Part 1: Configuration of this new Topology in IPv6

ospfv3_multiarea_topology

We have a lot to accomplish, but first since I did a “wr er” like a nerd I have to reconfigure all the IP addresses again (as you see in the Topology I changed them to make them a bit more intuitive).

One thing I wanted to point out while configuring this whole lab (and it’s painful to configure and remember all the addressing and formatting), I got this output on the Ethernet segment after I took one of the interfaces out of the Area # they were neighbors in:

R2(config-if)#
*Mar  1 20:45:38.645: %OSPFv3-4-AREA_MISMATCH: Received packet with incorrect area from FE80::20F:23FF:FE09:B180, FastEthernet0/0, area 0.0.0.0, packet area 0.0.0.23
R2(config-if)#
*Mar  1 20:45:48.645: %OSPFv3-4-AREA_MISMATCH: Received packet with incorrect area from FE80::20F:23FF:FE09:B180, FastEthernet0/0, area 0.0.0.0, packet area 0.0.0.23

So if that is seen, you may just need to adjust that interfaces area to resolve.

Now, I’ve been at this believe it or not for about an hour troubleshooting an issue, that was simply resolved because an interface was shut down on R4, so I am going to just put a halt here as I am mentally fried.

A couple things I wanted to point out, first I’d like to post the entire “sh run” of R3:

R3#sh run
Building configuration…

*Mar  2 05:37:15.963: %SYS-5-CONFIG_I: Configured from console by console
Current configuration : 1329 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$QFdX$9tC33yHOlq4pSVjJcmMnd0
!
no aaa new-model
!
resource policy
!
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
!
!
no ip domain lookup
ipv6 unicast-routing
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
controller T1 0/0
 framing sf
 linecode ami
!
controller T1 0/1
 framing sf
 linecode ami
!
!
!
!
!
!
interface Loopback3
 no ip address
 ipv6 address 2033::1/128
 ipv6 ospf 1 area 3
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
 ipv6 address 2023::3/64
 ipv6 enable
 ipv6 ospf 1 area 0
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 ipv6 address 2034::3/64
 ipv6 enable
 ipv6 ospf 1 area 34
!
interface Serial0/2
 no ip address
 shutdown
 ipv6 address 2001::3/64
 ipv6 enable
 ipv6 ospf priority 0     <- Turning off OSPF Priority for NBMA requires ipv6 in command
 ipv6 ospf 1 area 123
!
interface Serial0/3
 no ip address
 shutdown
!
!
!
ip http server
no ip http secure-server
!
ipv6 router ospf 1
 router-id 3.3.3.3
 log-adjacency-changes
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 password CCNP
 logging synchronous
 login
!
!
end

R3#

So it’s basically the same, but those IPv6 addresses can be absolute brain murder to work with and configure when your tired. The only way I actually caught my issue before I entirely gave up, was through “debug ipv6 ospf pack” and noticed I wasn’t getting any.

That led to a “sh ip int bri” just to check if stuff is Up/Down or Down/Down, and sure enough Fa0/1 was Administratively down, and of course after a length of troubleshooting the answer was that easy.

Anyways, check it out:

R4#ping 2022::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2022::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/3/8 ms
R4#sh ipv6 ospf nei

Neighbor ID     Pri   State           Dead Time   Interface ID    Interface
3.3.3.3           1   FULL/BDR        00:00:30    5               FastEthernet0/1
R4#sh ipv6 route ospf
IPv6 Routing Table – default – 7 entries
Codes: C – Connected, L – Local, S – Static, U – Per-user Static route
       B – BGP, HA – Home Agent, MR – Mobile Router, R – RIP
       I1 – ISIS L1, I2 – ISIS L2, IA – ISIS interarea, IS – ISIS summary
       D – EIGRP, EX – EIGRP external, NM – NEMO, ND – Neighbor Discovery
       l – LISP
       O – OSPF Intra, OI – OSPF Inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2
       ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2
OI  2022::1/128 [110/2]
     via FE80::20F:23FF:FE09:B181, FastEthernet0/1
OI  2023::/64 [110/2]
     via FE80::20F:23FF:FE09:B181, FastEthernet0/1
OI  2033::1/128 [110/1]
     via FE80::20F:23FF:FE09:B181, FastEthernet0/1
R4#

So I am able to ping across the world from R4 thus far, or the Area 34 / 0 world, I am not touching R1 tonight as I’d like to dig into Redistribution when I go there, however I’d like to see R3’s “sh ipv6 ospf” output which is surprisingly pretty little:

R3#sh ipv6 ospf
 Routing Process “ospfv3 1” with ID 3.3.3.3
 It is an area border router
 SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
 Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
 LSA group pacing timer 240 secs
 Interface flood pacing timer 33 msecs
 Retransmission pacing timer 66 msecs
 Number of external LSA 0. Checksum Sum 0x000000
 Number of areas in this router is 4. 4 normal 0 stub 0 nssa
 Reference bandwidth unit is 100 mbps
    Area BACKBONE(0)
        Number of interfaces in this area is 1
        SPF algorithm executed 5 times
        Number of LSA 10. Checksum Sum 0x058EAA
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0
    Area 3
        Number of interfaces in this area is 1
        SPF algorithm executed 7 times
        Number of LSA 6. Checksum Sum 0x03BE1F
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0
    Area 34
        Number of interfaces in this area is 1
        SPF algorithm executed 5 times
        Number of LSA 10. Checksum Sum 0x052BC0
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0
    Area 123
        Number of interfaces in this area is 1
        SPF algorithm executed 2 times
        Number of LSA 6. Checksum Sum 0x03D444
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0

R3#

So next lab is finishing off the config with a quick config on S0/0 on R1, then move into Redistribution of IPv6 addresses, WOOOOOOOO!!! 😀

OSPFv3 PtP networks, adding IPv6 addressing on interfaces, and more IPv6 info / configs in general (good stuff)

ospfv3_topology

So this video I am working on now is regarding point-to-point networks, which I didn’t think that if I were going from 2-3 with the SW1 between then it would be an “Ethernet segment” however R3 and R4 are directly connected via Fa0/1 so that would be a point-to-point so I may be re-covering the same configs already performed with different details.

Also, I wanted to add IP addresses identifying the networks, so as it grows I know which subnet is between which routers so to start I wanted to demonstrate how adding the address and the syntax of it:

First I verify that I have an IPv6 address at all on the interface:

R3#sh ipv6 int bri
FastEthernet0/0            [up/up]
FastEthernet0/1            [up/up]
    FE80::20F:23FF:FE09:B181
Serial0/2                  [up/up]
Serial0/3                  [administratively down/down]
Loopback3                  [up/up]

“sh ip int bri” will show Fa0/1 Up/Up, but it won’t show the IP without typing “sh ipv6 int bri” for the syntax (everything with ipv6 has v6 after ip in the commands!).

So then I had never applied an IPv6 address before, so I wanted to check out my options:
R3#conf t
R3(config)#int fa0/1
R3(config-if)#ipv6 add ?
  WORD                General prefix name
  X:X:X:X::X          IPv6 link-local address
  X:X:X:X::X/<0-128>  IPv6 prefix
  autoconfig          Obtain address using autoconfiguration

R3(config-if)#ipv6 add 2234::3 ?
  link-local  Use link-local address

R3(config-if)#ipv6 add 2234::3 link-local ?
  <cr>

R3(config-if)#ipv6 add 2234::3/64 ?
  anycast  Configure as an anycast
  eui-64   Use eui-64 interface identifier
  <cr>

R3(config-if)#ipv6 add 2234::3/64
R3(config-if)#

I’ve highlighted all of my commands in red as its easy to get lost in this syntax, but I wanted to make it crystal clear the options you have. You can either put in your address and make it link-local, or you can do XXXX::/XX which I thought was really odd to have the mask smashed right against the address like that for CLI syntax, but that is how it is apparently.

