IPv6 Host DNS
Server
H.ROOT-SERVERS.NET. 210892 IN AAAA 2001:500:1::803f:235
Sample DNS Response

DNS Configuration Example
§ DNS configuration example

•Define an IPv4 address, an IPv6 address or both
[edit system]
user@R2# show name-server
10.0.24.100;
fdcd:10:0:24::100;

Protocol Independent Routing
and Filters

Default IPv6 Routing Table
§ Default IPv6 routing table is inet6.0
•Same functionality as inet.0 for IPv4 routes
user@R1> show route table inet6
inet6.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both
...
2001::/48 *[Aggregate/130] 00:03:28
Reject
2001:0:0:2003::/64 *[Direct/0] 00:10:31
> via ge-0/0/1.0
2001:0:0:2003::1/128
*[Local/0] 00:10:31
Local via ge-0/0/1.0

IPv6 Routing Instance Tables
§ Similar behavior when dealing with routing instances

•The Junos OS creates and uses the
instance-name.inet6.0 routing table to store IPv6
routes
user@R1> show route table instance-name.inet6.0
vr-1.inet6.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)

fe80::/64 *[Direct/0] 3d 14:18:21

> via ge-0/0/1.0
fe80::b2c6:9aff:fe73:278f/128
*[Local/0] 3d 14:18:21
2001::/48 *[Aggregate/130] 00:00:22
Reject
2001:0:0:2003::/64 *[Direct/0] 2d 13:44:53
> via ge-0/0/1.0
2001:0:0:2003::2/128
*[Local/0] 2d 13:44:53
Static Routes
§ Statically defined routes
•Fixed routes manually added to the routing table
• Stay in the routing table until manually deleted
•Configured at the routing-options hierarchy level
•This example uses the default routing table (inet6.0)
[edit routing-options]
user@R1# show
rib inet6.0 {
static {
defaults {
static-options;
}
route destination-prefix {
next-hop address;
static-options;
}
...
Static Route Configuration Example
§ Sample IPv6 static route configuration:

user@R1# show
rib inet6.0 {
static {
route 0::/0 { IPv6 Default Static Route
next-hop 2001:0:0:2003::2;
preference 250;
}
}
}
Company ABC
R1 R2
::1 2001:0:0:2003::/64 ::2
Internet
ge-0/0/1.0 ge-0/0/1.0

Displaying the Static Routes
§ Use the show route table inet6.0

protocol static command to view static routes
user@R1> show route table inet6.0 protocol static

::/0 *[Static/5] 00:00:24

> to 2001:0:0:2003::2 via ge-0/0/1.0
Company ABC
R1 R2
::1 2001:0:0:2003::/64 ::2
Internet
ge-0/0/1.0 ge-0/0/1.0

Static Route Options
§ All static parameters are optional
static {
(defaults | route) {
(active | passive);
metric metric <type type>;
(preference | preference2 | color | color2) preference;
(readvertise | no-readvertise);
}
}

Aggregate Routes
§ Aggregate routes
•Combines multiple prefixes with longer masks and a shared
bit-pattern into a single prefix with a shorter mask
•Decreases the size of the routing table downstream
•Aggregate routes becomes active when one or more
contributing routes are active
user@R1# show
rib inet6.0 {
aggregate {
defaults {
aggregate-options;
}
policy policy-name;
aggregate-options;
}...
Aggregate Route Configuration Example
§ Sample IPv6 aggregate route configuration:

user@R2# show
rib inet6.0 {
aggregate { IPv6 /48 Aggregate Route
route 2001:0:0::/48;
}
}
Company ABC
R1 R2
::1 2001:0:0:2003::/64 ::2
Internet
ge-0/0/1.0 ge-0/0/1.0

Displaying Aggregate Routes
§ Use the show route protocol aggregate

extensive command to view aggregate details
user@R2> show route protocol aggregate extensive
inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)

