Category Archives: CCNP – IPv6

IPV6: Quick straight forward notes on differences in modes for exam day!

Going to cut right to the chase here for exam day what you will need to know without a lot of explanation, as I’ve been reading the white papers for my second attempt this Friday, and there are just some things to know without knowing all the “why.”

NTPv6 – This does the same function as NAT for IPv4, only it does it ONLY for IPv6. So if you are asked to explain what it does, it allows communication between IPv6 networks (and if they aren’t dual stacking they aren’t talking)

NAT64 – This could be a local server in your building, or a server at your ISP, that translates V6 addresses to V4 addresses, so hosts can communicate without using Dual-Stack technology themselves.

Stateless NAT64 DOES NOT CONSERVE IPV4 ADDRESSES, 1:1 translations, no IP bindings done in this mode, requires manual or DHCPv6 address to assign an IPv6 address

Stateful NAT64 DOES CONSERVE IP ADDRESSES, 1:any usable translations, creates states or bindings for every entry requiring one to translate between IPv6 and IPv4

IPv6 Tunneling – As posted earlier about IPv6 there are some different Tunneling methods, but all of them do require devices capable of Dual Stacking, remember that on exam day

Dual Stacking – Ability of a host to speak IPv6 and IPv4 with other hosts with the same capability

That is all, remember that information, it may save you a few points on exam day ^

IPv6: Tunnel type review, links to IPv6 address identification, migration, and GRE / DMVPN that I highly encourage you to review!

I know I said no more posts, but IPV6 was begging for some kind of review before exam day so here it is!

There are two general ways to route IPv6 packets, those being a fully native end to end IPv6 network from host – across the WAN – to the end host and back, or IPv6 Tunnels.

IPv6 tunneling consists of taking IPv6 traffic, and encapsulating it like interesting traffic for an IPSec tunnel before transmission into an IPv4 packet, so it can traverse the IPv4 network to its tunnel endpoint that then decapsulates the IPv6 packet for delivery to the inside IPv6 host.

Tunneling is generally done by only two routers, however the Tunneling protocol ISATAP can be done by the hosts themselves, if they are capable of creating the packet that includes the IPv6 payload encapsulated within an IPv4 packet type.

There are 4 general types of IPv6 Tunnels:

  • Manually configured – Point to Point, generally permanent, like any site to site VPN
  • GRE – Point to Point, manually configured, wide support of protocols it can transmit
  • 6to4 – Multipoint tunnel, dynamically formed, uses 3rd and 4th “quartets” for IPv4 address
  • ISATAP – Multipoint tunnel, dynamically formed, uses 7th and 8th “quartets” for the IPv4 address

Now, you may be asking yourself, what on Earth is a quartet, because I sure am. Being that it’s only 3am or so, why not google it, because I doubt it is the part of a musical ensemble.

After a quick google search (how did we even survive before google?), a quartet is 4 digits of the 128 bit address, so it would make sense that 4 of these bits are being used, as each bit represents part of a hexadecimal address as shown in this explanation.

I highly suggest you read that quick explanation of Hex conversion if you’re rusty.

NAT-PT will also get an honorable mention here, though it is not technically a tunnel so there is no encapsulation / decapsulation of packets, however it does translate between protocols. It does also translate and keep track of DNSv4 and DNSv6 name to address bindings, while translating both IPv4 to IPv6 and back between the two.

I have updated this link with how to identify some IPv6 addresses on exam day if asked “Which one of these is is an ISATAP / TEREDO / 6to4 / Link-Local” Address type. It is not conclusive, but that is really all I got before exam day that is now less than 24 hours away.

I was going to post something else about IPv6, but I am too tired to remember what at 3:30am now, just read everything I’ve ever written and you should be good to go for exam day I think – We’ll see how tomorrow goes 🙂

Ooop, just remember, migration strategies link for IPv6, if you add up everything I’ve said between those links and this post it will hopefully make sense and I don’t contradict myself in every explanation.

One big take away from the migration strategies, as a majority of it is using Tunnels as part of the Migration, is Dual-Stacking which is having your hosts run both IPv6 and IPv4, which is how most migrations work.

Start out with a single web facing server that is not critical to production, and give it both an IPv4 and IPv6 test, and see if you can communicate with it over IPv6 (while still having the reliable IPv4 address on it that you know works within your environment).

Also since it was a tunnel type mentioned, and it is also in the VPN section of topics to be covered, do yourself a favor and read the GRE over IPSec tunnel configuration that I did a fairly brief write up about.

I gotta go to bed but wanted to post one last link, this is for mGRE used for DMVPN, which gives a very brief overview of concepts / terminology of how mGRE is used, as well as NHRP (Next Hop Routing Protocol) to make DMVPN works.

I highly encourage you to familiarize yourself with the DMVPN high level view setup process of the tunnels, not so much the configuration, so you are familiar with the terminology.

Ok, must stop researching and studying and posting resources, and test time tomorrow – Hope to see that Pass on the grade!

ALSO ONE LAAAST NOTE, NAT64 – This is used for your IPv4 hosts to communicate with IPv6 servers, hence the device configured for it holding the bindings / address mappings! Remember on exam day, IPv4 hosts talking to IPv6 hosts involves Dual Stacking, or NAT64 to translate for hosts / server on different IP versions!