Also you can see it asks once I use that /64 mask (as I’m not entirely sure how to separate subnets yet so I’m just slicing the address space in half for hosts / subnets), and it gives you options to use an EUI64 interface ID or continue on to configure Anycast.

I don’t really know what I’m doing, so I just went with /64, and interestingly it did not drop the adjacency to R4:

R3(config-if)#ipv6 add 2234::3/64
R3(config-if)#do sh ipv6 ospf nei

Neighbor ID     Pri   State           Dead Time   Interface ID    Interface
4.4.4.4           1   FULL/DR         00:00:31    4               FastEthernet0/1
R3(config-if)#

So I am going to go over to configure some loopbacks on both routers quick, and change R4’s Fa0/1 interface IPv6 address quick:

R3(config)#int lo33
R3(config-if)#
*Mar  2 05:01:36.937: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback33, changed state to up
R3(config-if)#ipv6 add 2233::1/128
R3(config-if)#ipv6 ospf 1 area 33 ?
  instance  Set the OSPF instance
  <cr>

R3(config-if)#ipv6 ospf 1 area 33
R3(config-if)#
ASR#4
[Resuming connection 4 to r4 … ]

R4#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R4(config)#int fa0/1
R4(config-if)#ipv6 add 2234::4/64
R4(config-if)#int lo44
R4(config-if)#ipv6
*Feb 27 23:31:29.523: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback44, changed state to up
R4(config-if)#ipv6 add 2244::1/128
R4(config-if)#ipv6 ospf 1 area 44
R4(config-if)#do sh ip ospf nei
R4(config-if)#do sh ipv6 ospf nei

Neighbor ID     Pri   State           Dead Time   Interface ID    Interface
3.3.3.3           1   FULL/BDR        00:00:36    5               FastEthernet0/1
R4(config-if)#do sh ipv6 route ospf
IPv6 Routing Table – default – 5 entries
Codes: C – Connected, L – Local, S – Static, U – Per-user Static route
       B – BGP, HA – Home Agent, MR – Mobile Router, R – RIP
       I1 – ISIS L1, I2 – ISIS L2, IA – ISIS interarea, IS – ISIS summary
       D – EIGRP, EX – EIGRP external, NM – NEMO, ND – Neighbor Discovery
       l – LISP
       O – OSPF Intra, OI – OSPF Inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2
       ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2
OI  2233::1/128 [110/1]
     via FE80::20F:23FF:FE09:B181, FastEthernet0/1
R4(config-if)#

R4(config-if)#do ping 2233::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2233::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms
R4(config-if)#

So I put a bit of distance between each router configuration, and also left the route table codes in for OSPFv3, and all the addressing so far has not been too bad with overlaps and things. I am sure IPv6 at a higher level is much more difficult though I am hoping to get away with not needing to know THAT much right now as I am already about to burst.

So anyways, I wanted to get a loopback in there, configure it into our OSPFv3 and ping it to test connectivity seen at the end their to demonstrate how that is done – Now onto the point-to-point topics 🙂

Point-to-Point OSPFv3 networking

So I thought my Ethernet cable connecting two routers would make it point to point enough, but that is not showing us the standard OSPF behavior of FULL/- when doing “sh ipv6 ospf nei”, so I am going to connect R3 to R1 directly via Serial Cable (No NBMA [yet]) to see if I can get a point-to-point type behavior going on.

ipv6_ospfv3_pointtopoint

So I will be trying this for my topology for this lab to see some point-to-point behaviors, so here is the entire new config on R1 and R3:

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ipv6 unicast-routing
R1(config)#int s0/1
R1(config-if)#ipv6 enable
R1(config-if)#ipv6 add 2231::1/64
R1(config-if)#ipv6 ospf 1 area 31
R1(config-if)#
*Mar  1 20:01:11.235: %OSPFv3-4-NORTRID: OSPFv3 process 1 could not pick a router-id,
please configure manually
R1(config-if)#exit
R1(config)#ipv6 router ospf 1
R1(config-rtr)#router-id 2.2.2.2
R1(config-rtr)#
ASR#3
[Resuming connection 3 to r3 … ]

R3(config-if)#do sh ip int bri
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES NVRAM  up                    up
FastEthernet0/1            unassigned      YES NVRAM  up                    up
Serial0/2                  unassigned      YES NVRAM  up                    up
Serial0/3                  unassigned      YES NVRAM  administratively down down
Loopback3                  unassigned      YES NVRAM  up                    up
Loopback33                 unassigned      YES unset  up                    up
R3(config-if)#int s0/3
R3(config-if)#ipv6 enable
R3(config-if)#ipv6 add 2231::3/64
R3(config-if)#ipv6 ospf 1 area 31
R3(config-if)#no shut
R3(config-if)#
*Mar  2 05:29:57.189: %LINK-3-UPDOWN: Interface Serial0/3, changed state to up
*Mar  2 05:29:58.198: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/3, changed state to up
R3(config-if)#

I actually waited for the adjacency to form, wondering what did I do now, and right there in the output was the answer that I had to “no shut” that interface. Wanted to point that out that often times the answer is glaring you in the face, you just need to know where to find it!

So lets see if we get the PtP OSPFv2 behavior from our OSPFv3 neighbor(!):

R3(config-if)#do sh ipv6 ospf nei

Neighbor ID     Pri   State           Dead Time   Interface ID    Interface
4.4.4.4           1   FULL/DR         00:00:36    4               FastEthernet0/1
2.2.2.2           1   FULL/  –        00:00:30    7               Serial0/3
R3(config-if)#

And there it is, interesting that Ethernet direct connections are not considered point to point but a Serial connection is (without being configured as a point to point logically).

The main point of the above exercise and output, is that point-to-point links don’t have a DR/BDR election at any point in either version of OSPF, and that FULL/- is the tell tale sign of a PTP neighbor. You can also see the network type with the show ipv6 ospf int command:

R3#sh ipv6 ospf int s0/3
Serial0/3 is up, line protocol is up
  Link Local Address FE80::20F:23FF:FE09:B180, Interface ID 8
  Area 31, Process ID 1, Instance ID 0, Router ID 3.3.3.3
  Network Type POINT_TO_POINT, Cost: 64
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:03
  Index 1/1/3, flood queue length 0
  Next 0x0(0)/0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 2.2.2.2
  Suppress hello for 0 neighbor(s)
R3#

You also get some other good info as well in there, and speaking of good info, I’ve added a loopback to R1 in the same formats as the other two routers and lets take a look at the OSPFv3 route table to see how things are going from R4’s point of view:

R4#sh ipv6 route ospf
IPv6 Routing Table – default – 6 entries
Codes: C – Connected, L – Local, S – Static, U – Per-user Static route
       B – BGP, HA – Home Agent, MR – Mobile Router, R – RIP
       I1 – ISIS L1, I2 – ISIS L2, IA – ISIS interarea, IS – ISIS summary
       D – EIGRP, EX – EIGRP external, NM – NEMO, ND – Neighbor Discovery
       l – LISP
       O – OSPF Intra, OI – OSPF Inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2
       ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2
OI  2231::/64 [110/65]
     via FE80::20F:23FF:FE09:B181, FastEthernet0/1
OI  2233::1/128 [110/1]
     via FE80::20F:23FF:FE09:B181, FastEthernet0/1
R4#

Only R3’s loopback, and the network of R1 2231::0/64, but not R1’s loopback. So I tried to do a “clear ipv6 ospf proc” (yes, you need ipv6 here too).