2001::/48 (1 entry, 1 announced)
TSI:
KRT in-kernel 2001::/48 -> {}
*Aggregate Preference: 130
Next hop type: Reject
Address: 0x12f7d38
Next-hop reference count: 4
State: <Active Int Ext>
Age: 2d 14:01:31
Task: Aggregate
Announcement bits (1): 0-KRT
AS path: I (LocalAgg)
Flags: Depth: 0 Active
AS path list:
AS path: I Refcount: 1 Must have at least one
Contributing Routes (1): contributing route
2001:0:0:2003::/64 proto Direct

Aggregate Route Options
§ All aggregate parameters are optional

routing-options {
aggregate {
(defaults | route) {
(active | passive);
(metric | metric2 | metric3 | metric4) metric <type type>;
(preference | preference2 | color | color2) preference
<type type>;
}
}
}

Generated Routes
§ Very similar to aggregate routes
•Key difference is the use of a forwarding next hop, which is
the next hop associated with the primary contributing route
•Can be used to generate a route of last resort (often a
default route) when required conditions are met
• Uses routing policy to identify required conditions
user@R1# show
rib inet6.0 {
generate {
defaults {
generate-options;
}
policy policy-name;
generate-options;
}
}
}

Generated Route Configuration Example
§ Sample IPv6 generated route configuration:

user@R2# show
rib inet6.0 {
generate {
route ::/0 policy accept-BGP; IPv6 ::/0 Generated Route
}
}
Company ABC
EBGP
R1 R2
::1 2001:0:0:2003::/64 ::2
Internet
ge-0/0/1.0 ge-0/0/1.0

Generated Route Policy Example
§ Sample IPv6 generated route policy configuration:

[edit policy-options]
user@R2# show
policy-statement accept-BGP {
term bgp {
from { Accept IPv6 BGP routes to
family inet6;
protocol bgp; contribute to the ::/0
} generated route
then accept;
}
term reject {
then reject;
} Company ABC
}
EBGP
R1 R2
::1 2001:0:0:2003::/64 ::2
Internet
ge-0/0/1.0 ge-0/0/1.0

Displaying Generated Routes
§ Use the show route protocol aggregate

extensive command to view generated details
user@R2> show route protocol aggregate extensive

::/0 (1 entry, 1 announced)
TSI:
KRT in-kernel ::/0 -> {fdcd:10:0:1::1}
*Aggregate Preference: 130
Next hop type: Router, Next hop index: 570
Address: 0x1718568
Next hop: fdcd:10:0:1::1 via ge-0/0/14.0, selected
State: <Active Int Ext>
Local AS: 65512
Age: 1:06
Task: Aggregate
Announcement bits (1): 0-KRT
AS path: I
Flags: Generate Depth: 0 Active
Contributing Routes (4):
fdcd:10::/48 proto BGP Must have at least one
fdcd:10:1::/48 proto BGP contributing BGP route
fdcd:10:2::/48 proto BGP
fdcd:10:3::/48 proto BGP
Routing Protocol Preferences
Source of Route Junos Preference
Directly Connected 0
Static 5
RSVP 7
LDP 9
OSPF Internal Route 10
IS-IS Level 1 Internal Route 15
IS-IS Level 2 Internal Route 18
ICMP Redirects 30
RIP / RIPng 100
Point-to-Point Interface 110
Generated or Aggregate 130
OSPF AS External Routes 150
IS-IS Level 1 External Route 160
IS-IS Level 2 External Route 165
BGP 170

IPv6 Firewall Filters
§ Functions the same as IPv4 firewalls

•IPv6 filter is defined under the [edit firewall
family inet6] hierarchy
•Many match criteria options are the same and a few are
unique to IPv6
•IPv6 header does not contain the protocol identifier field
• Must use the next-header field to match IP protocols

IPv6 Firewall Match Criteria
§ Match criteria is used to identify specific traffic