A collection of IMPORTANT links to review and know for exam day, then a quick overview of LSA Types / OSPF Router Types!

(This post will be replacing the subnetting post in my sticky threads up top the blog)

I pulled this topology from my older posts when I took a deep dive into the world of LSA’s, how to read the Topology table like a laundry list and under stand it, and what type of routers did what.

First I want to list links that are absolutely vital to read and understand for exam day, as you will run into questions regarding these in some fashion or another, and then I will sticky this post up top so the links are available there as well:

LSA Part 1 – https://loopedback.com/2017/04/24/part-1-ospf-lsa-deep-dive-starting-with-lsa-types-1-2-3-and-an-intro-to-all-lsa-types-and-ospf-routers-types/

LSA Part 2 – https://loopedback.com/2017/04/25/part-2-ospf-lsa-deep-dive-lsa-types-4-5-and-turn-area-15-to-an-nssa-to-see-what-happens-with-the-ls-database/

LSA Part 3 – https://loopedback.com/2017/04/25/part-3-ospf-lsa-deep-dive-lsa-type-7-deep-dive-into-every-type-of-ospf-stub-area-and-how-it-impacts-lsas/

VPN types and Tunnel Modes – https://loopedback.com/2017/04/28/vpn-deep-dive-into-different-vpn-packet-types-differences-in-security-and-differences-in-modes-between-them/

OSPF Distribute-List vs Filter-List – https://loopedback.com/2017/04/27/ospf-deep-dive-distribute-list-vs-filter-list-in-and-reviewing-prefix-lists-as-they-filter-lists-use-prefixes-to-filter/

Quick methods to Subnet – https://loopedback.com/2017/05/09/important-subnetting-review-to-quickly-find-network-address-ranges-and-a-great-cheat-sheet-for-exam-day/

IPv6 Migration Strategies – https://loopedback.com/2017/03/11/ipv6-migration-strategies-from-ipv4-networks-need-to-know-details-for-exam-day-explained/comment-page-1/#comment-56

Identifying IPv6 Address Types – https://loopedback.com/2017/05/08/ipv6-quick-tips-on-some-good-to-knows-and-need-to-knows-for-ipv6-on-exam-day-may-be-adding-info-to-this-in-the-future/

EIGRP Distribute-List / Prefix-List configuration – https://loopedback.com/2017/05/10/eigrp-deep-dive-into-prefix-list-configurations-access-list-vs-prefix-list-using-prefix-lists-to-filter-eigrp-routes-with-distribute-lists/

I could keep adding posts to that list all day, as they are pretty important, but you need to have a solid understanding of VPN Types and Tunnel Modes (and what they do), LSA Types and Database understanding, the IPv6 material and knowing how to configure and apply Prefix-Lists, etc. I’d say read all my posts, but I wrote them and my mind still slips on the materials!

Now I pulled this explanation of the LSA types from an older post where I summarized them using the Topology above, so I will paste these into this post, and sticky this thread up top for visibility and move on to the next topic for review!

So first, I will start with a description of each LSA type of the 7 of them:

  • LSA Type 1 “Router” – “Router Link States” will be its header in the LSA DB, and the name is self explanatory, these LSA’s are generated by each router with updates on its local Link States, all router types generate and flood this LSA Type.
  • LSA Type 2 “Network” – “Net Link States” are only generated and sent by DR’s and BDR’s to routers in the Same Area, that are also on the same multi-access network type, LSA type stays within its own Area, only seen in NON-Point-to-Point network types
  • LSA Type 3 “Summary” – “Summary Net Link States” has nothing to do with summarization, but floods its summary of networks from one Area into others except for the Area it is part of – Not flooded into Total-Stub’d Areas (Stub or NSSA)
  • LSA Type 4 “Summary ASB” – “Summary ASB Link States” LSA type is only created by ABR’s back to the ASBR, so when redistribution is configured on the ASBR Router it flips a bit in its “Router LSA” (Type 1!), and the ABR(s) then create LSA type 4’s to pass along throughout the network giving OSPF neighbors the path back to the ASBR – Not flooded into Stub Areas.
  • LSA Type 5 “Autonomous System External Link State” – or “AS External Link States” in the OSPF LSA DB, these are your “O E1” and “O E2”  Redistributed routes, generated from the ASBR itself OUTSIDE an NSSA Area – Not flooded into Stub Areas.
  • LSA Type 6 – Not needed for the CCNP ROUTE, but it is for Multicast Extensions of OSPF (MOSPF), but again is not referenced in the the ROUTE exam, just wanted to mention for the sake of thoroughness
  • LSA Type 7 “NSSA LSA’s” – This type of LSA is generated by the ASBR INSIDE an NSSA Area does Redistribution, as Type 5 Redistribution LSA’s cannot enter an NSSA Area

Phew. So to cover what type of routers create which type of LSA’s ONE MORE TIME:

  • Type 1 – All Routers
  • Type 2 – All DR’s
  • Type 3, 4 – All ABR’s
  • Type 5 – ASBR’s OUTSIDE the NSSA Areas (NSSA’s don’t allow LSA type 5)
  • Type 6 – Reserved for MOSPF
  • Type 7 – ASBR’s INSIDE the NSSA Areas (Type 7 LSA’s [N1, N2 in route table])

 

If you don’t fully understand LSA’s, please review Part 1, 2, and 3 of the OSPF LSA posts linked above as this is crucial to exam success if you get some OSPF questions!