So now the video is over and it basically just presented that Full/- part, but now I am wondering why my point-to-point is not propagating OSPFv3 routes.

While watching debugs and messing with the address, I decided to try this and it worked (or so it seems to have worked):

R1(config-if)#no ipv6 ospf 1 area 11
R1(config-if)#ipv6 ospf 1 area 31
R1(config-if)#do sh ipv6 route ospf
IPv6 Routing Table – 8 entries
Codes: C – Connected, L – Local, S – Static, R – RIP, B – BGP
       U – Per-user Static route
       I1 – ISIS L1, I2 – ISIS L2, IA – ISIS interarea, IS – ISIS summary
       O – OSPF intra, OI – OSPF inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2
       ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2
       D – EIGRP, EX – EIGRP external
OI  2233::1/128 [110/64]
     via FE80::20F:23FF:FE09:B180, Serial0/1
OI  2234::/64 [110/65]
     via FE80::20F:23FF:FE09:B180, Serial0/1
OI  2244::1/128 [110/65]
     via FE80::20F:23FF:FE09:B180, Serial0/1
R1(config-if)#
ASR#4
[Resuming connection 4 to r4 … ]

R4#sh ipv6 route ospf
IPv6 Routing Table – default – 7 entries
Codes: C – Connected, L – Local, S – Static, U – Per-user Static route
B – BGP, HA – Home Agent, MR – Mobile Router, R – RIP
I1 – ISIS L1, I2 – ISIS L2, IA – ISIS interarea, IS – ISIS summary
D – EIGRP, EX – EIGRP external, NM – NEMO, ND – Neighbor Discovery
l – LISP
O – OSPF Intra, OI – OSPF Inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2
ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2
OI  2211::1/128 [110/65]
via FE80::20F:23FF:FE09:B181, FastEthernet0/1
OI  2231::/64 [110/65]
via FE80::20F:23FF:FE09:B181, FastEthernet0/1
OI  2233::1/128 [110/1]
via FE80::20F:23FF:FE09:B181, FastEthernet0/1

R4#ping 2211::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2211::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/3/4 ms
R4#

So thinking waaaay back to OSPFv2 stuff, this router doesn’t have any interfaces in Area 0, so we’d need to either make a virtual-link to it or include it in the “Transit Area” that virtual-link would be configured in.

Given that it is Monday, I knocked out two training videos and survived work, on top of turning my pay check into a rent check I am going to stop here and relax the rest of the night as next we will be doing OSPFv3 over an NBMA.

I don’t think there will be much difference, IPv6 aside from the long hex address, seems like it was made to trim the fat off protocols and network types but still work on their same principles / configurations. So I don’t expect to see much difference, but we shall see 🙂 More to come!

Hex to Dotted Decimal to Binary conversion explained, and other good info to know for exam day about Hex!

hex_converseion_template

Above is a Hex Conversion Template from an INE video I am watching on conversion, and I really dig the design to full explain it so I am using the same template and wanted to cite INE as the creator of the design (I think?) and for the information on conversion.

It is actually used to go descend from Hex at the top to Dotted Decimal in the middle, and finally binary towards the bottom portion. It is used for converting a single Hextet.

Speaking of Hextets, IPv4 has 4 “Octets”, IPv6 has 8 “Hextets” which are also called a “Sexdecet” or “Quartet” in mathematical technical terminology. I wanted to mention that in case you get an exam question like Which is not a valid term for a hexidecimal segment?

So each Hextet is made up of 16 bits, meaning each Hex character in a Hextet is made up of 4 bits, as the max value you will have will be 15 (F) so you only use 4 binary bits per character.

So before I give a visual example and explain, lets solidify that 0-9 will equal 0-9 when converting to dotted decimal, and A-F are 10-15 with A=10 / B=11 / C=12 / D=13 / E=14 / F=15.

So lets take a look at a completed template and we’ll break down whats happening:

hex_converseion_ex1

So it fairly obvious the top 2 columns, however the bottom was a little mysterious to me at first. What it is is basically the second half of an octet, whereas when I count an octet I start from the left and read out loud “128, 64, 32, 16, 8, 4, 2, 1” to make up the 16 bits.

As mentioned about, the max value for a Hex character is 15, so we will only use the right most 4 bits to break the Hex value down to Binary, but unless your good first you will generally have to break it down to its Dotted Decimal value first, then go through the binary conversion process.

Here is another example of the process with some more random characters:

hex_converseion_ex2

Now to do this conversion backwards, you do the same thing, you’d just work the chart from the bottom up or start with 4 binary bits at the top, however one important thing to note when arriving at your final Hex answers is if the decimal is 10-15 it will be A-F not 10-15 so be very careful (and practice) to avoid that mistake!

Let me write out a quick demonstration here without the fancy schmancy template:

Binary ->       1110 | 0101 | 1101 | 0110 | 0001 | 1001 | 1111 | 1110 | 0001 | 1010 | 1110 | 0011

Decimal  ->     14  |    5     |    13   |   6     |    1     |   9    |   15  |   14  |    1     |    10   |   14    |    3

Hex ->               E   |   5    |    D    |  6     |     1    |    9     |   F    |    E   |     1    |    A    |    E     |    3

Hex string:        E5D6:19FE:1AE3

I hope the formatting of WordPress doens’t goof that up, but I added pipes between all the binary sets / numbers / characters for clarity of what corresponds with what.

And that is it for Hex conversion, I think I got a very odd way of doing it before which made it difficult to ever remember, because this seems straight forward and easier. Ok, enough break time from IPv6, back to the CCNP grind! 🙂

 

IPv6 / OSPFv3 configuration and explanation along the way!

ospfv3_topology

As illustrated above, OSPFv3 (OSPF for IPv6) and OSPFv2 (OSPF for IPv4) can co-exist in harmony on one router, as two completely separate processes, without interfering with each others operation (just like our recent VRF discussion).

Being that OSPFv3 is configured on an interface by interface basis, it does not use network statements in router-config mode like OSPFv2, as you enter them right on the interface you are putting into the OSPFv3 domain (however there is a router-config mode coming up).

One important thing to note as well, v3 uses the same RID rules as v2, so if you don’t have an IPv4 on the router you need to add one or use the “router-id …” command – IT WILL NOT USE AN IPV6 ADDRESS, IT MUST BE IN IPV4 FORMAT!

All the basic theories still apply like Hello timers, neighbor formation adjacencies, NBMA’s still require neighbor statements for the neighors, Area 0 is still the Backbone Area, Stubs and LSA’s are the same.

Neither v2 or v3 will elect a DR/BDR on a point-to-point or point-to-multipoint link.