•Common match criteria includes:
• source-address address
• destination-address address
• next-header bytes
• port number
• traffic-class number

IPv6 Firewall Configuration Example
§ Sample IPv6 firewall filter configuration:

[edit firewall family inet6 filter filter-in]
user@R1# show
term count-router-advertisements {
from {
icmp-type router-advertisement;
}
then {
count router-advertisements;
accept;
}
}
term all-other-traffic {
then accept;
}
R1 R2
::1 2001:0:0:2003::/64 ::2
Internet
ge-0/0/1.0 ge-0/0/1.0

BGP

BGP Overview
§ Path-vector EGP that uses multiple path attributes to
select the active route
•Originally designed for IPv4
•Extended to carry additional information
• Multicast
• VPNs
• IPv6
§ MP-BGP specifications
•Multiprotocol extensions for BGP-4
• RFC 4760—January 2007
•Use of BGP-4 multiprotocol extensions for IPv6 interdomain
routing
• RFC 2545
MP-BGP and IPv6
§ MP-BGP and IPv6

•Multiprotocol extensions for BGP4:
• Adds new fields to identify the type of route being advertised
• Makes it possible to carry IPv6 routes on top of IPv4 BGP sessions
•IPv6-specific extensions:
• Scoped addresses: Next hop contains a global IPv6 address and
potentially a link-local address (only when link-local reachability is
available with the peer)
• Next hop and NLRI are expressed as IPv6 addresses and prefixes
in the multiprotocol attributes

Basic Junos BGP Configuration
§ Basic BGP configuration options

protocols {
bgp {
global BGP statements
group group-name {
peer-as autonomous-system;
type type;
allow [network/mask-length];
group-specific statements
neighbor address {
peer-specific statements
}
}
}
}

BGP Configuration Sample Topology
AS 64512
.2 10.0.1.0/24 .1
fdcd:10:0:1::/64 ::1 .1
::2
::1
AS 64513
ge-0/0/15 ge-0/0/14 ge-0/0/1
10.0.4.0/24
R3 R1 fdcd:10:0:4::/64
lo0: 192.168.5.1 lo0: 192.168.16.1/32 .2
lo0:fdcd:192:168:5::1/128 lo0: fdcd:192:168:16::1/128 ::2 ge-0/0/1
aggregate: 2001:240:160::/48
.2 R2
::2 lo0: 192.168.20.1/32
lo0: fdcd:192:168:20::1/128
.2
Static: 2001:100:100:1::/64
R4 ::2
lo0: 192.168.24.1/32 .1
lo0: fdcd:192:168:24::1/128 ::1
10.0.3.0/24
• Configuration examples fdcd:10:0:3::/64
provided from the R1 router .1
• EBGP session with R3 ::1
R5
• IBGP session with R2 lo0: 192.168.8.1/32
lo0: fdcd:192:168:8::1/128

BGP Configuration Example (1 of 2)
§ Initial parameters
•Set the AS number of the router
•Might need the RID if no IPv4 addresses are configured
user@R1# show
router-id 192.168.16.1;
autonomous-system 64513;

BGP Configuration Example (2 of 2)
§ Configure BGP protocol
[edit]
user@R1# show protocols
bgp {
group external {
type external;
peer-as 64512;
neighbor fdcd:10:0:1::2;
}
group internal {
type internal;
local-address fdcd:192:168:16::1;
neighbor fdcd:192:168:20::1;
}
}
...