IPv6: Quick Tips on some good to knows, and need to knows for IPv6 on exam day, may be adding info to this in the future!

I want to briefly touch on the basics of IPv6 in general without any sort of Protocols in the mix, just the basics for now, we’ll save that other fun stuff for a later date.

This is kind of from the beginning of enabling IPv6 to run on a router to assigning an interface an address (or it assigning itself an address)!

First, a quick note, this is how you enable ipv6 on your router to begin with:

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ipv6 unicast-routing
R1(config)#

Without “ipv6 unicast-routing” entered in global config, IPv6 functionality is not enabled.

Some facts bullet point style to remember for exam day:

  • IPv6 DOES NOT USE BROADCASTS – However it does use Unicasts and Multicasts
  • IPv6 was created with Summarization in mind, and has 128 bit masks, usually condensed with zero compression / leading zero compression in them
  • DHCPv6 exists, however the IPv6 hosts can configure themselves with “Autoconfiguration”
  • NAT still exists as part of IPv4 to IPv6 Migration Strategies from another post

 

Internal / LAN Private IPv6 address space idenfication, as well as Public

To identify an address that is considered non-routable for IPv6 to be assigned to the LAN, look for to addresses:

  •  fc00::/7
  • fdxx:x:x:x… etc – Anything that starts with “FDXX” in the first “quartet”

Global (Public) IPv6 address space:

  • 2000::/3 is the IPv6 for Global Unicast Addresses

 

Interface Identifiers and the EUI-64 (Extended Unique Identifier) Address type:

Every interface in an IPv6 link requires a unique identifier (hence Interface Identifier), which is a 64-bit value comprised of the MAC address, which does not need to be manually entered or learned via DHCPv6 (Stateless Auto-Config).

This is where the EUI-64 comes to save the day!

It takes the MAC address of an interface, say this interface:

R1#sh int fa0/1
FastEthernet0/1 is up, line protocol is up
Hardware is Gt96k FE, address is 001e.f797.f14b (bia 001e.f797.f14b)
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)

(And so on…)

Which has a 48-bit MAC address for the physical interface, the first 6 digits being the OUI of the manufacturer (24 bits) and the last 6 digits used for device addressing (24 bits) for a MAC address refresher.

To get to 64-bits it needs an additional 16, which is where EUI-64 comes in, as it injects FF:FE into the middle of the MAC address to give the Interface a Unique Identifier when you enable IPv6 on the interface:

R1(config)#int fa0/1
R1(config-if)#ipv6 enable
R1(config-if)#do sh ipv6 int fa0/1
FastEthernet0/1 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::21E:F7FF:FE97:F14B
  No Virtual link-local address(es):
  No global unicast address is configured
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::1:FF97:F14B
  MTU is 1500 bytes

Note we use “sh ipv6 …” instead of “sh ip …” as with basically all IPv6 commands.

I saw this on a practice exam, and I completely forgot these “nicknames” for some of the IP Address types I’ve mentioned in the migration link above, but didn’t hear it specifically used in my training materials.

WHAT IS AN IPV6 ISATAP ADDRESS? YOU NEED TO KNOW THESE ODD ADDRESS NICKNAMES SO TO SAY, SO GIVE IT A QUICK READ, INCLUDES SOME GOTCHAS!

It is a method of allowing IPv4 assigned to an outside interface to be integrated with an IPv6 address for neighbor discovery, and can be part of migration strategies.

So it will start out with its link-local “FE80::” and inject the following characters right before the IPv4 address “0200:5EFE:x.x.x.x”, so it will come out looking like this:

FE80::0000:5EFE:192.0.2.143

However, of course there are some gotchas to watch out for on exam day, two particularly. When looking at addresses, leading zero compression may be used on the “0200” portion, making the new address appear as this:

FE80::0000:5EFE:192.0.2.143

That is #1 to watch for, but Cisco will probably try to catch you off guard by using both gotchas in conjunction, which leads to the second gotcha of making the IPv4 into a Hex Value instead of an obvious dotted decimal at the end indication the ISATAP address type.

Here is an example of the two gotchas in conjunction:

FE80::0000:5EFE:C000:28F

Just remember if you see a 5EFE inside the IPv6 address, it is an ISATAP address.

NOW WHAT ON EARTH IS A “TEREDO ADDRESS” ?

This address type can be identified by its prefix type as follows:

2001:0000::/32

There is really no gotchas with this one, one piece of terminology to watch for is the Teredo Relay, as that is actually considered the router allowing the flow of Teredo traffic into and outside of the network.

IPv6 packets are encapsulated in IPv4 packets before transmission across a point-to-point manually configured tunnel.

6to4 Address example

2002::/16

I’ll write a brief descriptions of the different tunnel types, but above is how you can spot it, it will begin with 2002::/16

NAT-PT

Not an IPv6 tunnel at all, but actually does translations between IPv4 and IPv6 back and forth between both protocols, so no packets to encap / decap when using this.