Multicasts are comparative as mentioned in the previous post:

v2 224.0.0.5 = v3 FF02::5 (All OSPF Routers)
v2 224.0.0.6 = v3 FF02::6 (All OSPF DR Routers)

So here is a bit of output, of me configuring R3 to enable IPv6 as well as OSPFv3:

R3(config)#ipv6 unicast-routing
R3(config)#int fa0/0

R3(config-if)#ipv6 enable
R3(config-if)#ipv6 ospf ?
  <1-65535>            Process ID
  authentication       Enable authentication
  cost                 Interface cost
  database-filter      Filter OSPF LSA during synchronization and flooding
  dead-interval        Interval after which a neighbor is declared dead
  demand-circuit       OSPF demand circuit
  encryption           Enable encryption
  flood-reduction      OSPF Flood Reduction
  hello-interval       Time between HELLO packets
  mtu-ignore           Ignores the MTU in DBD packets
  neighbor             OSPF neighbor
  network              Network type
  priority             Router priority
  retransmit-interval  Time between retransmitting lost link state
                       advertisements
  transmit-delay       Link state transmit delay

R3(config-if)#ipv6 ospf 1 ?
  area  Set the OSPF area ID

R3(config-if)#ipv6 ospf 1 area ?
  <0-4294967295>  OSPF area ID as a decimal value
  A.B.C.D         OSPF area ID in IP address format

R3(config-if)#ipv6 ospf 1 area 0 ?
  instance  Set the OSPF instance
  <cr>

R3(config-if)#ipv6 ospf 1 area 0
R3(config-if)#
*Mar  2 05:32:31.594: %OSPFv3-4-NORTRID: OSPFv3 process 1 could not pick a router-id,
please configure manually
R3(config-if)#

I’ve highlighted all my configuration messages in read so they can be differentiated from the output, but we also have this error message in blue to discuss, that I actually had to go around 5 interfaces removing IPv4 addresses to produce.

In blue, you will get this message if there are no IPv4 addresses on any interface on the router, because it WILL NOT use an IPv6 address as its RID. To put the RID in, this is where we get into OSPFv3 router configuration mode from global configuration mode:

R3(config-if)#exit
R3(config)#ipv6 router ospf 1 ?
  <cr>

R3(config)#ipv6 router ospf 1
R3(config-rtr)#router-id 3.3.3.3
R3(config-rtr)#
*Mar  2 04:45:17.616: %OSPFv3-5-ADJCHG: Process 1, Nbr 4.4.4.4 on FastEthernet0/1 from LOADING to FULL, Loading Done
R3(config-rtr)#exit
R3#sh ipv6 ospf nei

Neighbor ID     Pri   State           Dead Time   Interface ID    Interface
4.4.4.4           1   FULL/DR         00:00:33    4               FastEthernet0/1
R3#sh ipv6 ospf

 

So you can see, the adjacency between the two comes up right away, having already configured R4 with the exact same configurations, letting the Fa0/1 interfaces assign themselves a Link-local address for their IPv6 address.

A couple of important points after configuration to note, is first “show int X” will not give you any IPv6 information (or tell you if it is even enabled:

R3#show int fa0/1
FastEthernet0/1 is up, line protocol is up
  Hardware is AmdFE, address is 000f.2309.b181 (bia 000f.2309.b181)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:06, output 00:00:05, output hang never
  Last clearing of “show interface” counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     46 packets input, 7004 bytes
     Received 40 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     103 packets output, 10731 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 1 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

You can look through that until your eyes go crooked, you won’t find a hint of IPv6, and speaking of IPv6 show commands I wanted to post the output for it here:

R3#sh ipv6 ?
  access-list         Summary of access lists
  cef                 Cisco Express Forwarding for IPv6
  dhcp                IPv6 DHCP
  eigrp               EIGRP show commands
  flow                flow cache entries
  general-prefix      IPv6 general prefixes
  inspect             CBAC (Context Based Access Control) information
  interface           IPv6 interface status and configuration
  local               IPv6 local options
  mfib                IP multicast forwarding information base
  mld                 Multicast group membership information
  mobile              Mobile IPv6
  mrib                Multicast Routing Information Base
  mroute              IPv6 multicast routing table
  mtu                 MTU per destination cache
  nat                 IPv6 NAT-PT information
  neighbors           Show IPv6 neighbor cache entries
  ospf                OSPF information
  pim                 PIM information
  policy              Policy routing
  port-map            Port to Application Mapping (PAM) information
  prefix-list         List IPv6 prefix lists
  protocols           IPv6 Routing Protocols
  rip                 RIP routing protocol status
  route               Show IPv6 route table entries
  routers             Show local IPv6 routers
  rpf                 Multicast RPF information
  static              IPv6 static routes
  traffic             IPv6 traffic statistics
  tunnel              Summary of IPv6 tunnels
  virtual-reassembly  IPV6 Virtual Fragment Reassembly (VFR) information

SO IF YOU WANT INFORMATION ON ANYTHING IPV6, OR WANT TO CONFIGURE IPV6, IT’S A GOOD BET THE COMMAND WILL BEGIN WITH IPV6, like the interface information below:

R3#sh ipv6 int fa0/1
FastEthernet0/1 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::20F:23FF:FE09:B181
  No Virtual link-local address(es):
  No global unicast address is configured
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::5
    FF02::6
    FF02::1:FF09:B181
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds
  ND advertised reachable time is 0 milliseconds
  ND advertised retransmit interval is 0 milliseconds
  ND router advertisements are sent every 200 seconds
  ND router advertisements live for 1800 seconds
  ND advertised default router preference is Medium
  Hosts use stateless autoconfig for addresses.
R3#

I can see this interface is part of the following groups right off the bat:

  • All Nodes
  • All Routers
  • All OSPF Routers
  • All OSPF DRs
  • Its own Link-local IPv6 EUI64 address

I’m not really sure about that last one, or how it works out condensing that, but the two groups above that are what I really wanted to point out. It shows by the FF02::5 that it is not only running OSPFv3, but I can also see it is either the DR or BDR via FF02::6 group.

Also, for OSPF neighbors, this is a good command to get neighbor details (obviously by command name):

R3#sh ipv6 ospf nei det
 Neighbor 4.4.4.4
    In the area 0 via interface FastEthernet0/1
    Neighbor: interface-id 4, link-local address FE80::21B:53FF:FE36:F2CD
    Neighbor priority is 1, State is FULL, 6 state changes
    DR is 4.4.4.4 BDR is 3.3.3.3
    Options is 0x85B86AC5
    Dead timer due in 00:00:32
    Neighbor is up for 00:22:20
    Index 1/1/1, retransmission queue length 0, number of retransmission 0
    First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)
    Last retransmission scan length is 0, maximum is 0
    Last retransmission scan time is 0 msec, maximum is 0 msec
R3#

This output shows R4 is the DR, shows it’s link-local address and its RID, neighbors uptime and Dead timer.

And ONE LAST COMMAND THAT IS VERY IMPORTANT FOR OSPFv3 AND IT’S OUTPUT:

R3#sh ipv6 ospf int
FastEthernet0/1 is up, line protocol is up
  Link Local Address FE80::20F:23FF:FE09:B181, Interface ID 5
  Area 0, Process ID 1, Instance ID 0, Router ID 3.3.3.3
  Network Type BROADCAST, Cost: 1
  Transmit Delay is 1 sec, State BDR, Priority 1
  Designated Router (ID) 4.4.4.4, local address FE80::21B:53FF:FE36:F2CD
  Backup Designated router (ID) 3.3.3.3, local address FE80::20F:23FF:FE09:B181
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:04
  Index 1/1/1, flood queue length 0
  Next 0x0(0)/0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 2
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 4.4.4.4  (Designated Router)
  Suppress hello for 0 neighbor(s)
R3#

Kind of the same as neighbor details, it gives all interface Hello / Dead timers, RIDs, Link-Local addresses, and all the information you could possibly want. I am going to “wr mem” and I think the next post I am going to dedicate to Hex conversion. One more IPv6 lesson down! (sort of)

IPv6: Address types, Prefix-types you must know, Auto-Configuration

I am going to run through all the as brief as possible, so hold onto the seat of your pants.