Display BGP Peers
§ Displaying BGP peer session information

•Use show bgp summary to display peering information
user@R1> show bgp summary
Groups: 3 Peers: 3 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet6.0 2 2 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
fdcd:10:0:1::2 64512 70 71 0 0 30:33 Establ
inet6.0: 1/1/1/0
fdcd:192:168:20::1 64513 57 56 0 0 23:58 Establ
inet6.0: 1/1/1/0

Display BGP Routes
§ Verify that routes are being accepted
user@R1> show route protocol bgp table inet6.0

2001:100:100:1::/64*[BGP/170] 00:19:23, localpref 100, from fdcd:192:168:20::1

AS path: I
> to fe80::b2c6:9aff:fe73:3981 via ge-0/0/1.0
2001:240:160::/48 *[BGP/170] 00:17:11, localpref 100
AS path: 64512 I
> to fdcd:10:0:1::2 via ge-0/0/14.0
Route Learned from R2
Route Learned from R3

MP-BGP Configuration
§ MP-BGP
•To enable MP-BGP to carry NLRI for IPv6 address families,
include the family inet6 statement:
family inet6 {
(any | labeled-unicast | multicast | unicast) {
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | time-in-minutes)>;
}
rib-group group-name;
}
}
•To enable MP-BGP to carry NLRI for IPv4 address families,

other than unicast, include the family inet statement:
family inet {
(any | labeled-unicast | multicast | unicast) {
prefix-limit {
maximum number;
teardown <percentage> <idle-timeout (forever | time-in-minutes)>;
}
rib-group group-name;
}
}

MP-BGP Configuration Example (1 of 4)
EBGP
AS 64512 AS 64513
2001:240:160::1/64 .2 10.0.1.0/24 .1 2001:240:161::1/64

ge-0/0/14 ge-0/0/1 ge-0/0/1 ge-0/0/14
R1 R2
lo0: 192.168.5.1 lo0: 192.168.16.1/32
aggregate: 2001:240:160::/48 aggregate: 2001:240:161::/48
static: 15.1.1.0/24
[edit protocols bgp group to-R1]

user@R2# show
type external;
export export-aggregate;
peer-as 64512;
neighbor 10.0.1.2;
user@R2> show route protocol bgp

15.1.1.0/24 *[BGP/170] 00:04:50, localpref 100

AS path: 64512 I
> to 10.0.1.2 via ge-0/0/1.0

§ Add support for the IPv6 NLRI over existing session:

•Include the inet6 family under the IPv4 BGP group
• Remember to include the default inet family
user@R2# show
type external;
family inet {
unicast;
}
family inet6 {
unicast;
}
peer-as 64512;
neighbor 10.0.1.2;

inet.0 1 1 0 0 0 0
inet6.0 0 0 0 0 0 0
10.0.1.2 64512 6 4 0 0 41 Establ
inet.0: 1/1/1/0
inet6.0: 0/0/0/0

§ Verify routes:
•Verify both IPv4 and IPv6 routes are present
• Only the inet route is present

15.1.1.0/24 *[BGP/170] 00:07:41, localpref 100

AS path: 64512 I
> to 10.0.1.2 via ge-0/0/1.0
•The IPv6 route does not pass the default sanity check
• The advertised next hop is defined as the IPv4-mapped IPv6
address (::ffff:IPv4-Address)

§ Ensure the IPv6 routes pass the sanity check
•Add the ipv4-mapped address and network to ge-0/0/1
interface
[edit interfaces]
user@R2# show ge-0/0/1
unit 0 {
family inet {
address 10.0.1.1/24;
}
family inet6 {
address ::ffff:10.0.1.1/126;
}
}
•Verify the IPv6 routes are now active

... inet.0 entries have been removed (already verified)

2001:240:160::/48 *[BGP/170] 00:02:20, localpref 100, from 10.0.1.2

AS path: 64512 I
> to ::ffff:10.0.1.2 via ge-0/0/1.0

Additional IPv6 over IPv4 BGP Scenarios
§ IPv6 routes over IPv4 BGP scenarios:

•Restrictions can require a single session to exchange both
IPv4 and IPv6 routes
• The IPv4 NLRI can not be enabled on an IPv6 BGP session
• Must use an IPv4 session to transport the IPv6 NLRI and routes
•Peering interface can be configured with the IPv4-mapped
address and network or a valid IPv6 address and network
• If using IPv4-mapped addresses and network no additional options
are required to accept the IPv6
• If the peer IPv6 interface is not using the IPv4-mapped address
then the accept-remote-nexthop or multihop option must
be used to accept the routes as well as a policy to change the
incoming next hop to a resolvable address (remote peer interface’s
IPv6 address)
IPv6 Routes over IPv4 Transport (1 of 9)
EBGP
AS 64512 AS 64513
.2 10.0.1.0/24 .1
2001:240:160::1/64 ::2 fdcd:10:0:1::/64 2001:240:161::1/64
::1
ge-0/0/14 ge-0/0/1 ge-0/0/1 ge-0/0/14
[edit protocols] R1 R2
user@R2# show bgp lo0: 192.168.5.1 lo0: 192.168.16.1/32
group to-R1 { lo0: fdcd:192:168:5::1/128 lo0: fdcd:192:168:16::1/128
type external; aggregate: 2001:240:160::/48 aggregate: 2001:240:161::/48
family inet { static: 15.1.1.0/24
unicast;
}
family inet6 {
unicast;
}
peer-as 64512;
neighbor 10.0.1.2;
}

inet.0 1 1 0 0 0 0
inet6.0 0 0 0 0 0 0
10.0.1.2 64512 6 4 0 0 41 Establ
inet.0: 1/1/1/0
inet6.0: 0/0/0/0

§ Route verification
•Review route table on R2
[edit]
user@R2# run show route protocol bgp

15.1.1.0/24 *[BGP/170] 00:03:12, localpref 100

AS path: 64512 I
> to 10.0.1.2 via ge-0/0/1.0
•Verify routes are being sent from R1

[edit]
user@R1# run show route advertising-protocol bgp 10.0.1.1

Prefix Nexthop MED Lclpref AS path
* 15.1.1.0/24 Self I

Prefix Nexthop MED Lclpref AS path
* 2001:240:160::/48 Self I
§ Ensure routes are accepted on R2

•Enable accept-remote-nexthop on R2 to allow IPv6
routes from R1 to be accepted
user@R2# show
type external;
accept-remote-nexthop;
family inet {
unicast;
}
family inet6 {
unicast;
}
peer-as 64512;
neighbor 10.0.1.2;
user@R2> show route protocol bgp table inet6

§ Review IPv6 hidden route
•Route is hidden because the next hop is not usable
user@R2> show route protocol bgp table inet6 hidden extensive

2001:240:160::/48 (1 entry, 0 announced)
BGP Preference: 170/-101
Next hop type: Unusable
Address: 0x12f8d70
State: <Hidden Ext>
Local AS: 64513 Peer AS: 64512
Age: 1:34:40
Task: BGP_64512.10.0.1.2+179
AS path: 64512 I Aggregator: 64512 192.168.5.1
Accepted
Localpref: 100 IPv4-Mapped IPv6 Address
Router ID: 192.168.5.1
Indirect next hops: 1
Protocol next hop: ::ffff:10.0.1.2
Indirect next hop: 0 -

§ Fix IPv6 hidden route
•Sample policy to alter the next hop
[edit policy-options] Current next-hop value of
user@R2# show policy-statement fix-nexthop the IPv6 route from R1
term 1 {
from { (IPv4-mapped IPv6 address)
family inet6;
next-hop ::ffff:10.0.1.2;
}
then { IPv6 address of R1’s
next-hop fdcd:10:0:1::2; peering interface
}
}
•Applied to BGP peering as import policy

user@R2# show
type external;
accept-remote-nexthop; Applied as import policy to ensure
import fix-nexthop;
family inet { the route is installed with a resolvable
unicast; next hop
}
family inet6 {
unicast;
}
...