IPv6 migration strategies from IPv4 networks, need to know details for exam day explained!

This will be a quick post with NO Topology added this time, so tomorrow I can hopefully jump right into the security section of route starting with ACL’s! So I will list off the terminology for methods, the up and downs of using them, and how they stack up against other methods.

  • One important thing to note, the best strategy of migrating is start at the edge and work your way to the core of the network, whether its stacking / tunneling / translating.

Speaking of Stacking, Dual-Stack is the first method to discuss

Dual-Stacking is when you are running IPv4 and IPv6 simultaneously across your entire network, making both v4 to v4 connections and v6 to v6 connections across all devices, however most networks right now will lack the capability to run IPv6.

It would require a lot of money to purchase high end IPv6 compatible hardware and software, so it is a great but not completely viable option for most networks at this time.

6-to-4 Tunneling

It works like a VPN that a tunnel is actually built and torn down when not needed for traffic to flow, however instead of encapsulating the traffic to encrypt it, IPv6 packets are encapsulated in an IPv4 addressed packet to traverse IPv4 domains to reach “IPv6 Islands” which is a fancy term for IPv6 networks.

The IPv6 prefix for this type of network is 2002 and carries a /32 mask on the address. Easy way to this of it a 6-to-4 prefix is it being R2’s loopback.

One issue is you would need to use Dual-Stacking with this method as well, or IPv6 hosts won’t be able to communicate with IPv4 hosts on IPv4 based services.

NAT64 / NAT6-to-4

Not traditional NAT (obviously), this translates IPv6 to IPv4 traffic, and it comes in two flavors, stateless and stateful:

  • Stateless NAT64 embeds an IPv4 address directly into an IPv6 address, resulting in a one to one mapping of the IPv6 to IPv4 addresses. The concern is with Stateless is running out of IPv4 embedded addresses to put in the IPv6 address, the whole reason we are migrating to IPv6 in the first place.
  • Stateful mode doesn’t use up IPv4 addresses as quickly, since it allows multiple IPv6 addresses to use a single IPv4 address, making it a MUCH larger pool to draw from

This has largely replaced an old migration method called NAT-PT (NAT-Protocol Translation) because of NAT-PT’s integrated use of DNS, where as NAT64 keeps NAT64 and DNS64 functions completely separate which we like.

NPTv6 (Not to be confused with NAT64) / NAT-PT

This is used to translate from IPv4 to IPv6 addresses on “IPv6 Islands” or networks using only IPv6, then translate them back, meaning it is NOT any of the tunnel mentioned above where packets are being encapsulated / decapsulated.

It sounds like when the source prefix arrives at the device or is leaving a device, instead of using the outside interfaces IPv6 prefix, it changes it to another if perhaps a downstream router has the original address black-listed or something (Why it is a special use tool).

It is stateless only, and cannot perform PAT type overload on outgoing packets which is what makes so special use as well.

OK, I SURVIVED THROUGH THE IPV6 SECTION!!!

Time to delve into Security topics for awhile and get back to labbing!

RIP for IPv6 (RIPng) configurations, explanations, and plenty of examples!

IPv6_RIPng

I will be recycling the last labs Topology for this and one final OSPFv3 headache, and then IPv6 is done for now (though I am sure I will recover the topics at some point).

So as can be seen kind of above, it’s a weird sort of RIP boundary to not block the IPv6 addresses at the top in paint, but both FastEthernet and Loopback interfaces will be in the same domain / process.

Now I will go through the main concepts covered bullet point style, since I haven’t done that for awhile and there isn’t a whole lot there, then get to configuring!

  • All the configuration for RIPng can be done on the interfaces (for CCNP purposes)
  • Interface configuration makes you define a process id, which can be a word or number, and these process ID’s DO need to match with other RIPng routers proccess ID’s to advertise to eachother
  • As with OSPF, “default-information originate” can be configured like in OSPF, with a tweak to the command not yet covered I don’t believe
  • The maximum hop count / metric is STILL 15 hops, seriously. No, really.

So I’ve just removed the EIGRP configurations from the last lab and will recycle the IP addresses for this one, and I will jump right into the complete configuration of RIP on this Topology in one fowl swoop:

R2(config)#int fa0/0
R2(config-if)#ipv6 rip ?
  WORD  User selected string identifying this RIP process

R2(config-if)#ipv6 rip Process1 ?
  default-information  Configure handling of default route
  enable               Enable/disable RIP routing
  metric-offset        Adjust default metric increment
  summary-address      Configure address summarization

R2(config-if)#ipv6 rip Process1 enable
R2(config-if)#int lo2
R2(config-if)#ipv6 rip Process1 enable

ASR#3
[Resuming connection 3 to r3 … ]

R3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#int fa0/0
R3(config-if)#ipv6 rip Proccess1 enable
R3(config-if)#int lo3
R3(config-if)#ipv6 rip Proccess1 enable
R3(config-if)#
ASR#4
[Resuming connection 4 to r4 … ]