First up, EUI64:

Every interface enabled with IPv6 on a Router needs a unique identifier, called an interface identifier, which uses what is called an EUI64 (Extended Unique Identifier). The 64 bits does not refer to some IPv6 to IPv4 conversion, only that it’s 64 bits long.

And no, this is not auto-configuration yet, though it is automatically configuring its own address… I know… I love this confusing subject matter too.

So the EUI64 uses the interfaces MAC address which is 48 bits, making it short exactly 16 bits of address, however this 16 bits is used to drop a designating HEX value in the middle of the MAC addresses IOU value and the hardware address value of “FFFE”.

So to get some examples going, first here is the output from R5 (running code 15.x):

R5(config-if)#do show int fa0/0
FastEthernet0/0 is administratively down, line protocol is down
  Hardware is Gt96k FE, address is 001e.f797.f14a (bia 001e.f797.f14a)
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Auto-duplex, Auto Speed, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of “show interface” counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     1 packets output, 353 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
R5(config-if)#

This is where you will find the Hardware / MAC address as highlighted above, not in the IPv6 command for showing the interface. So I enabled the IPv6 on the interface, as it is enabled on the interface and not globally, and did a “show ipv6 int fa0/0” to demonstrate how it creates this EUI-64 address:

R5(config-if)#ipv6 enable

R5(config-if)#do sh ipv6 int fa0/0
FastEthernet0/0 is administratively down, line protocol is down
  IPv6 is tentative, link-local address is FE80::21E:F7FF:FE97:F14A [TEN]
  No Virtual link-local address(es):
  No global unicast address is configured
  Joined group address(es):
    FF02::1
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds (using 30000)

Other than highlighting where the extra 16 bits puts itself in the address, I’d like to also point out the other 64 bits are made up of its prefix FE80 if it’s link-local (might not be some day as noted / linked below), and the rest are 0’s that are compressed indicated by the :: between FE80 and the EUI64 address.

 

***AN IMPORTANT NOTE ON IPV6 CONFIGURATION, MUST TYPE “IPV6 UNICAST-ROUTING” IN GLOBAL CONFIG TO ENABLE IT GLOBALLY***

 

A few other notes:

Essentially once the hex address is converted to Binary, if the 7th bit to the left is a 1 it’s a Universal-Link address, however all manufacturers currently produce a 0 which indicates it’s a Link-Local address as seen above. I didn’t spend a whole lot of time right now wrapping my mind around it, I have a lot of notes to get through to get back to labbing.

The big take away from everything above, if you see FE80 or (1111 1110 10) beginning the address you have a Link-Local address, and if you see FFFE dropped into the middle of the interfaces address it is an EUI64 address.

Now onto different Address types!

Anycast addresses are very similar to multicast addresses in the way that they send to a group of interfaces, however the traffic is delivered to what is considered the closest interface to the sender:

  • Direct connected neighbors, closest being the first one learned by the router
  • If no directly connected, closest determined by routing protocol metrics

A “Global Unicast” is equivalent to IPv4’s Publicly routable IP ranges which is identified in Hex format as 2000:: or (0010::) where as Link-Local again is FE80 breaking down to (1111 1110 10xx).

For an IPv4 compatible IPv6 address, the first 96 bits is set to 0, as in the following formats:

::x.x.x.x or 0:0:0:0:0:0:x.x.x.x

An IPv6 Loopback address is ::1

An IPv6 Unknown Address is ::/128

An IPv6 Default Route is ::/0

Multicasts can be identified by their prefix of FF (1111 1111), however there are a few Link-Local addresses to note:

  • FF02::1 – All nodes on the link
  • FF02::2 – All routers on the link
  • FF02::5 – All OSPF routers
  • FF02::6 – All OSPF DRs
  • FF02::9 – All RIP routers
  • FF02::A – All EIGRP routers

The few good ones to know are 5/6, 9, and A as those will tell you what protocol an interface is running with the earlier command I posted:

R5(config-if)#do sh ipv6 int fa0/0
FastEthernet0/0 is administratively down, line protocol is down
  IPv6 is tentative, link-local address is FE80::21E:F7FF:FE97:F14A [TEN]
  No Virtual link-local address(es):
  No global unicast address is configured
  Joined group address(es):
    FF02::1
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds (using 30000)

So this interface has only joined group “All nodes on like”, however if there were other IPv6 interfaces or routing protocol enabled IPv6 interfaces connected it would show under the ‘Joined group address(es)’ section.

Last and thankfully least, Auto-Configuration:

There are 2 different types of Auto-Configuration, stateless, and stateful.

Stateful the host obtains an IPv6 address along with other info (Gateway, DNS) from a server, via DHCPv6. To my understanding, functions basically the same as IPv4 DHCP.

Stateless is when a host cannot get to the DHCPv6 server, or none is present, and there is an acronym worth giving its own line:

StateLess Address Auto Configuration (SLAAC) SLAAC(kers), now to continue.

The host creates its own link-local address FE80::(mac addy), then sends a Neighbor Solicitation (NS) to all other hosts to confirm its address is unique. If it is, Duplicate Address Detection (DAD) will reply that it is unique.

If it is not unique it will receive back a Neighbor Advertisement (NA) in response, and disable the IPv6 address as unique and goes to the next step of sending a Router Solicitation to FF02::2 (All Routers on link requesting additional configuration info for it’s address.

The RS then gets back a response called a Router Advertisement (RA) either providing a DHCPv6 servers information if one is available, or a unique link-local address complete with network prefix.

And that is it for the CCNA refresher and maybe a bit more advanced info.

Some of the things I don’t fully understand, but will continue through IPv6 segments with labbing involved, and hopefully hammer out any gaps in understanding there.

And yes, writing all that down made my brain hurt, and typing it all back on here made it hurt twice as bad! Next time will be lab time, yay!

IPv6 vs IPv4 Header differences, Address Formatting, Zero Compression, and leading Zero Compression

ipv6_header

Above, is seen an IPv6 packet Header, which contains 8 fields:

  • Version: Equivalent to IPv4 Version field – Set to 6 obviously 🙂
  • Traffic Class: Equivalent to IPv4 Headers ToS (Type of Service) field, used to assign priority levels to packets (QoS)
  • Flow Label: Has no IPv4 equivalence, Labels a packet to be in a certain traffic flow (data, voice, etc), helps to set QoS for an entire traffic flow rather than packet by packet
  • Payload Length: Equivalent to IPv4’s Total Length field, defines the entire packet size including the header and data
  • Next Header: Equivalent to IPv4’s Protocol field (IP protocol type)
  • Hop Limit: Equivalent to IPv4 TTL (Time to Live), decrements each “hop” until it hits zero, at which point the packet quits hopping (gets discarded)
  • Source and Destination = Equivalent to IPv4’s Src & Dst address fields, however has an IPv6 128-bit source and destination address

Which in contrast to an IPv4 Header is amazingly simpler to look at and quickly understand what is what for the most part, here is the IPv4 Header:

ipv4_header

Unbelievable really how much simpler it is, shaving off the really unnecessary fields, and adding a bit more QoS flexibility along with the curious Hop Count field that seems pretty odd for the next evolution in IP Addressing.