§ Verify the IPv6 route is accepted

user@R2> show route protocol bgp 2001:240:160::/48 extensive

2001:240:160::/48 (1 entry, 1 announced)
TSI:
KRT in-kernel 2001:240:160::/48 -> {fdcd:10:0:1::2}
*BGP Preference: 170/-101
Address: 0x1758600
Source: 10.0.1.2
State: <Active Ext>
Age: 37:28
Task: BGP_64512.10.0.1.2+54806
Announcement bits (2): 0-KRT 3-Resolve tree 2
Accepted
Localpref: 100
Router ID: 192.168.5.1

§ Enable multihop on R1 to allow IPv6 routes from
R2 to be accepted and installed
•Process and steps are exactly the same as when using
accept-remote-nexthop
• Create and apply an import policy to alter the next hop of the
incoming IPv6 route
Note: We are not going to cover the entire process step-by-step on R1. We skip
the process and review the final route that was installed in inet6.0 on R2.

§ Review IPv6 route on R2

user@R1> show route protocol bgp 2001:240:161::/48 extensive

2001:240:161::/48 (1 entry, 1 announced)
TSI:
KRT in-kernel 2001:240:161::/48 -> {indirect(262142)}
*BGP Preference: 170/-101
Next hop type: Indirect
Address: 0x17388f8
Source: 10.0.1.1
Protocol next hop: fdcd:10:0:1::1
Indirect next hop: 1754000 262142
State: <Active Ext>
Age: 1:00:43 Metric2: 0
Task: BGP_64513.10.0.1.1+179
Announcement bits (2): 0-KRT 3-Resolve tree 2
Accepted
Localpref: 100
Router ID: 192.168.16.1
...
§ The difference between using multihop and using
accept-remote-nexthop is how the route is
installed after altering the next-hop value
• accept-remote-nexthop installs a route with the next
hop type of Router
• Which indicates the next hop is directly connected
• multihop installs a route with the next hop type of
Indirect
•The next hop type becomes important when dealing
with the multipath option and load balancing across
equal cost paths

IPv6

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

IPv6

Încărcat de

Drepturi de autor:

Formate disponibile

Introduction to IPv6

© 2012 Juniper Networks, Inc. All rights reserved. | www.juniper.net

§ Next generation protocol:

© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 2

© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 3

§ The IPv6 header has the following improvements:

© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 4

Name and position changed in IPv6

New field in IPv6

© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 5

§ Simple packet headers provide faster processing

© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 6

§ Hop-by-Hop Options header:

Next Header Header Ext Option Type Option Data

Options Data (Variable)

© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 7

§ Destination Options header

Next Header Header Ext Option Type Option Data

Options Data (Variable)

© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 8

Next Header Header Ext Routing Segments

type-specific data (Variable)

© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 9

Next Header Reserved Fragment Offset RES M

© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 10

Next Header Payload Reserved

Security Parameters Index (32)

Sequence Number (32)

Authentication Data (Variable)

© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 12

§ Encapsulating Security Payload header:

Sequence Number (32)

Payload Data (Variable)

Pad Next Header

Authentication Data (Variable)

© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 13

§ Extending address space is a major reason for IPv6:

© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 14

© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 15

§ Prefix identifies the subnet

© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 17

RFC 2732 - Format for Literal IPv6 Addresses in URLs

© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 18

§ Organizations and end users get an address

© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 20

§ Unicast addresses are used in a one-to-one context

© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 21

§ Global unicast addresses are globally unique and are

Global Routing Prefix SID Interface ID

(n bits) (m bits) (128 – n - m bits)

© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 22

§ Unique local unicast addresses:

FC00::/7 Global ID Subnet ID Interface ID

Prefix Global ID Subnet ID Interface Identifier

© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 23

© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 24

§ Link-local unicast addresses:

1111111010 0000..0000 Interface ID

Prefix Zero Interface Identifier

© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 25

Global Routing Prefix SID Interface ID

(n bits) (m bits) (128 – n - m bits)

© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 26