R4(config)#int fa0/0
R4(config-if)#ipv6 rip Process1 enable
R4(config-if)#int lo4
R4(config-if)#ipv6 rip Process1 enable
R4(config-if)#^Z
R4#
*Mar 10 00:51:43.247: %SYS-5-CONFIG_I: Configured from console by console
R4#sh ipv6 route rip
IPv6 Routing Table – default – 7 entries
Codes: C – Connected, L – Local, S – Static, U – Per-user Static route
       B – BGP, HA – Home Agent, MR – Mobile Router, R – RIP
       I1 – ISIS L1, I2 – ISIS L2, IA – ISIS interarea, IS – ISIS summary
       D – EIGRP, EX – EIGRP external, NM – NEMO, ND – Neighbor Discovery
       l – LISP
       O – OSPF Intra, OI – OSPF Inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2
       ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2
R   2002::/64 [120/2]
     via FE80::20E:D7FF:FE10:6C60, FastEthernet0/0
R   2003::/64 [120/2]
     via FE80::20F:23FF:FE09:B180, FastEthernet0/0
R4#

And that is absolutely it, lab could be finished right here, thanks for stopping by – It’s that easy. However I did highlight in red some commands I added a ? to show the output / modifiers for the command, of those options I’ll demonstrate a bit of this old friend default-information originate and its other option yet to be shown.

However, that is literally the configuration as shown in the route table output on R4, by the time I configured that, I have R2’s and R3’s loopback in my RIP IPv6 route table.

** Take note of the AD / Metric are the same as IPv4, and yes the hop count limit is still 15.

Now one thing I am not 100% sure on even though I put it in a bullet point, which I will edit if I need to, but I hate editing facts I make up after I find them to be false – I am going to change the Process ID on R2’s Loopback interface to see if it drops off R4’s route table (to see if the process ID’s truly do need to match):

R2(config-if)#no ipv6 rip Process1 enable
R2(config-if)#ipv6 rip Process2 enable
R2(config-if)#
ASR#4
[Resuming connection 4 to r4 … ]

R4#sh ipv6 route rip
IPv6 Routing Table – default – 7 entries
Codes: C – Connected, L – Local, S – Static, U – Per-user Static route
       B – BGP, HA – Home Agent, MR – Mobile Router, R – RIP
       I1 – ISIS L1, I2 – ISIS L2, IA – ISIS interarea, IS – ISIS summary
       D – EIGRP, EX – EIGRP external, NM – NEMO, ND – Neighbor Discovery
       l – LISP
       O – OSPF Intra, OI – OSPF Inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2
       ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2
R   2002::/64 [120/2]
     via FE80::20E:D7FF:FE10:6C60, FastEthernet0/0
R   2003::/64 [120/2]
     via FE80::20F:23FF:FE09:B180, FastEthernet0/0
R4#clear ipv6 route *
R4#sh ipv6 route rip
IPv6 Routing Table – default – 7 entries
Codes: C – Connected, L – Local, S – Static, U – Per-user Static route
       B – BGP, HA – Home Agent, MR – Mobile Router, R – RIP
       I1 – ISIS L1, I2 – ISIS L2, IA – ISIS interarea, IS – ISIS summary
       D – EIGRP, EX – EIGRP external, NM – NEMO, ND – Neighbor Discovery
       l – LISP
       O – OSPF Intra, OI – OSPF Inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2
       ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2
R   2002::/64 [120/2]
     via FE80::20E:D7FF:FE10:6C60, FastEthernet0/0
R   2003::/64 [120/2]
     via FE80::20F:23FF:FE09:B180, FastEthernet0/0
R4#

Ok….. so…. no apparently? Let us check R2, to confirm the Process is indeed changed:

R2#sh ipv6 proto
IPv6 Routing Protocol is “connected”
IPv6 Routing Protocol is “static”
IPv6 Routing Protocol is “rip Process1”
  Interfaces:
    FastEthernet0/0
  Redistribution:
    None
IPv6 Routing Protocol is “rip Process2”
  Interfaces:
    Loopback2
  Redistribution:
    None
R2#

I like that style of “sh ip proto” for IPv6, very concise details, almost like a “sh ip proto brief” or something. To get more information on RIP in IPv6, you will want to use the command “sh ipv6 rip”:

R2#sh ipv6 rip
RIP process “Process1”, port 521, multicast-group FF02::9, pid 54
     Administrative distance is 120. Maximum paths is 16
     Updates every 30 seconds, expire after 180
     Holddown lasts 0 seconds, garbage collect after 120
     Split horizon is on; poison reverse is off
     Default routes are not generated
     Periodic updates 39, trigger updates 3
  Interfaces:
    FastEthernet0/0
  Redistribution:
    None
RIP process “Process2”, port 521, multicast-group FF02::9, pid 78
     Administrative distance is 120. Maximum paths is 16
     Updates every 30 seconds, expire after 180
     Holddown lasts 0 seconds, garbage collect after 120
     Split horizon is on; poison reverse is off
     Default routes are not generated
     Periodic updates 12, trigger updates 0
  Interfaces:
    Loopback2
  Redistribution:
    None
R2#

Now that is how we like our output. Huge, filled with great output, and makes us look like Alien level genius to people who don’t know anything about Cisco CLI. This gives you all the information you need about RIPng on the router, quite literally. Timers, Processes, interfaces, port # for RIPng, Multi-Cast Group #, everything.