As I’ve already mapped what fields are equivalent from IPv6 to IPv4, here is what got dropped completely moving from IPv4 to IPv6 headers:

  • Header Length
  • Identifier
  • Flags
  • Fragment Offset
  • Header Checksum
  • Options & Padding

Above is a good, straight forward description of the Header differences, and is stinking of some kind of exam question so make sure to review these.

Speaking of IPv6, here are a few things worth mentioning before we get into formatting and playing with zero’s:

  • IPv6 does NOT use broadcasts
  • IPv6 addresses are 128-bit addresses, made up of 8 sections of 4 hex values
  • IPv6 is phasing out the need for NAT, but is used for 4-to-6 IP address migration
  • IPv6 was designed for easy (bleh) Route Summarization
  • IPv6 still has DHCP, but hosts can use “Auto-configuration” to give themselves an IP address without needing a DHCP server
  • IPv6 Header allows for better control of QoS than IPv4

Still not convinced you love IPv6? Me either. Let’s get into why it’s said to have been designed with Summarization in mind.

As stated above in the bullet points, the address format is 8 section of 4 hex values, making up the 128-bit IPv6 address in this format:

1029:9183:81AE:0000:0000:0AC1:2143:019B

The first method of shortening the length of this address, called “Zero Compression”, is simply taking any consecutive sections of all zeroes and representing them with 2 colons:

1029:9183:81AE::0AC1:2143:019B

You can condense one more five consecutive sections of zero’s, but “zero-compression” can only be done once per IPv6 address, that is a very key rule.

On the other hand “Leading Zero-Compression” which drops the 0’s off the front of any section in the address, however it does have a couple of rules to it:

  • Some value has to be left between the colons, even if you compressed all 0’s
  • You can use it as many times as you want

So for example, the top address is a valid IPv6 address before leading zero-compression, and the bottom number will be after (assuming you don’t use zero-compression itself here):

1234:0000:1234:0000:1234:0000:1234:0123

1234:0:1234:0:1234:0:1234:123

So given this wealth of new found information, lets take the address above, and use both zero-compression and leading zero-compression to make it look less gross:

1029:9183:81AE:0000:0000:0AC1:2143:019B

1029:9183:81AE::0AC1:2143:019B

1029:9183:81AE::AC1:2143:19B

Above will be your final address, using zero-compression only once and leading zero-compression multiple times, and they can be used together in the same address!

Now a couple of gotcha’s that may come up on exam day:

  • Hex can be upper or lower case in an ipv6 address
  • Letters only span A-F, any letter beyond F in an address means it’s an invalid address
  • If you see more than two colons anywhere in the address, or two colons used twice in the address, it is an invalid IPv6 address

That concludes the introductory portion of IPv6 which is basically CCNA refresher at it’s most basic, next up, more IPv6!

VRF-Lite: Complete configuration and explanation of behaviors, OSPF and EIGRP demonstration and how they work (or why the don’t work)

vrf_top_plain_vrf_labeled

To note I used the same color I have previously for IPSec VPN tunnels, however that color is more just one of the few colors not reserved for protocols (as I generally use blue for OSPF, red for RIP, and orange for EIGRP), so this time green is for VRF-Lite.

So I wanted to pull quick from the last lab quickly the two pieces of setup already done on the equipment from the last post:

R1:

R1(config)#int fa0/0
R1(config-if)#no shut
R1(config-if)#int fa0/0.2
R1(config-subif)#encap dot1q 2
R1(config-subif)#ip add 10.2.2.1 255.255.255.0
R1(config-subif)#int fa0/0.3
R1(config-subif)#encap dot1q 3
R1(config-subif)#ip add 10.3.3.1 255.255.255.0
R1(config-subif)#int fa0/0.4
R1(config-subif)#encap dot1q 4
R1(config-subif)#ip add 10.4.4.1 255.255.255.0
R1(config-subif)#

SW1:

SW1(config)#int fa0/2
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 2
SW1(config-if)#int fa0/3
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 3
SW1(config-if)#int fa0/4
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 4
SW1(config-if)#

Now to demonstrate something, I have removed sub-interface .3 and .4’s IP address, which will later be revisited.

Now as VRF previously described is separating networks with virtual routing instances, the first part of the configuration is to just simply create those instances:

R1(config)#ip vrf VRF2
R1(config-vrf)#?
IP VPN Routing/Forwarding instance configuration commands:
  bgp           Commands pertaining to BGP
  context       Associate SNMP context with this vrf
  default       Set a command to its defaults
  description   VRF specific description
  exit          Exit from VRF configuration mode
  export        VRF export
  import        VRF import
  maximum       Set a limit
  mdt           Backbone Multicast Distribution Tree
  no            Negate a command or set its defaults
  rd            Specify Route Distinguisher
  route-target  Specify Target VPN Extended Communities
  vpn           Configure VPN ID as specified in rfc2685

R1(config-vrf)#exit
R1(config)#ip vrf VRG3
R1(config-vrf)#EXIT
R1(config)#no ip vrf VRG3
% IP addresses from all interfaces in VRF VRG3 have been removed

R1(config)#ip vrf VRF3
R1(config-vrf)#exit
R1(config)#ip vrf VRF4
R1(config-vrf)#exit
R1(config)#

So I left the output from the VRF mode it drops you into, to show the more advanced options not covered in the CCNP ROUTE exam, more geared to non-Lite VRF (however we may see them in the BGP section). Also I highlighted an error from my first configuration derp of the night, and this illustrates a behavior of VRF I wanted to cover first.

Unlike a majority of configurations on Cisco routers, with VRF, it does matter the order in which you enter commands because that may lead to it removing your IP addresses.

This is because the way VRF takes the route out of the “global route table” and into its own, is by removing the IP address literally from the interface (thus removing it from the global route table), making you manually re-enter it (thus putting it into its VRF instances route table). So I am wondering if the error in red will force VRF enabled interfaces to lose their IP address – I will test this quickly after step # 2 in our configuration.

Being that entering VRF on the interfaces is step #2 in configuration, I took the liberty of showing you how it will react to fa0/0.2 when I enter it on an interface with a current IP, as compared to me enabling VRF on the interface and then entering the IP address:

R1(config)#int fa0/0.2
R1(config-subif)#ip vrf forwarding VRF2
% Interface FastEthernet0/0.2 IP address 10.2.2.1 removed due to enabling VRF VRF2
R1(config-subif)#int fa0/0.3
R1(config-subif)#ip vrf forwarding VRF3
R1(config-subif)#ip add 10.3.3.1 255.255.255.0
R1(config-subif)#int fa0/0.4
R1(config-subif)#ip vrf forwarding VRF4
R1(config-subif)#ip add 10.4.4.1 255.255.255.0
R1(config-subif)#exit
R1(config)#do sh ip int bri
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES NVRAM  up                    up
FastEthernet0/0.2          unassigned      YES NVRAM  up                    up
FastEthernet0/0.3          10.3.3.1        YES manual up                    up
FastEthernet0/0.4          10.4.4.1        YES manual up                    up
Serial0/0                  unassigned      YES NVRAM  administratively down down
FastEthernet0/1            unassigned      YES NVRAM  administratively down down
Serial0/1                  unassigned      YES NVRAM  administratively down down
R1(config)#

So as you can see, the order of the commands allowed the IP not to be stripped off .3 and .4, and will now need to be re-entered on .2:

R1(config)#int fa0/0.2
R1(config-subif)#ip add 10.2.2.1 255.255.255.0
R1(config-subif)#exit
R1(config)#do show ip int bri
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES NVRAM  up                    up
FastEthernet0/0.2          10.2.2.1        YES manual up                    up
FastEthernet0/0.3          10.3.3.1        YES manual up                    up
FastEthernet0/0.4          10.4.4.1        YES manual up                    up
Serial0/0                  unassigned      YES NVRAM  administratively down down
FastEthernet0/1            unassigned      YES NVRAM  administratively down down
Serial0/1                  unassigned      YES NVRAM  administratively down down
R1(config)#

There we go, now lets delete an instance and see if it strips the ip address off the interface:

R1(config)#no ip vrf VRF4
% IP addresses from all interfaces in VRF VRF4 have been removed
R1(config)#do sh ip int bri
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES NVRAM  up                    up
FastEthernet0/0.2          10.2.2.1        YES manual up                    up
FastEthernet0/0.3          10.3.3.1        YES manual up                    up
FastEthernet0/0.4          unassigned      YES manual up                    up
Serial0/0                  unassigned      YES NVRAM  administratively down down
FastEthernet0/1            unassigned      YES NVRAM  administratively down down
Serial0/1                  unassigned      YES NVRAM  administratively down down
R1(config)#

It certainly did, and there are a few things here I want to cover, bullet point style:

  • Adding VRF to an interface with an IP, and removing a VRF instance will strip the IP address off any interface running that VRF instance
  • Any IP address removed will have to be manually re-entered on that interface
  • If the VRF instance was removed, the IP address / network will be back in the route table after manually re-adding, if it was stripped due to adding VRF to an interface, it will no longer be in the global routing table after manual re-entering it
  • VRF-Lite configurations, at least in this demonstration, are completely locally significant and downstream routers are completely unaware and will not need special commands when trying to ping R1 or when adding dynamic routing protocols (Only R1 will require them).

So then where do they all go? Good question! They go into their VRF instances routing table, which after adding a route protocol we will see a bit more illustrated:

R1#sh ip route

Gateway of last resort is not set

There be nothing here in the global route table, and that is because the only IP addresses this router knows of are the connected sub-interfaces, and they are now in their own VRF routing instances.

That being said, here is how to see them, with some ? output left in there to see options available for later use in higher level studies (or later in the current course):

R1#show ip route ?

  Hostname or A.B.C.D  Network to display information about or hostname
  bgp                  Border Gateway Protocol (BGP)
  connected            Connected
  dhcp                 Show routes added by DHCP Server or Relay
  eigrp                Enhanced Interior Gateway Routing Protocol (EIGRP)
  isis                 ISO IS-IS
  list                 IP Access list
  mobile               Mobile routes
  odr                  On Demand stub Routes
  ospf                 Open Shortest Path First (OSPF)
  profile              IP routing table profile
  rip                  Routing Information Protocol (RIP)
  static               Static routes
  summary              Summary of all routes
  supernets-only       Show supernet entries only
  track-table          Tracked static table
  update-queue         Queue of RIB updates
  vrf                  Display routes from a VPN Routing/Forwarding instance
  |                    Output modifiers
  <cr>

R1#show ip route vrf ?

  WORD  VPN Routing/Forwarding instance name

R1#show ip route vrf VRF4 ?
  Hostname or A.B.C.D  Network to display information about or hostname
  bgp                  Border Gateway Protocol (BGP)
  connected            Connected
  dhcp                 Show routes added by DHCP Server or Relay
  eigrp                Enhanced Interior Gateway Routing Protocol (EIGRP)
  isis                 ISO IS-IS
  list                 IP Access list
  mobile               Mobile routes
  odr                  On Demand stub Routes
  ospf                 Open Shortest Path First (OSPF)
  profile              IP routing table profile
  rip                  Routing Information Protocol (RIP)
  static               Static routes
  summary              Summary of all routes
  supernets-only       Show supernet entries only
  track-table          Tracked static table
  update-queue         Queue of RIB updates
  |                    Output modifiers
  <cr>

R1#show ip route vrf VRF4

Routing Table: VRF4

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 1 subnets
C       10.4.4.0 is directly connected, FastEthernet0/0.4
R1#

And there it is, I highlight my commands (and the options I chose) as with that much modifier output from ?, it is hard to see where the actual command is.

Alright, so our router now has 3 of these VRF instances running, and I think at this point we should know our options to view our VRF information that is configured:

R1#show ip vrf
  Name                             Default RD          Interfaces
  VRF2                             <not set>           Fa0/0.2
  VRF3                             <not set>           Fa0/0.3
  VRF4                             <not set>           Fa0/0.4

R1#sh int fa0/0.2
FastEthernet0/0.2 is up, line protocol is up
  Hardware is AmdFE, address is 000e.8475.04e0 (bia 000e.8475.04e0)
  Internet address is 10.2.2.1/24
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation 802.1Q Virtual LAN, Vlan ID  2.
  ARP type: ARPA, ARP Timeout 04:00:00
  Last clearing of “show interface” counters never

HUGE DISCLAIMER TO THE ABOVE OUTPUT : I believe because my WAN routers for the NBMA are running IOS code 12.x it does not show the VRF forwarding instance on my “show int” output but on 15.x IOS code I believe it does.

You can also see the VRF instance in each interfaces output in “sh run” but do not count on that being an available command on exam day.

MOVING RIGHT ALONG.

To ping neighbors that are in a particular VRF instance will fail, because a general ping only tests connectivity in the global route table:

R1#ping 10.4.4.4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.4, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)
R1#

For this, we need to add some VRF commands to the ping, to make it use our virtual routing instances route table:

R1#ping ?
  WORD       Ping destination address or hostname
  appletalk  Appletalk echo
  clns       CLNS echo
  decnet     DECnet echo
  ip         IP echo
  ipv6       IPv6 echo
  ipx        Novell/IPX echo
  srb        srb echo
  tag        Tag encapsulated IP echo
  vrf        Select VPN routing instance
  <cr>

R1#ping vrf ?
  WORD  VPN Routing/Forwarding instance name

R1#ping vrf VRF4 ?
  WORD       Ping destination address or hostname
  appletalk  Appletalk echo
  clns       CLNS echo
  decnet     DECnet echo
  ip         IP echo
  ipv6       IPv6 echo
  ipx        Novell/IPX echo
  srb        srb echo
  tag        Tag encapsulated IP echo
  <cr>

R1#ping vrf VRF4 10.4.4.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R1#

So at this point, it can be noticed that when using VRF, you need to define its instance in basically everything that you do on the router it is configured on, and routing protocols are not immune to this either. So, speaking of which, lets configure us some OSPF first, then we’ll remove it and try EIGRP.

