MadNetworks Technical Blog

Networking Stuff




LISP – IPv6 Transport

Adding IPv6

In this new scenario we take the same topology but we add IPv6 on it and demonstrate how LISP can be used also for IPv6. LISP would obviously work if we were to implement a full dual stack on the core and CEs so what we needs to try there is to transport IPv6 over an IPv4 core using LISP. In a sense, this is a similar technique as 6vpe. So from a topology standpoint, we can represent or scenario like this :

 

Using the loopback0 we were using in the preceding scenarios, we add some IPv6 prefixes on it : On CE1, we add the prefix 2001:1111::/64 :

interface Loopback0
 ip address 1.1.1.1 255.255.255.0
 ipv6 address 2001:1111::1/64
end

On CE2, we add the prefix 2001:2222::/64 :

interface Loopback0
 ip address 2.2.2.2 255.255.255.255
 ipv6 address 2001:2222::2/64
end

Setting up LISP for IPv6 transport

As with IPv4 we must configure the CEs so that the will publish there reachable prefixes to the MSMR. This is no different than IPv4. For CE1 the IPv6 prefix 2001:1111::/64 must be advertised :

CE1#sh run | sec router lisp
router lisp
 loc-reach-algorithm rloc-probing
 database-mapping 1.1.1.1/32 192.168.11.100 priority 20 weight 10
 database-mapping 1.1.1.1/32 192.168.12.100 priority 10 weight 10
 database-mapping 2001:1111::/64 192.168.11.100 priority 10 weight 10
 ipv4 itr map-resolver 100.100.100.100
 ipv4 itr
 ipv4 etr map-server 100.100.100.100 key CISCO
 ipv4 etr
 exit

For CE2 the IPv6 prefix 2001:2222::/64 must be advertised :

CE2#sh run | sec router lisp
router lisp
 loc-reach-algorithm rloc-probing
 database-mapping 2.2.2.2/32 192.168.21.100 priority 10 weight 10
 database-mapping 2001:2222::/64 192.168.21.100 priority 10 weight 10
 ipv4 itr map-resolver 100.100.100.100
 ipv4 itr
 ipv4 etr map-server 100.100.100.100 key CISCO
 ipv4 etr
 exit

The MSMR must also be configured with the mapping to accept register message and reply to map-requests for IPv6 :

MSMR#sh run | s router lisp
router lisp
 site CE1
 authentication-key CISCO
 eid-prefix 1.1.1.1/32
 eid-prefix 2001:1111::/64
 exit
 !
 site CE2
 authentication-key CISCO
 eid-prefix 2.2.2.2/32
 eid-prefix 2001:2222::/64
 exit
<snip>
 ipv4 map-server
 ipv4 map-resolver
 ipv6 map-server
 ipv6 map-resolver
 exit

On CE1 and CE2 the IPv6 ITR and IPv6 ETR functions must be enabled otherwise an error message will appear. We also need to activate to which device we will do the registration and the request (for us this will be one device, the MSMR0 :

CE2#lig self ipv6
% LISP ITR not enabled for AF IPv6
Could not issue any requests, bailing.

The function is configured just like IPv4 :

CE2(config-router-lisp)#ipv6 itr 
CE2(config-router-lisp)#ipv6 etr
CE2(config-router-lisp)#ipv6 etr map-server 100.100.100.100 key CISCO
CE2(config-router-lisp)#ipv6 itr map-resolver 100.100.100.100

Now the lig command can be used to check the state of LISP prefixes :

CE1#lig self ipv6
*Feb 20 09:37:57.439: %LISP-3-NO_MAP_REQUEST_SOURCE: Local map request source address not available for IID 0 IPv6.
***Did not receive*** mapping information for EID 2001:1111::
Displaying information already present in cache:
::/0, uptime: 00:11:58, expires: never, via static send map-request
 Negative cache entry, action: send-map-request

Now one error message appear, the lig command is telling us that we haven’t received any map information from the MSMR for the IPv6 prefix. So let’s check on the MSMR if the registration is ok which would mean that CE1 is correctly configured as and xTR :

MSMR#sh lisp site name CE1
Site name: CE1
Allowed configured locators: any
Allowed EID-prefixes:
  EID-prefix: 1.1.1.1/32 
    First registered:     00:30:05
    Routing table tag:    0
    Origin:               Configuration
    Merge active:         No
    Proxy reply:          No
    TTL:                  1d00h
    State:                complete
    Registration errors:  
      Authentication failures:   0
      Allowed locators mismatch: 0
    ETR 192.168.11.100, last registered 00:00:19, no proxy-reply, map-notify
                        TTL 1d00h, no merge, hash-function sha1, nonce 0xEE0BCBCA-0xE596A907
                        state complete, no security-capability
                        xTR-ID 0xED06DEE4-0x4FFA7CB8-0x3E7B3035-0x394CC596
                        site-ID unspecified
      Locator         Local  State      Pri/Wgt  Scope
      192.168.11.100  yes    up          20/10   IPv4 none
      192.168.12.100  yes    up          10/10   IPv4 none
  EID-prefix: 2001:1111::/64 
    First registered:     00:01:28
    Routing table tag:    0
    Origin:               Configuration
    Merge active:         No
    Proxy reply:          No
    TTL:                  1d00h
    State:                complete
    Registration errors:  
      Authentication failures:   0
      Allowed locators mismatch: 0
    ETR 192.168.11.100, last registered 00:00:29, no proxy-reply, map-notify
                        TTL 1d00h, no merge, hash-function sha1, nonce 0x2E99F51B-0xA2D1FCB4
                        state complete, no security-capability
                        xTR-ID 0xED06DEE4-0x4FFA7CB8-0x3E7B3035-0x394CC596
                        site-ID unspecified
      Locator         Local  State      Pri/Wgt  Scope
      192.168.11.100  yes    up          10/10   IPv4 none

The error is due to one single mistake… We have to enable IPv6 unicast-routing :

CE1(config)#ipv6 unicast-routing
CE1(config)#exit
CE1#lig self ipv6
Mapping information for EID 2001:1111:: from 192.168.11.100 with RTT 11 msecs
2001:1111::/64, uptime: 00:00:05, expires: 23:59:59, via map-reply, self, complete
 Locator Uptime State Pri/Wgt
 192.168.11.100 00:00:00 up, self 10/10

Now we can ping the remote IPv6 prefix :

CE1#ping 2001:2222::2 so lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:2222::2, timeout is 2 seconds:
Packet sent with a source address of 2001:1111::1
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 4/10/14 ms

And now LISP encapsulates IPv6 to transport it across and IPv4 only network !

Leave a Reply

Your email address will not be published. Required fields are marked *