So after some time and “clear ipv6 route *” on both routers, R4 finally showed the loopback in Process2 on R2 gone:

R4#sh ipv6 route rip
IPv6 Routing Table – default – 6 entries
Codes: C – Connected, L – Local, S – Static, U – Per-user Static route
       B – BGP, HA – Home Agent, MR – Mobile Router, R – RIP
       I1 – ISIS L1, I2 – ISIS L2, IA – ISIS interarea, IS – ISIS summary
       D – EIGRP, EX – EIGRP external, NM – NEMO, ND – Neighbor Discovery
       l – LISP
       O – OSPF Intra, OI – OSPF Inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2
       ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2
R   2003::/64 [120/2]
     via FE80::20F:23FF:FE09:B180, FastEthernet0/0
R4#

The timing with RIP in IPv6 is a bit odd, its not always 30 seconds for updates as it shows in the above timers output, so if something doesn’t happen in the expected time RIP is still really terrible with convergence times in IPv6 if not more so than IPv4.

Now to tackle default-information in RIP

I will pick on R4 first with our old tried and true friend “default-information originate” and see how it impacts R2’s route table with a  before and after:

R2#sh ipv6 route rip
IPv6 Routing Table – 8 entries
Codes: C – Connected, L – Local, S – Static, R – RIP, B – BGP
       U – Per-user Static route
       I1 – ISIS L1, I2 – ISIS L2, IA – ISIS interarea, IS – ISIS summary
       O – OSPF intra, OI – OSPF inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2
       ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2
       D – EIGRP, EX – EIGRP external
R   2003::/64 [120/2]
     via FE80::20F:23FF:FE09:B180, FastEthernet0/0
R   2004::/64 [120/2]
     via FE80::21B:53FF:FE36:F2CC, FastEthernet0/0
ASR#4
[Resuming connection 4 to r4 … ]

R4(config-if)#ipv6 rip Process1 default-information ?
  only       Advertise only the default route
  originate  Originate the default route

R4(config-if)#ipv6 rip Process1 default-information originate ?
  metric  Default route metric
  <cr>

R4(config-if)#ipv6 rip Process1 default-information originate metric ?
  <1-15>

R4(config-if)#ipv6 rip Process1 default-information originate
ASR#2
[Resuming connection 2 to r2 … ]

R2#sh ipv6 route rip
IPv6 Routing Table – 9 entries
Codes: C – Connected, L – Local, S – Static, R – RIP, B – BGP
       U – Per-user Static route
       I1 – ISIS L1, I2 – ISIS L2, IA – ISIS interarea, IS – ISIS summary
       O – OSPF intra, OI – OSPF inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2
       ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2
       D – EIGRP, EX – EIGRP external
R   ::/0 [120/2]
     via FE80::21B:53FF:FE36:F2CC, FastEthernet0/0
R   2003::/64 [120/2]
     via FE80::20F:23FF:FE09:B180, FastEthernet0/0
R   2004::/64 [120/2]
     via FE80::21B:53FF:FE36:F2CC, FastEthernet0/0
R2#

See what I did there? The color coding shows R2’s original route table in red, and in blue you can see the command added to the R4 Fa0/0 interface, as well as the default route now seen in R2’s route table AFTER A PAINFULLY LONG AMOUNT OF TIME.

Really, with RIP in IPv6, if you think you’ve waited long enough and something should have happened by now it really hasn’t. Go take a shower or do the dishes, come back, and it will have maybe have sent route updates. Its surprisingly noticeably worse than IPv4.

ANYWAYS, so that works like it does with OSPF, just sends a default route to itself to all listening routers with it’s same Process ID.

Now let us change this to use “only” instead of originate, and see what happens, we’ll skip before and after as the current route table is just above us all colorful and fun looking:

R4(config)#int fa0/0
R4(config-if)#no ipv6 rip Process1 default-information originate
R4(config-if)#ipv6 rip Process1 default-information only
ASR#2
[Resuming connection 2 to r2 … ]

R2#sh ipv6 route rip
IPv6 Routing Table – 8 entries
Codes: C – Connected, L – Local, S – Static, R – RIP, B – BGP
       U – Per-user Static route
       I1 – ISIS L1, I2 – ISIS L2, IA – ISIS interarea, IS – ISIS summary
       O – OSPF intra, OI – OSPF inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2
       ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2
       D – EIGRP, EX – EIGRP external
R   ::/0 [120/2]
     via FE80::21B:53FF:FE36:F2CC, FastEthernet0/0
R   2003::/64 [120/2]
     via FE80::20F:23FF:FE09:B180, FastEthernet0/0
R2#

R2#ping 2004::1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2004::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/8 ms
R2#

After 10 minutes, R2 got its routing update, which shows that R4 is now only advertising default routes to other RIPng routers listening, and the ping to it’s loopback is successful.

So the difference with originate and only is pretty straight forward, originate just adds a default route to RIPng routers, while “only” on the command will “only” advertise a default route to itself.

** One thing to note from that last output is that it is best practice to remove the original command before replacing it with a new value, however with this be sure not to remove the “ipv6 rip process enable” command because it needs to stay! **

With that, I am done waiting for RIP’s routing updates, next up is one more OSPFv3 lab which will use this same Topology once more. Don’t miss out on all the fun in that post!