What I like about this demonstration, is that it shows a purpose for both having different locally significant processes for OSPF and VRF. It also shows that when configuring OSPF for VRF, it makes you define the VRF instance ensuring that networks in other VRF instances stay in their own VRF instances:

R1(config)#router ospf 2 ?
  vrf  VPN Routing/Forwarding Instance
  <cr>

R1(config)#router ospf 2 vrf ?
  WORD  VPN Routing/Forwarding Instance (VRF) name

R1(config)#router ospf 2 vrf VRF2 ?
  <cr>

R1(config)#router ospf 2 vrf VRF2
R1(config-router)#network 10.2.2.0 0.0.0.255 area 0
R1(config-router)#exit
R1(config)#router ospf 3 vrf VRF3
R1(config-router)#network 10.3.3.0 0.0.0.255 area 0
R1(config-router)#exit
R1(config)#router ospf 4 vrf VRF4
R1(config-router)#network 10.4.4.0 0.0.0.255 area 0
R1(config-router)#exit
R1(config)#

Notice from the ? output, VRF is the only thing proceed “router ospf (process #)” that can be configured, so that extended command is made solely for VRF. So I put in our VRF instances 2 / 3 / 4 in their own OSPF processes 2 / 3 / 4 but made them all be in Area 0 which makes this technically makes this 2 different types of OSPF router:

  • A backbone router = Must have at least one interface in Area 0
  • An Internal router = Only has OSPF interfaces in a single Area
  • Not an ABR (Area Boarder Router) because that must have one interface in Area 0 and another interface in a non-0 Area

Really wanted to stress that it isn’t an ABR, as I thought it was also that, and after double checking my OSPF Fundamentals in a can post the definition does not fit – THIS IS IT IS WHY IT IS GOOD TO CONTINUOUSLY INCORPORATE OLD LESSONS WITH NEW LESSONS TO KEEP THE KNOWLEDGE UP IN THE OL STEEL TRAP ON YOUR SHOULDERS!

Now, in R2, R3, and R4 I will put them in OSPF Process 1 because the process is locally significant only so it will not matter. I will also create a quick loopback on them to make sure we are advertising routes back to R1:

R2(config)#int lo2
R2(config-if)#
*Mar  1 21:20:51.863: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback2, changed state to up
R2(config-if)#ip add 2.2.2.2 255.255.255.0
R2(config-if)#router ospf 1
R2(config-router)#network 10.2.2.0 0.0.0.255 area 0
*Mar  1 21:21:51.777: %OSPF-5-ADJCHG: Process 1, Nbr 10.2.2.1 on FastEthernet0/0 from LOADING to FULL, Loading Done
R2(config-router)#network 2.2.2.0 0.0.0.255 area 2
R2(config-router)#

You can see the adjacency back to R1 form before the loopback network can even be added, I’ll save the output from the other two routers as it is the exact same except their loopbacks will be 3.3.3.0/24 and 4.4.4.0/24.

  • One other note, R2 / R3 / R4 are now ABR’s because they have their fa0/0 interface in Area 0 and their loopback interface in Area #, so they are both a Backbone router and a ABR router in OSPF terminology

However from the above output, I wanted to show there are no extended VRF commands on the remote routers from R1 or matching process #’s needed, so lets see how R1 see’s everything:

R1#sh ip ospf nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
4.4.4.4           1   FULL/DR         00:00:33    10.4.4.4        FastEthernet0/0.4
3.3.3.3           1   FULL/DR         00:00:38    10.3.3.3        FastEthernet0/0.3
10.2.2.2          1   FULL/DR         00:00:31    10.2.2.2        FastEthernet0/0.2
R1#

As can be seen, “sh ip ospf nei” shows them whether they are in their own VRF’s or not, they are still OSPF neighbors, however even after a “clear ip ospf proc” on both R1 and R2 it is still showing 10.2.2.2 as it’s RID instead of the highest logical address 2.2.2.2.

So first from R1, lets see if we are getting routes advertised from all 3 neighbors:

R1#show ip route vrf VRF2

Routing Table: VRF2

Gateway of last resort is not set

     2.0.0.0/32 is subnetted, 1 subnets
O IA    2.2.2.2 [110/2] via 10.2.2.2, 00:02:39, FastEthernet0/0.2
     10.0.0.0/24 is subnetted, 1 subnets
C       10.2.2.0 is directly connected, FastEthernet0/0.2
R1#show ip route vrf VRF3

Routing Table: VRF3

Gateway of last resort is not set

     3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/2] via 10.3.3.3, 00:03:00, FastEthernet0/0.3
     10.0.0.0/24 is subnetted, 1 subnets
C       10.3.3.0 is directly connected, FastEthernet0/0.3
R1#show ip route vrf VRF4

Routing Table: VRF4

Gateway of last resort is not set

     4.0.0.0/32 is subnetted, 1 subnets
O IA    4.4.4.4 [110/2] via 10.4.4.4, 00:03:04, FastEthernet0/0.4
     10.0.0.0/24 is subnetted, 1 subnets
C       10.4.4.0 is directly connected, FastEthernet0/0.4
R1#

After going back to R2 and doing “sh ip route” and confirming 2.2.2.0/24 is in the global route table, and “sh ip proto” shows 10.2.2.2 as the RID, and “sh ip int bri” confirms 10.2.2.2 is NOT on a logical interface I have no idea what’s going on.

I’d normally dig into that a little more, but it’s getting late, and I need to wrap this up, but want to test EIGRP as well so I’m going to quickly change the routing protocol to EIGRP to see if it works the same:

R1(config)#
R1(config)#
R1(config)#router eigrp ?


  <1-65535>  Autonomous system number

R1(config)#router eigrp 200 ?

  <cr>

R1(config-router)#no auto

R1(config-router)#?

Router configuration commands:
  address-family       Enter Address Family command mode
  auto-summary         Enable automatic network number summarization
  bfd                  BFD configuration commands
  default              Set a command to its defaults
  default-information  Control distribution of default information
  default-metric       Set metric of redistributed routes
  distance             Define an administrative distance
  distribute-list      Filter networks in routing updates
  eigrp                EIGRP specific commands
  exit                 Exit from routing protocol configuration mode
  help                 Description of the interactive help system
  maximum-paths        Forward packets over multiple paths
  metric               Modify EIGRP routing metrics and parameters
  neighbor             Specify a neighbor router
  network              Enable routing on an IP network
  no                   Negate a command or set its defaults
  offset-list          Add or subtract offset from RIP metrics
  passive-interface    Suppress routing updates on an interface
  redistribute         Redistribute information from another routing protocol
  timers               Adjust routing timers
  traffic-share        How to compute traffic share over alternate paths
  variance             Control load balancing variance

R1(config-router)#network ?

  A.B.C.D  Network number

R1(config-router)#network 10.2.2.0 0.0.0.255 ?

  <cr>

R1(config-router)#network 10.2.2.0 0.0.0.255
R1(config-router)#exit
R1(config)#router eigrp 300
R1(config-router)#network 10.3.3.0 0.0.0.255
R1(config-router)#exit
R1(config)#router eigrp 400
R1(config-router)#network 10.4.4.0 0.0.0.255
R1(config-router)#exit

I’ve highlight my output again in red, as there is a lot of output here that I want to illustrate mentions ABSOLUTELY NOTHING ABOUT VRF ANYWHERE WITH EIGRP.

So I just put them in their own AS’s, but I am not feeling good about this, as not defining the virtual routing process, I am assuming it is going to try to pull from the global route table. So on the neighbors I will use matching AS numbers (as required to match to form an adjacency with EIGRP neighbors, along with k weights), and lets see if we get some neighbors to form:

R2(config)#router eigrp 200
R2(config-router)#no auto
R2(config-router)#network 10.2.2.0 0.0.0.255
R2(config-router)#network 2.2.2.0 0.0.0.255
R2(config-router)#
ASR#1
[Resuming connection 1 to r1 … ]

R1(config)#do sh ip eigrp nei
IP-EIGRP neighbors for process 200
IP-EIGRP neighbors for process 300
IP-EIGRP neighbors for process 400
R1(config)#

Yeah, it looks like EIGRP is not going to work with VRF instances like OSPF did, I assume BGP will as well be we have yet to get into BGP yet in my studies. So I won’t go on to configure the other routers as we know it’s not going to work.

That concludes VRF-Lite, lots of good information to go with the configurations, now onward to IPv6! 🙂