Configuration of EIGRP in IPv6, output examples and differences from v4, and some old IOS code derps!

IPv6_EIGRP

I sometimes wonder how much it makes network engineers cringe when they look at a blog post (if any engineers do), and see my barely put together Topology not made in Visio as my diagram 🙂

Anyways this should be pretty quick, so far I have only configured the loopback and FastEthernet0/0 interfaces for the Ethernet segment, and configured EIGRP RID’s on all of them the exact same way as OSPF:

R3(config)#ipv6 router eigrp 100
R3(config-rtr)#router-id 3.3.3.3

Only of course I did that for R2, R3, and R4 because I am a nice guy like that. For the Fa0/0 interfaces I have no shut them and assigned only IP addresses shown in the Topology, so for the sake of testing we should be able to ping around quick from R2 to R3 and R4 as their on a shared Ethernet Segment of 2001::0/64:

R2(config-if)#do ping 2001::3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/8 ms
R2(config-if)#do ping 2001::4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::4, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)
R2(config-if)#

@_@. Already? Ahhh, no worries, cabling mis-hap in my semi-awake state, lets try again:

R2(config-if)#do ping 2001::4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/8 ms
R2(config-if)#

There we go. So I have already enabled EIGRP AS 100 on all 3 routers, however I need to configure it interface by interface like OSPFv3:

R2(config-if)#ipv6 eigrp 100
R2(config-if)#
ASR>3
[Resuming connection 3 to r3 … ]

R3(config-if)#ipv6 eigrp 100
R3(config-if)#
ASR>4
[Resuming connection 4 to r4 … ]

R4(config-if)#ipv6 eigrp 100
R4(config-if)#

Simple enough, so at this point we aren’t going to see any EIGRP routes because we’re all already connected to eachother, but why have no adjacencies formed between the 3 routers? So the investigation begins, confirming first across all 3 routers with “sh ipv6 eigrp nei” that noone has a neighbor.

So I was on R2 reviewing the show run when I saw this oddity:

!
ipv6 router eigrp 100
 router-id 2.2.2.2
 shutdown
!
!

What? Routing process is shut down? Well lets no shut like an interface and see what happens I suppose:

R2(config-if)#exit
R2(config)#ipv6 router eigrp 100
R2(config-rtr)#no shut
R2(config-rtr)#
*Mar  1 22:52:33.402: %DUAL-5-NBRCHANGE: IPv6-EIGRP(0) 100: Neighbor FE80::21B:53FF:FE36:F2CC (FastEthernet0/0) is up: new adjacency
R2(config-rtr)#
R2(config-rtr)#do sh ipv6 eigrp nei
IPv6-EIGRP neighbors for process 100
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
(sec)         (ms)       Cnt Num
0   Link-local address:     Fa0/0             11 00:02:17    6   200  0  2
FE80::21B:53FF:FE36:F2CC

You have to be kitten me. This wasn’t on the training video course I am going with, so this was like turning over a rock, and finding IPv6 EIGRP gold my CCNP candidate friends.

So lesson # 1, in IPv6 if your neighbors aren’t forming adjacencies… no shut the ipv6 router eigrp # I guess.

That is really weird. Anyways, I wanted to know who it formed an Adjacency with as I hadn’t “no shut” any other routers, went to R3 and look at this:

R3(config-if)#
R3(config-if)#do sh ipv6 eigrp nei
IPv6-EIGRP neighbors for process 100
% EIGRP 100 is in SHUTDOWN
R3(config-if)#


So after going across all 3 routers, it wasn’t in that video because on code 15.x IOS, it doesn’t require the “no shut” in the router process, so maybe keep it in the back of your head for troubleshooting but my old crusty gear needs that extra kick to work.

^ This will be demonstrated below as I “no shut” the other R3 and R4:

R3(config)#ipv6 router eigrp 100
R3(config-rtr)#no shut
R3(config-rtr)#
*Mar  2 07:36:40.370: %DUAL-5-NBRCHANGE: IPv6-EIGRP(0) 100: Neighbor FE80::20E:D7FF:FE10:6C60 (FastEthernet0/0) is up: new adjacency
*Mar  2 07:36:40.370: %DUAL-5-NBRCHANGE: IPv6-EIGRP(0) 100: Neighbor FE80::21B:53FF:FE36:F2CC (FastEthernet0/0) is up: new adjacency
R3(config-rtr)#
ASR>4
[Resuming connection 4 to r4 … ]

*Mar  8 04:45:38.655: %DUAL-5-NBRCHANGE: EIGRP-IPv6 100: Neighbor FE80::20E:D7FF:FE10:6C60 (FastEthernet0/0) is up: new adjacency
R4(config-if)#
*Mar  8 04:52:06.939: %DUAL-5-NBRCHANGE: EIGRP-IPv6 100: Neighbor FE80::20F:23FF:FE09:B180 (FastEthernet0/0) is up: new adjacency
R4(config-if)#exit
R4(config)#ipv6 router eigrp 100
R4(config-rtr)#no shut

I kind of already knew something was up, because when I flipped to R4 via the access-server there I had the console messages for DUAL changes waiting for me, so with 15.x IOS code in the lab room ignore the “no shut” non-sense.

Now, back onto the lab, lets confirm all the neighbors are friends and saying Hellos to each other and being good neighbors:

R4(config)#do sh ipv6 eigrp nei
EIGRP-IPv6 Neighbors for AS(100)
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
1   Link-local address:     Fa0/0             13 00:05:31    9   200  0  4
    FE80::20F:23FF:FE09:B180
0   Link-local address:     Fa0/0             12 00:11:59    5   200  0  2
    FE80::20E:D7FF:FE10:6C60
R4(config)#

Ok, the link-local address is pretty irritating because that doesn’t show me which neighbor is actually there unless I run the command in detail, I would imagine:

R4(config)#do sh ipv6 eigrp nei det
EIGRP-IPv6 Neighbors for AS(100)
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
1   Link-local address:     Fa0/0             12 00:07:00    9   200  0  4
    FE80::20F:23FF:FE09:B180
   Version 12.4/1.2, Retrans: 0, Retries: 0, Prefixes: 1
   Topology-ids from peer – 0
0   Link-local address:     Fa0/0             13 00:13:28    5   200  0  2
    FE80::20E:D7FF:FE10:6C60
   Version 12.4/1.2, Retrans: 0, Retries: 0, Prefixes: 1
   Topology-ids from peer – 0
R4(config)#

Nope, no actual assigned IP addresses here, just that link-local address. I could see it using the RID here, but the link-local address that is only known by the remote router? Gah!

So at this point we have neighbors, but no routes for EIGRP in the IPv6 route table as we haven’t added any loopbacks, so lets get to that:

R4(config)#int lo4
R4(config-if)#ipv6 eigrp 100
R4(config-if)#
ASR>3
[Resuming connection 3 to r3 … ]

R3(config-rtr)#int lo3
R3(config-if)#ipv6 eigrp 100
R3(config-if)#
ASR>2
[Resuming connection 2 to r2 … ]

*Mar  1 22:59:01.626: %DUAL-5-NBRCHANGE: IPv6-EIGRP(0) 100: Neighbor FE80::20F:23FF:FE09:B180 (FastEthernet0/0) is up: new adjacency
R2(config-rtr)#
R2(config-rtr)#do sh ipv6 route eigrp
IPv6 Routing Table – 8 entries
Codes: C – Connected, L – Local, S – Static, R – RIP, B – BGP
       U – Per-user Static route
       I1 – ISIS L1, I2 – ISIS L2, IA – ISIS interarea, IS – ISIS summary
       O – OSPF intra, OI – OSPF inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2
       ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2
       D – EIGRP, EX – EIGRP external
D   2003::/64 [90/156160]
     via FE80::20F:23FF:FE09:B180, FastEthernet0/0
D   2004::/64 [90/156160]
     via FE80::21B:53FF:FE36:F2CC, FastEthernet0/0
R2(config-rtr)#do ping 2003::1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2003::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/4/16 ms
R2(config-rtr)#do ping 2004::1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2004::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/1/4 ms
R2(config-rtr)#

So that looks the same, however I want to get a bit of redistribution in here, and actually I want to get it on R4 to demonstrate some things not available on 12.x code.

And to note, most behavior issues on these older IOS images is IPv6, so my posts are valid for this exam and the information in them – Just to give myself some credibility… yeah.

So couple of things I want to point out when configuring your redistribution, as we know from IPv4 EIGRP has no seed metric so it must be added either on the Redistribution statement or by “default-metric # # # # #” in router configuration mode:

R4(config-if)#exit
R4(config)#ipv6 router eigrp 100
R4(config-rtr)#default-metric 1544 10 100 1 1500
R4(config-rtr)#redistribute connected ?
metric     Metric for redistributed routes
route-map  Route map reference
<cr>


R4(config-rtr)#redistribute connected
R4(config-rtr)#

So you can see there is still a metric and route-map available after redistribute command is going, but no subnets again because IPv6 don’t have time for none of that subnet business.

So lets look at R2’s route table:

R2(config-if)#do sh ipv6 route eigrp
IPv6 Routing Table – 8 entries
Codes: C – Connected, L – Local, S – Static, R – RIP, B – BGP
       U – Per-user Static route
       I1 – ISIS L1, I2 – ISIS L2, IA – ISIS interarea, IS – ISIS summary
       O – OSPF intra, OI – OSPF inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2
       ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2
       D – EIGRP, EX – EIGRP external
D   2003::/64 [90/156160]
     via FE80::20F:23FF:FE09:B180, FastEthernet0/0
EX  2004::/64 [170/1662976]
     via FE80::21B:53FF:FE36:F2CC, FastEthernet0/0

R2(config-if)#do ping 2004::1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2004::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/4 ms
R2(config-if)#

You can see still the same AD values for Internal and External, nothing fancy, basically the same as IPv4 with the small 12.x IOS caveat I stumbled upon.

So for redistributed routes, the difference from IPv4 to IPv6 is v4 will show D EX in it’s route table where IPv6 will just show EX in it’s route table for an EIGRP external route.

And that is it, I am going to enjoy the little bit of night I have left, next up will be RIPing!